Can't seem to disable STARTTLS in Fedora sendmail
Rick Stevens
rstevens at vitalstream.com
Fri Jan 30 21:19:23 UTC 2004
Alexander Dalloz wrote:
> Am Fr, den 30.01.2004 schrieb Rick Stevens um 21:40:
>
>>Adam Lanier wrote:
>>
>>>On Fri, 30 Jan 2004 11:32:19 -0800 (PST), Wayne Johnson <wdtj at yahoo.com>
>>>wrote:
>>>
>>>
>>>>We have a new Fedora system that is suppose to send it's mail (using
>>>>sendmail, no flames PLEASE!), to smtp.comcast.net. When we attempt to
>>>>send it from a local account, we get an error back that the user is
>>>>invalid. Strange, but it works find for mail being relayed from/for
>>>>other windows machines.
>>>
>>>[snip]
>>>
>>>
>>>>il.mc, etc.), but sendmail continues to attempt TLS.
>>>>
>>>>How do I turn TLS off!
>>>
>>>
>>>This is probably a question better suited to a sendmail mailing
>>>list/newsgroup but...
>>>
>>>The sendmail book lists the following mc file directives that relate to
>>>starttls:
>>>
>>>define(`CERT_DIR', `/etc/mail/certs')
>>>define(`confCACERT_PATH', `CERT_DIR')
>>>define(`confCACERT', `CERT_DIR`'/cacert.pem')
>>>define(`confSERVER_CERT', `CERT_DIR`'/client.cert.pem')
>>>define(`confSERVER_KEY', `CERT_DIR`'/client.key.pem')
>>>define(`confCLIENT_CERT', `CERT_DIR`'/client.cert.pem')
>>>define(`confCLIENT_KEY', `CERT_DIR`'/client.key.pem')
>>>
>>>If any of these are in your sendmail.mc, remove them (or rem them out),
>>>rebuild the sendmail.cf file (with the command: m4 sendmail.mc >
>>>sendmail.cf) and restart sendmail.
>>
>>Another way is to edit the current sendmail.cf file and make sure
>>this line is in it and uncommented:
>>
>> O TLSSrvOptions=V
>>
>>This tells sendmail to NOT request the client's certificate. Note that
>>this option is not safe and is only present in sendmail V8.12.x.
>
>
> Really a bad idea to edit the sendmail.cf directly. Each service restart
> will delete such a manual direct setting in the .cf file! And editing
> the sendmai.cf directly often causes errors. Even the OP did set that
> with define(`confTLS_SRV_OPTIONS', `V') in the sendmail.mc file.
Yeah, you're right. I hate that. I've disabled it in my startups. I
use many custom rules that aren't part of the standard m4 stuff and I
have no desire to learn m4 to put them in.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- C program run. C program crash. C programmer quit. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list