Can't seem to disable STARTTLS in Fedora sendmail
Wayne Johnson
wdtj at yahoo.com
Fri Jan 30 21:19:39 UTC 2004
Thanks for the response.
Unfortunately, this problem occurs on all local users, not just root, and
I don't believe their exposed. It does not occur on our internal users
for whom we're acting as a relay.
--- Alexander Dalloz <alexander.dalloz at uni-bielefeld.de> wrote:
> Am Fr, den 30.01.2004 schrieb Wayne Johnson um 20:32:
> > We have a new Fedora system that is suppose to send it's mail (using
> > sendmail, no flames PLEASE!), to smtp.comcast.net. When we attempt
> to
> > send it from a local account, we get an error back that the user is
> > invalid. Strange, but it works find for mail being relayed from/for
> > other windows machines.
> >
> > The maillog shows:
> > Jan 26 22:35:18 heritage1 sendmail[31926]: STARTTLS=client,
> > relay=smtp.comcast.net., version=TLSv1/SSLv3, verify=FAIL,
> > cipher=RC4-SHA,
> > bits=128/128
> > Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> > to=<wdtj at yahoo.com>, ctladdr=<root at heritage1.heritageweb.org> (0/0),
> > delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30342,
> > relay=smtp.comcast.net. [63.240.76.27], dsn=5.1.1, stat=User unknown
> > Jan 26 22:35:18 heritage1 sendmail[31926]: i0R4ZH6U031924:
> > i0R4ZI6U031926:
> > DSN: User unknown
> >
> > OK, so we're attempting to connect to comcast with TLS and we don't
> have
> > a
> > certificate. I've tried to turn off TLS with several different
> methods
> > (Srv_Features: V in access, define(`confTLS_SRV_OPTIONS', `V') in
> > sendmail.mc, etc.), but sendmail continues to attempt TLS.
> >
> > How do I turn TLS off!
> >
> > TIA,
>
> It's no TLS issue! TLS handshaking between the MTA works and is used by
> default. There is no problem with it and does not require a verified
> certificate validation.
>
> Your problem is, that you send mail as user root - which is an exposed
> user! - from your sendmail host. This way it is not maqueraded as mail
> is which is sent from relayed sender hosts.
>
> Alexander
>
>
=====
---
Wayne Johnson, | There are two kinds of people: Those
3943 Penn Ave. N. | who say to God, "Thy will be done,"
Minneapolis, MN 55412-1908 | and those to whom God says, "All right,
(612) 522-7003 | then, have it your way." --C.S. Lewis
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
More information about the fedora-list
mailing list