From owner-freebsd-isp Tue Mar 20 7:27:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web1.nidhog.com (web1.nidhog.com [192.204.160.129]) by hub.freebsd.org (Postfix) with ESMTP id 5CBAA37B71E for ; Tue, 20 Mar 2001 07:27:24 -0800 (PST) (envelope-from chosey@web1.nidhog.com) Received: from localhost (chosey@localhost) by web1.nidhog.com (8.11.3/8.11.3) with ESMTP id f2KFOUj71047 for ; Tue, 20 Mar 2001 10:24:30 -0500 (EST) (envelope-from chosey@web1.nidhog.com) X-Authentication-Warning: web1.nidhog.com: chosey owned process doing -bs Date: Tue, 20 Mar 2001 10:24:30 -0500 (EST) From: Chet Hosey To: Subject: RE: Sendmail+STARTTLS In-Reply-To: <00f901c0b0e7$c078f3a0$3a7c39d1@mark2000> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for your response! It seems, unfortunately, that I was not quite successful in accurately describing the problem which is occurring. I am trying to send mail to a server which reports itself as Microsoft Exchange, version 5.5.2650.21, using sendmail 8.11.3 under FreeBSD 4.2-STABLE, updated via cvsup and rebuilt last Thursday evening. I have no auth-info file; sendmail.cf includes: # list of authentication mechanisms #O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 # default authentication information for outgoing connections #O DefaultAuthInfo=/etc/mail/default-auth-info # SMTP AUTH flags O AuthOptions=A # CA directory #O CACERTPath # CA file #O CACERTFile # Server Cert #O ServerCertFile # Server private key #O ServerKeyFile # Client Cert #O ClientCertFile # Client private key #O ClientKeyFile # DHParameters (only required if DSA/DH is used) #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile pasta# sendmail -q -v Running /var/spool/mqueue/f2GLJ3i91640 (sequence 1 of 1) ... Connecting to bcmail.bc.pitt.edu. via esmtp... 220 bcmail.bc.pitt.edu ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2650.21) ready >>> EHLO pasta.mydomain.com 250-bcmail.bc.pitt.edu Hello [pasta.mydomain.com] 250-XEXCH50 250-HELP 250-ETRN 250-DSN 250-SIZE 0 250-AUTH LOGIN 250-AUTH=LOGIN 250-STARTTLS 250 TLS >>> STARTTLS 220 Go ahead ... Deferred: 403 4.7.0 ... TLS handshake failed. Closing connection to bcmail.bc.pitt.edu. We have a key and a certificate from Thawte, which I tried to specify as ClientKeyFile and ClientCert. This did not help. Sendmail does not offer STARTTLS in response to EHLO. I would gladly offer more configuration information as necessary. ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Mon, 19 Mar 2001, Mark Radabaugh - Amplex wrote: > I think I know what you are refering to... > > add: > > define(`confAUTH_OPTIONS', `A') > > to your sendmail.mc file and recreate sendmail.mc. > > Seems to me I also deleted mail-auth-info (not sure on this > one.. try it and see if it does what you want). > > Seems to make it happier with Exchange. > > Mark Radabaugh > Amplex > (419) 833-3635 > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Chet Hosey > > Sent: Monday, March 19, 2001 9:28 PM > > To: freebsd-isp@FreeBSD.ORG > > Subject: Sendmail+STARTTLS > > > > > > Has anyone successfully used sendmail with TLS? I'm being denied by an > > Exchange server, since sendmail will automatically try to use > > TLS if the > > server offers it, even if sendmail has not been given > > certificates, etc. > > > > Is it possible, without a recompile, to prevent sendmail from using > > STARTTLS when acting as a client? > > > > > > Incidentally, I'm a recently converted long-time Linux admin. > > While I am > > generally impressed with the quality of FreeBSD vs. the hackish Linux > > environment, I am disappointed that a feature which, when > > misconfigured, > > could severely limit interoperability would be enabled by > > default and yet > > remain so poorly documented. That this might be the case is > > one of the few > > things that darkens my view of an otherwise impressive OS. Is there a > > place to which one wanting to stay in the know might look for help? > > > > I dislike the thought of interrupted service, especially if I > > might have > > overlooked an obvious source of information. > > > > Thanks in advance for any help you might provide. > > > > ______________________________________________________________ > > __________ > > > > Chet Hosey > > > > ______________________________________________________________ > > __________ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message