Can't seem to disable STARTTLS in Fedora sendmail

Rick Stevens rstevens at vitalstream.com
Fri Jan 30 21:19:23 UTC 2004 

Alexander Dalloz wrote:
> Am Fr, den 30.01.2004 schrieb Rick Stevens um 21:40:
> 
>>Adam Lanier wrote:
>>
>>>On Fri, 30 Jan 2004 11:32:19 -0800 (PST), Wayne Johnson <wdtj at yahoo.com> 
>>>wrote:
>>>
>>>
>>>>We have a new Fedora system that is suppose to send it's mail (using
>>>>sendmail, no flames PLEASE!), to smtp.comcast.net.  When we attempt to
>>>>send it from a local account, we get an error back that the user is
>>>>invalid.  Strange, but it works find for mail being relayed from/for
>>>>other windows machines.
>>>
>>>[snip]
>>>
>>>
>>>>il.mc, etc.), but sendmail continues to attempt TLS.
>>>>
>>>>How do I turn TLS off!
>>>
>>>
>>>This is probably a question better suited to a sendmail mailing 
>>>list/newsgroup but...
>>>
>>>The sendmail book lists the following mc file directives that relate to 
>>>starttls:
>>>
>>>define(`CERT_DIR', `/etc/mail/certs')
>>>define(`confCACERT_PATH', `CERT_DIR')
>>>define(`confCACERT', `CERT_DIR`'/cacert.pem')
>>>define(`confSERVER_CERT', `CERT_DIR`'/client.cert.pem')
>>>define(`confSERVER_KEY', `CERT_DIR`'/client.key.pem')
>>>define(`confCLIENT_CERT', `CERT_DIR`'/client.cert.pem')
>>>define(`confCLIENT_KEY', `CERT_DIR`'/client.key.pem')
>>>
>>>If any of these are in your sendmail.mc, remove them (or rem them out), 
>>>rebuild the sendmail.cf file (with the command: m4 sendmail.mc > 
>>>sendmail.cf) and restart sendmail.
>>
>>Another way is to edit the current sendmail.cf file and make sure
>>this line is in it and uncommented:
>>
>>	O TLSSrvOptions=V
>>
>>This tells sendmail to NOT request the client's certificate.  Note that
>>this option is not safe and is only present in sendmail V8.12.x.
> 
> 
> Really a bad idea to edit the sendmail.cf directly. Each service restart
> will delete such a manual direct setting in the .cf file! And editing
> the sendmai.cf directly often causes errors. Even the OP did set that
> with define(`confTLS_SRV_OPTIONS', `V') in the sendmail.mc file.

Yeah, you're right.  I hate that.  I've disabled it in my startups.  I
use many custom rules that aren't part of the standard m4 stuff and I
have no desire to learn m4 to put them in.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         C program run. C program crash. C programmer quit.         -
----------------------------------------------------------------------

More information about the fedora-list mailing list