how do I get STARTTLS working with sendmail on FreeBSD 10.3 ?

Jim Ohlstein jim at
Thu Mar 23 15:32:40 UTC 2017


On 3/23/17 11:05 AM, Arthur Chance wrote:
> On 23/03/2017 13:39, Jim Ohlstein wrote:
>> Hello,
>> On 3/23/17 8:21 AM, Arthur Chance wrote:
>>> On 23/03/2017 03:25, Jim Ohlstein wrote:
>>>> Your entire question is ridiculous since Sendmail will never be
>>>> useful for retrieving email from a remote server. Ever. To do that
>>>> you need a POP/IMAP server. That was my point. Still is.
>>> If you'd been paying attention you'd have noticed lines in his mail like
>>>> telnet localhost 25
>>> which is rather a clue that he's talking about the sending side rather
>>> than the receiving side.
>> If you'd been paying attention, you'd have noticed lines his initial
>> post to the list (emphasis mine):
>> I just want to use a self-signed certificate so I can *get my email from
>> my FreeBSD mail server to my cell phone*.
>> This is rather a clue that he's talking about the receiving side rather
>> than the sending side.
> I was basing it on
> --- Extract ---
> STILL BROKEN, but now there's no error message to give me a clue what is
> wrong.
> telnet localhost 25
> Trying
> Connected to localhost.
> Escape character is '^]'.
> 220 ESMTP Sendmail 8.15.2/8.15.2; Wed, 22 Mar 2017 10:10:14
> -0400 (EDT)
> ehlo localhost
> Hello localhost [], pleased to meet you
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250 HELP
> quit
> 221 2.0.0 closing connection
> Connection closed by foreign host.
> ----
> Generally speaking, you don't telnet into port 25, issue an EHLO to see
> what capabilities the server has and complain that STARTTLS is still
> missing unless you're trying to sort out the SMTP side of life. Also,
> that's not the sort of thing a newbie usually tries.
> He also wrote (apologies for the lousy formatting, various mailers have
> hacked it about)
>>> My FreeBSD server
>>> runs
>>> sendmail, and I've been running my own mail domain for about a decade.
>>> My latest guess (and that's all I can do is guess) is that my
> self-signed
>>> certificates
>>> expired, and I just need to re-generate them.  All the sources on
> sendmail
>>> and
>>> STARTTLS that I've seen so far show configs identical to my config, so
> from
>>> this I infer perhaps one or more of my cert files is "bad".
> Which really doesn't sound like a novice. Yes, the remarks about wanting
> to use IMAP are confusing, but I thought that was because he'd got into
> a "can't see the wood for the trees" state of confusion. Fighting
> recalcitrant software for a few days tends to do that. But it could be
> he truly is clueless and thrashing.

Perhaps it's hard to tell, but your quote above was conveniently taken 
out of context. A more full rendition might be a clue as to his 

The point of this exercise is to allow my Android phone to access my 
email on my FreeBSD 10.3 server, using imap.  I had it working last 
year, and then, with nary an error message, it stopped working.  So the 
email client is the native Android email client (on a recent Cyanogen 
Android).  My FreeBSD server runs sendmail, and I've been running my own 
mail domain for about a decade.

Here he speaks directly about accessing his email using IMAP. Looks 
pretty clear to me. In fact, I don't think it could be clearer.

I would wager he is posting the results of commands found in Google 
searches without completely understanding what they mean, or 
understanding that he will NEVER retrieve email with Sendmail, at least 
until now. Running [his] "own mail domain for about a decade" may be as 
simple as using shared hosting on a cPanel server as his signature 
suggests he's using Linux. It doesn't mean he knows what he's doing. In 
fact, the evidence strongly suggests the opposite.

Oh, and the idiom is "can't see the forest for the trees".

>>> [Much snippage]
>>>>>> "Never argue with a fool, onlookers may not be able to tell the
>>>>>> difference." - Mark Twain
>>> [Except for that. :-)]
>> Cute. Rather sophomoric, but still cute.
> I've never been sure about the exact details of the US university
> system, having gone through a much older one on the other side of the
> Atlantic, but I'm probably about 50 years too old to be a sophomore.
> However, while I've definitely aged, I will be the first to admit I've
> not necessarily matured. :-)

You should look at the definition of sophomoric. This link may help you:

Jim Ohlstein

"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain

More information about the freebsd-questions mailing list