Date: Sat, 02 Jul 2005 13:50:55 -0400 From: Chuck Swiger <cswiger@mac.com> To: Dick Hoogendijk <dick@nagual.st> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: starttls sendmail Message-ID: <42C6D3FF.6040400@mac.com> In-Reply-To: <20050702122208.GA24878@lothlorien.nagual.st> References: <20050702122208.GA24878@lothlorien.nagual.st>
next in thread | previous in thread | raw e-mail | index | archive | help
Dick Hoogendijk wrote:
> I'm used to using courier. That mailer can be started as courier-tls or
> without tls.
>
> On another machine (fbsd-5.4R) my sendmail _always_ tries to connect
> using starttls. This fails because I have no pem files.
>
> Is there an easy way of disabling sendmails TLS connections?
> Or is this not wanted?
If one side advertises STARTTLS, the other MTA will try to use it. If your
Courier install does not have certs/pem files set up, tell Courier not to
advertise STARTTLS in the SMTP greeting. However, as a workaround, you can
also add something like this to your /etc/mail/access map (from cf/README):
Disabling STARTTLS And Setting SMTP Server Features
---------------------------------------------------
By default STARTTLS is used whenever possible. However, there are
some broken MTAs that don't properly implement STARTTLS. To be able
to send to (or receive from) those MTAs, the ruleset try_tls
(srv_features) can be used that work together with the access map.
Entries for the access map must be tagged with Try_TLS (Srv_Features)
and refer to the hostname or IP address of the connecting system.
A default case can be specified by using just the tag. For example,
the following entries in the access map:
Try_TLS:broken.server NO
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42C6D3FF.6040400>