MUA's time out - Sendmail + SASL2 : "no shared cipher" and more...

Kevin D. Kinsey, DaleCo, S.P. kdk at daleco.biz
Mon Dec 22 10:41:38 PST 2003


Don't know if anyone can or wants to help, I've
scanned a lot of search results and followed
3 different "how to's" (starting with the Handbook)
and though I'm closer, perhaps, I'm still not there.

I need an SSL-capable POP3 and SMTP as our
needs expand.  POP3 I've accomplished with
imap-uw; Sendmail has been some trouble
for 3 days now, and at least one client is really
needing to be able to send with M$ OE ASAP....

Both OE and the Mozilla mail client (and Mutt *on*
the server, last I checked) are timing out attempting
to use "SMTP Auth".  With Sendmail set to "LogLevel=25",
here's a snippet of where I *think* the problem lies...

----------------------------------------------------------------------------------------
Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212:
                --- 451 0.131.27.69.rel....osirusoft.com.: Name server 
timeout
Dec 22 12:20:51 ezekiel sm-mta[94212]: AUTH: available mech=NTLM
                LOGIN ANONYMOUS PLAIN OTP DIGEST-MD5 CRAM-MD5, allowed 
mech=PLAIN LOGIN
Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212: Milter: no active 
filter
Dec 22 12:20:51 ezekiel sm-mta[94212]: STARTTLS=server,
                error: accept failed=-1, SSL_error=1, timedout=0, errno=0
Dec 22 12:20:51 ezekiel sm-mta[94212]: STARTTLS=server: 
94212:error:1408A0C1:SSL
                 routines:SSL3_GET_CLIENT_HELLO:no shared  
cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:886:
Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212: [66.27.130.10]
                    did not issue MAIL/EXPN/VRFY/ETRN during connection 
to TLSMTA
Dec 22 12:21:02 ezekiel sm-mta[94238]: NOQUEUE: connect from [66.27.130.10]
Dec 22 12:22:08 ezekiel sm-mta[94238]: hBMIL2ka094238: ---
                    451 0.131.27.69.bl.spamcop.net.: Name server timeout
Dec 22 12:24:30 ezekiel sm-mta[94224]: hBMIJVka094224: ---
                    451 119.204.136.216....osirusoft.com.: Name server 
timeout
--------------------------------------------------------------------------------------------
There are a few curiosities here in my mind, (Milter (?) and timeouts
looking for the spamcop NS's, but the issue seems most likely to
be the SSL error ("accept failed=-1" and "no shared cipher".

What have I misconfigured?  I've tried all possible combinations of
checkboxes on the clients ... at least I think so.  They just hang forever;
OE during the "securing" phase.  If someone knows the incantations
I don't know for Sendmail, I'd appreciate a look at your spell book....

Kevin Kinsey
DaleCo, S.P.



More information about the freebsd-questions mailing list