Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Mar 2001 10:24:30 -0500 (EST)
From:      Chet Hosey <chosey@nidhog.com>
To:        <freebsd-isp@freebsd.org>
Subject:   RE: Sendmail+STARTTLS
Message-ID:  <Pine.BSF.4.31.0103200954120.69748-100000@web1.nidhog.com>
In-Reply-To: <00f901c0b0e7$c078f3a0$3a7c39d1@mark2000>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for your response! It seems, unfortunately, that I was not quite
successful in accurately describing the problem which is occurring.

I am trying to send mail to a server which reports itself as Microsoft
Exchange, version 5.5.2650.21, using sendmail 8.11.3 under FreeBSD
4.2-STABLE, updated via cvsup and rebuilt last Thursday evening.

I have no auth-info file; sendmail.cf includes:

# list of authentication mechanisms
#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info

# SMTP AUTH flags
O AuthOptions=A



# CA directory
#O CACERTPath
# CA file
#O CACERTFile
# Server Cert
#O ServerCertFile
# Server private key
#O ServerKeyFile
# Client Cert
#O ClientCertFile
# Client private key
#O ClientKeyFile
# DHParameters (only required if DSA/DH is used)
#O DHParameters
# Random data source (required for systems without /dev/urandom under OpenSSL)
#O RandFile


pasta# sendmail -q -v

Running /var/spool/mqueue/f2GLJ3i91640 (sequence 1 of 1)
<user@bc.pitt.edu>... Connecting to bcmail.bc.pitt.edu. via esmtp...
220 bcmail.bc.pitt.edu ESMTP Server (Microsoft Exchange Internet Mail
Service 5.5.2650.21) ready
>>> EHLO pasta.mydomain.com
250-bcmail.bc.pitt.edu Hello [pasta.mydomain.com]
250-XEXCH50
250-HELP
250-ETRN
250-DSN
250-SIZE 0
250-AUTH LOGIN
250-AUTH=LOGIN
250-STARTTLS
250 TLS
>>> STARTTLS
220 Go ahead
<user@bc.pitt.edu>... Deferred: 403 4.7.0 <user@bc.pitt.edu>...
TLS handshake failed.
Closing connection to bcmail.bc.pitt.edu.


We have a key and a certificate from Thawte, which I tried to specify as
ClientKeyFile and ClientCert. This did not help.


Sendmail does not offer STARTTLS in response to EHLO.


I would gladly offer more configuration information as necessary.

________________________________________________________________________

Chet Hosey
<chosey@nidhog.com>
________________________________________________________________________

On Mon, 19 Mar 2001, Mark Radabaugh - Amplex wrote:

> I think I know what you are refering to...
>
> add:
>
> define(`confAUTH_OPTIONS', `A')
>
> to your sendmail.mc file and recreate sendmail.mc.
>
> Seems to me I also deleted mail-auth-info (not sure on this
> one.. try it and see if it does what you want).
>
> Seems to make it happier with Exchange.
>
> Mark Radabaugh
> Amplex
> (419) 833-3635
>
>
> > -----Original Message-----
> > From: owner-freebsd-isp@FreeBSD.ORG
> > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Chet Hosey
> > Sent: Monday, March 19, 2001 9:28 PM
> > To: freebsd-isp@FreeBSD.ORG
> > Subject: Sendmail+STARTTLS
> >
> >
> > Has anyone successfully used sendmail with TLS? I'm being denied by an
> > Exchange server, since sendmail will automatically try to use
> > TLS if the
> > server offers it, even if sendmail has not been given
> > certificates, etc.
> >
> > Is it possible, without a recompile, to prevent sendmail from using
> > STARTTLS when acting as a client?
> >
> >
> > Incidentally, I'm a recently converted long-time Linux admin.
> > While I am
> > generally impressed with the quality of FreeBSD vs. the hackish Linux
> > environment, I am disappointed that a feature which, when
> > misconfigured,
> > could severely limit interoperability would be enabled by
> > default and yet
> > remain so poorly documented. That this might be the case is
> > one of the few
> > things that darkens my view of an otherwise impressive OS. Is there a
> > place to which one wanting to stay in the know might look for help?
> >
> > I dislike the thought of interrupted service, especially if I
> > might have
> > overlooked an obvious source of information.
> >
> > Thanks in advance for any help you might provide.
> >
> > ______________________________________________________________
> > __________
> >
> > Chet Hosey
> > <chosey@nidhog.com>
> > ______________________________________________________________
> > __________
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the message
> >
>
>
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0103200954120.69748-100000>