Can't seem to disable STARTTLS in Fedora sendmail

[Alexander Dalloz]

Am Fr, den 30.01.2004 schrieb Wayne Johnson um 20:32:
> We have a new Fedora system that is suppose to send it's mail (using
> sendmail, no flames PLEASE!), to smtp.comcast.net.  When we attempt to
> send it from a local account, we get an error back that the user is
> invalid.  Strange, but it works find for mail being relayed from/for
> other windows machines.  
> 
> The maillog shows:
> Jan 26 22:35:18 heritage1 sendmail[31926]: STARTTLS=client,
> relay=smtp.comcast.net., version=TLSv1/SSLv3, verify=FAIL,
> cipher=RC4-SHA,
> bits=128/128
> Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> to=<wdtj at yahoo.com>, ctladdr=<root at heritage1.heritageweb.org> (0/0),
> delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30342,
> relay=smtp.comcast.net. [63.240.76.27], dsn=5.1.1, stat=User unknown
> Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> i0R4ZI6U031926:
> DSN: User unknown
> 
> OK, so we're attempting to connect to comcast with TLS and we don't have
> a
> certificate.  I've tried to turn off TLS with several different methods
> (Srv_Features: V in access, define(`confTLS_SRV_OPTIONS', `V') in
> sendmail.mc, etc.), but sendmail continues to attempt TLS.
> 
> How do I turn TLS off!
> 
> TIA,

It's no TLS issue! TLS handshaking between the MTA works and is used by
default. There is no problem with it and does not require a verified
certificate validation.

Your problem is, that you send mail as user root - which is an exposed
user! - from your sendmail host. This way it is not maqueraded as mail
is which is sent from relayed sender hosts.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2149.nptl
Sirendipity 21:32:53 up 3:48, 7 users, 3.75, 2.11, 0.86 
                   [ Γνωθι σ'αυτον - gnothi seauton ]