Bug 57790

Summary: STARTTLS not available in SENDMAIL
Product: [Retired] Red Hat Linux Reporter: Need Real Name <ghmail>
Component: sendmailAssignee: Florian La Roche <laroche>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: wenzhuo
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-01-10 05:23:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2001-12-23 01:03:13 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

Description of problem:
sendmail does not offer STARTTLS as authentication mechanism (using 
sendmail 8.11.6-3), no 'secure' SMTP is possible.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
modify /etc/sendmail.mc and make sendmail.cf according to documentation 
at sendmail.org and restart sendmail

excerpt from sendmail.mc:

define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN STARTTLS')
dnl
define(`confCACERT_PATH',`/usr/share/ssl')dnl
define(`confCACERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_KEY',`/usr/share/ssl/cert.pem')dnl


2.
check STARTTLS availability using:
telnet localhost 25
ehlo localhost

-> no AUTH STARTTLS available
Log indicates:
NOQUEUE: localhost.localdomain [127.0.0.1] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MTA

3.
Netscape etc. cannot connect to SMTP using TLS

Actual Results:  no STARTTLS available

Expected Results:  TLS available as authentication mechanism

Additional info:
Comment 1 Wenzhuo Zhang 2002-01-09 12:55:27 UTC 
Redhat please provide sendmail-8.12.1 rpm updates. sendmail-8.12 no longer needs
sfio to provide STARTTLS.
Comment 2 Wenzhuo Zhang 2002-01-09 14:45:06 UTC 
It looks to me there is also an smtp-auth problem with the sendmail package in
redhat7.2. Using the same sendmail.cf and supporting packages, I can only get
"LOGIN" and "PLAIN" authentication mechanism to work in rh72. However, other
auth mechanisms are available in rh70 + sendmail-8.11.6-2.7.0.
Comment 3 Wenzhuo Zhang 2002-01-10 05:23:11 UTC 
ignore my last comment. it's a cyrus-sasl problem due to missing /etc/sasldb.
running saslpasswd to set a password solves the problem.
Comment 4 Florian La Roche 2002-03-10 07:46:50 UTC 
Ok, problem has been resolved. We will also have 8.12.2 or newer in the
next release.

Thanks,

Florian La Roche