From owner-freebsd-questions@FreeBSD.ORG Sat Jul 2 17:51:01 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9477116A41C for ; Sat, 2 Jul 2005 17:51:01 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3320D43D49 for ; Sat, 2 Jul 2005 17:51:01 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 54B785FB5; Sat, 2 Jul 2005 13:51:00 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 65821-05; Sat, 2 Jul 2005 13:50:50 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-54-113.ny325.east.verizon.net [68.161.54.113]) by pi.codefab.com (Postfix) with ESMTP id 390755D10; Sat, 2 Jul 2005 13:50:50 -0400 (EDT) Message-ID: <42C6D3FF.6040400@mac.com> Date: Sat, 02 Jul 2005 13:50:55 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Dick Hoogendijk References: <20050702122208.GA24878@lothlorien.nagual.st> In-Reply-To: <20050702122208.GA24878@lothlorien.nagual.st> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions Subject: Re: starttls sendmail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2005 17:51:01 -0000 Dick Hoogendijk wrote: > I'm used to using courier. That mailer can be started as courier-tls or > without tls. > > On another machine (fbsd-5.4R) my sendmail _always_ tries to connect > using starttls. This fails because I have no pem files. > > Is there an easy way of disabling sendmails TLS connections? > Or is this not wanted? If one side advertises STARTTLS, the other MTA will try to use it. If your Courier install does not have certs/pem files set up, tell Courier not to advertise STARTTLS in the SMTP greeting. However, as a workaround, you can also add something like this to your /etc/mail/access map (from cf/README): Disabling STARTTLS And Setting SMTP Server Features --------------------------------------------------- By default STARTTLS is used whenever possible. However, there are some broken MTAs that don't properly implement STARTTLS. To be able to send to (or receive from) those MTAs, the ruleset try_tls (srv_features) can be used that work together with the access map. Entries for the access map must be tagged with Try_TLS (Srv_Features) and refer to the hostname or IP address of the connecting system. A default case can be specified by using just the tag. For example, the following entries in the access map: Try_TLS:broken.server NO -- -Chuck