Date: Sat, 21 Oct 2023 05:14:09 +0200 From: Polytropon <freebsd@edvax.de> To: William Dudley <wfdudley@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: sendmail with TLS Message-ID: <20231021051409.6a06f084.freebsd@edvax.de> In-Reply-To: <CAFsnNZ%2Btmt43TXq3ieegi5di2S2A5maW_hRzzidzD2n3fmJP5Q@mail.gmail.com> References: <CAFsnNZ%2Btmt43TXq3ieegi5di2S2A5maW_hRzzidzD2n3fmJP5Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Oct 2023 18:55:56 -0400, William Dudley wrote: > I'm running FreeBSD 13.2 on i386 on my mail server. > > Some time ago, I built sendmail from ports because "stock" sendmail > didn't support TLS (apologies if I have the wrong terminology). Your termini technici are correct. :-) > Is it still true that stock sendmail doesn't support TLS? In other words, > must I continue to build sendmail from ports if I want START_TLS etc. > to work? Why "still"? The default sendmail configuration (as brought by the OS installation) does not include TLS capabilities, but the software itself does, and it does so because the underlying SSL libraries offer it (so it's not directly part of sendmail itself, rather a "library call"). Check your sendmail build options first: # sendmail -d0.1 -bt < /dev/null It should contain STARTTLS, TLS_EC, TLS_VRFY_PER_CTX. It might be possible that you need more stuff, such as SASL. In this case, you need to recompile system sendmail (from /usr/src, with the appropriate options). Check https://docs.freebsd.org/en/books/handbook/mail/#SMTP-Auth In worst case, use Wireshark to determine TLS problems, such as "version too low" or "requires additional auth". Also check your OpenSSL configuration (libssl affected). Determine the actual problem. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20231021051409.6a06f084.freebsd>