Can't seem to disable STARTTLS in Fedora sendmail
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Jan 30 20:36:34 UTC 2004
Am Fr, den 30.01.2004 schrieb Wayne Johnson um 20:32:
> We have a new Fedora system that is suppose to send it's mail (using
> sendmail, no flames PLEASE!), to smtp.comcast.net. When we attempt to
> send it from a local account, we get an error back that the user is
> invalid. Strange, but it works find for mail being relayed from/for
> other windows machines.
>
> The maillog shows:
> Jan 26 22:35:18 heritage1 sendmail[31926]: STARTTLS=client,
> relay=smtp.comcast.net., version=TLSv1/SSLv3, verify=FAIL,
> cipher=RC4-SHA,
> bits=128/128
> Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> to=<wdtj at yahoo.com>, ctladdr=<root at heritage1.heritageweb.org> (0/0),
> delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30342,
> relay=smtp.comcast.net. [63.240.76.27], dsn=5.1.1, stat=User unknown
> Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> i0R4ZI6U031926:
> DSN: User unknown
>
> OK, so we're attempting to connect to comcast with TLS and we don't have
> a
> certificate. I've tried to turn off TLS with several different methods
> (Srv_Features: V in access, define(`confTLS_SRV_OPTIONS', `V') in
> sendmail.mc, etc.), but sendmail continues to attempt TLS.
>
> How do I turn TLS off!
>
> TIA,
It's no TLS issue! TLS handshaking between the MTA works and is used by
default. There is no problem with it and does not require a verified
certificate validation.
Your problem is, that you send mail as user root - which is an exposed
user! - from your sendmail host. This way it is not maqueraded as mail
is which is sent from relayed sender hosts.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 21:32:53 up 3:48, 7 users, 3.75, 2.11, 0.86
[ Γνωθι σ'αυτον - gnothi seauton ]
More information about the fedora-list
mailing list