Send Mail SSL
in [Sendmail]
|
Prev: O sistema Auto Pilot T FERRAMENTAS , PARA PROFISSIONAIS MMN OU OUTROS PRODUTOS
Next: premature EOM: Connection reset by (HOST)
From: Greg Hart on 26 Jan 2010 08:48 All, I am trying to determine if SSL is actually available for our installation of SendMail. This is my first exposure to SendMail and really my first in depth exposure to running anything in Linux. I checked the M4 Configuration and I see: define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`CERT_DIR', `/etc/mail/certs`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl I seems that the cert info is there, although it does say "Login Plain", maybe that is to be expected. I tried just going to the https email path with no luck as well as trying to go to port 10000 which seems like a default used from what I have seen on the net. Is there somewhere inside the config I can look to see if it really is active and what port it is using? Thanks, Greg --- news://freenews.netfront.net/ - complaints: news(a)netfront.net ---
From: ska on 27 Jan 2010 03:53
Greg Hart wrote: > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl > define(`CERT_DIR', `/etc/mail/certs`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl The overall sendmail doc about SSL/TLS is here: http://www.sendmail.org/~ca/email/starttls.html See the "Initial Test" section: " Start the sendmail daemon, connect to it and see whether it comes up with 250-STARTTLS in the EHLO response: % telnet localhost 25 Trying 127.0.0.1... Connected to localhost Escape character is '^]'. 220 local.sendmail.org ESMTP Sendmail Sendmail 8.12.0/8.12.0; Sun, 30 Sep 2001 10:47:28 -0700 (PDT) ehlo localhost 250-local.sendmail.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-DSN 250-STARTTLS 250 HELP quit" Note, for STARTTLS you should use the default ports, 25 (smtp) or 587 (submission). For SMTP-over-SSL there is an obsoleted port 465 (symbolic: ssmtp or smtps). You probably have: DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4ssl, Port=ssmtp, M=s')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea')dnl they define the ports and, via the M= flags, the options that sendmail accepts. The flags are documented in the op.me guide. To test if SSL is working: If you have ssmtp: openssl s_client -connect localhost:465 -showcerts -msg -state EHLO localhost QUIT If not: gnutls-cli -p 25 --starttls localhost EHLO localhost STARTTLS ^D QUIT -ska |