Automatic email relay agent?

Alexander Dalloz ad+lists at
Thu Dec 1 20:22:57 UTC 2005

Am Do, den 01.12.2005 schrieb Hongwei Li um 20:45:

> >> Dec  1 10:07:52 morpheus sendmail[26602]: AUTH: available mech=CRAM-MD5
> >> DIGEST-MD5, allowed mech=LOGIN PLAIN
> >
> > That does not look correct. The both MD5 mechs shouldn't been listed due
> > to your configuration.
> -- where sohuld I change?  I checked, but could not find which
> line to change.

No, your changes were correct, following the tutorial on the
website I gave you the URL of. At least if you didn't just append the
settings at the bottom but made the changes inline, where you found
commented entries.

> Below is what I did and got.
> # telnet 25 Trying
> Connected to ( Escape character is '^]'.
> 220 ESMTP Sendmail 8.13.1/8.13.1; Thu, 1 Dec 2005 11:38:28
> -0600
> ehlo
> Hello [], pleased to
> meet you
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250 HELP
> quit
> 221 2.0.0 closing connection
> Connection closed by foreign host.

That is exactly what is to be expected: STARTTLS is offered, but no AUTH
- just because you told Sendmail to only offer LOGIN and PLAIN AUTH
mechs when the connection is safe (=encrypted).

> # openssl s_client -connect -starttls smtp
> CONNECTED(00000003)

[ certificate data stripped ]

> Verify return code: 18 (self signed certificate)
> ---
> 220 ESMTP Sendmail 8.13.1/8.13.1; Thu, 1 Dec 2005 11:41:29
> -0600

Good up to this point. The STARTTLS session was successfully established
and Sendmail greats you.

> ehlo
> Hello [], pleased to
> meet you
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN

Now with the encrypted connection Sendmail allows you to AUTH using
either LOGIN or PLAIN.

> 250 HELP
> quit
> 221 2.0.0 closing connection
> closed
> #
> I cleaned SSL cache, cookies, etc. restart Outlook / OE, test it on 3
> different computers, still got the same error.
> Also, when I try OE, the error message is:
> Unable to establish SSL connection with the server. Account "morpheus",
> Server: "', Protocol: SMTP, Server Response: '454 TLS not
> available due to temporary reason', Port: 25, Secure(SSL): Yes, Server Error:
> 454, Error Number: 0x800CCC7F

I would be it is a client problem. To evaluate simply go on with testing
where you stopped.

> Hongwei

When you made the hand established TLS connection and then entered "EHLO", go on and AUTH yourself. To do this you need to base64 encode
your username and password. You can do this with a Perl 1-liner:

perl -MMIME::Base64 -e 'print encode_base64("user\0user\0password");'

That will print out a string which you have to enter following way
(after initial EHLO):


That must be answered by Sendmail with a authentication success message.
If you hand auth using LOGIN, you enter "AUTH LOGIN", will get back a
base64 string which decodes as the question which user shall auth, you
enter the base64 encoded username, then Sendmail will ask in base64 form
for your password, which you have to enter too in base64 encoding.
Finally a success message must follow.

I am sure these test will be successful as the initial test trying to
establish a STARTTLS session already was successful. So your problem is
client based. Check for firewalling and anti-virus scanners (outbound
mail scanning), as I told you before. The issue (especially Norton's
thing) is well known and an ongoing pain. You will find many hits and
references to this through google. I.e.

If you face other cryptic OE error codes, use google too or directly go


Alexander Dalloz | Enger, Germany | GPG 0xB366A773
legal statement:
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 21:03:53 up 33 days, 19:04, load average: 0.15, 0.23, 0.25 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <>

More information about the fedora-list mailing list