Using sendmail as a client with auth
Trond Endrestøl
Trond.Endrestol at fagskolen.gjovik.no
Tue Feb 14 10:40:20 UTC 2012
On Tue, 14 Feb 2012 11:11+0100, Bernt Hansson wrote:
> On 2012-02-14 10:43, Trond Endrestøl wrote:
> > On Tue, 14 Feb 2012 10:04+0100, Bernt Hansson wrote:
> >
> > > On 2012-02-14 08:02, Josh Tolbert wrote:
> > > > On 2/13/2012 11:12 PM, Bernt Hansson wrote:
> > > > >
> > > > > Thank you for your answer.
> > > > >
> > > >
> > > > I wrote this ages ago and it's still valid. You can ignore the IMAP
> > > > stuff if you like. :)
> > >
> > > Well, no cigar for me.
> > >
> > > I'm leaning at this line.
> > > And I think it is somehow involed in all this "mess"
> > >
> > > sm-mta[37453]: STARTTLS=client, relay=smtp.isp.com., version=TLSv1/SSLv3,
> > > verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
> >
> > I'm sorry for jumping into this thread,
>
> Don't be sorry for that.
>
> > but verify=FAIL is expected
> > unless you have your ISP's certificate chain stored in the appropriate
> > directory with the appropriate file names.
>
> I do not have a certificate from the isp.
>
> My tought was more in line of MY sendmail is sending
> starttls first thing before auth login.
Actually, this makes sense. It seems appropriate to establish an
encrypted connection before sending the username and password.
A parallel would be SSH.
At the same time the use of SSL/TLS makes it harder to debug what's
going on.
> Then postfix gets confused.
It sounds strange, but there's a slight chance something is odd at the
ISP's end.
> Possible scenario?
I don't have any more input at the moment. The next step would be to
establish a dialog with your ISP and persua^Wask them to investigate
the matter further.
> > /etc/ssl/certs would be a
> > good place to store the certificates.
> >
> > A command like this one can be used to generate the "hashed" file
> > names:
> >
> > ln -s certfile `openssl x509 -noout -hash< certfile`.0
> >
> > > Any idea about that? The isp does support STARTTLS.
> > >
> > > telnet smtp.isp.com 25
> > > Trying x.x.x.x...
> > > Connected to smtp.isp.com.
> > > Escape character is '^]'.
> > > 220 smtp.isp.com ESMTP Postfix (Ubuntu)
> > > ehlo localhost
> > > 250-smtp.isp.com
> > > 250-PIPELINING
> > > 250-SIZE 102400000
> > > 250-VRFY
> > > 250-ETRN
> > > 250-STARTTLS
> > > 250-AUTH PLAIN LOGIN
> > > 250-AUTH=PLAIN LOGIN
> > > 250-ENHANCEDSTATUSCODES
> > > 250-8BITMIME
> > > 250 DSN
> > > starttls
> > > 220 2.0.0 Ready to start TLS
> > >
> > > > http://www.puresimplicity.net/~hemi/freebsd/sendmail.html
> > >
> > > That is a good site. Learnt me how to build sendmail at least.
--
+-------------------------------+------------------------------------+
| Vennlig hilsen, | Best regards, |
| Trond Endrestøl, | Trond Endrestøl, |
| IT-ansvarlig, | System administrator, |
| Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
| tlf. dir. 61 14 54 39, | Office.....: +47 61 14 54 39, |
| tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
| sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
+-------------------------------+------------------------------------+
More information about the freebsd-questions
mailing list