Re: sendmail upgrade: SMTP_AUTH + version=TLSv1/SSLv3, verify=FAIL

Wed, 12 Mar 2003 17:24:13 -0800

Marcus Schopen wrote:
Hi,

after upgrading sendmail because of the sendmail bug, some things with SMTP_AUTH and TLS go strange: I get a "self signed certificate" when sending a mail from my client-sendmail through the relay-sendmail. Before upgrading, everything worked fine with this configuration:

The client-sendmails config:

/etc/mail/mailertable
[...]
aol.com                         relay:[199.10.14.2]
[...]

/etc/mail/access:
AuthInfo:199.10.14.2 "U:user" "P:password"

sendmail.mc:
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

=> why does these lines do not work anymore? SMTP_AUTH only works if I remove(!) my old config from sendmail.mc.

Now the SSL Problem: this is the logfile of the relay-sendmail (199.10.14.2) e.g. when sending a mail to [EMAIL PROTECTED] though it:

Mar 10 04:56:35 jurb1 sm-mta[2365]: STARTTLS: cert verify: depth=0 /C=DE/ST=NRW/L=Bielefeld/O=nix/CN=www.loru.de/[EMAIL PROTECTED], state=0, reason=self signed certificate

=> why is "self signed" certificate of my client-sendmail a problem? I don't want to buy one, so I have to sign it myself. This worked fine the last two years.


Mar 10 04:56:35 jurb1 sm-mta[2365]: STARTTLS=server, relay=pD95258B9.dip.t-dialin.net [217.82.18.185], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168

=> why "verify=FAIL". I use the certificates generated by debian's sendmailconfig.

Mar 10 04:56:35 jurb1 sm-mta[2365]: AUTH: available mech=DIGEST-MD5 LOGIN PLAIN ANONYMOUS CRAM-MD5 EXTERNAL, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN

=> before upgrading only "CRAM-MD5 PLAIN LOGIN" were allowed

Mar 10 04:56:35 jurb1 sm-mta[2365]: AUTH=server, relay=pD95258B9.dip.t-dialin.net [217.82.88.185], authid=/C=DE/ST=NRW/L=Bielefeld/O=nix/CN=www.loru.de/[EMAIL PROTECTED], mech=EXTERNAL, bits=0

=> why is he using "mech=EXTERNAL". I want to use PLAIN login.



After upgrading sendmail Debian's sendmail maintainer set pwcheck_method to PAM in /etc/mail/sasl/Sendmail.conf instead of leaving my "pwcheck_method: sasldb" configuration untouched. :-/

Marcus



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to