Bug 101174
Summary: | enable starttls in config | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux Beta | Reporter: | Christopher McCrory <chrismcc> |
Component: | sendmail | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | beta1 | CC: | aleksey, chris.ricker, k.georgiou |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-06-14 12:42:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 100644 |
Description
Christopher McCrory
2003-07-29 19:55:17 UTC
I'm as eager as anyone to see STARTTLS adopted universally, but I'm not sure enabling this by default is a good idea yet. There are a lot of broken ESMTP servers out there, and this does cause problems with some of them.... For example, MS Exchange 5.5 (still widely used, unfortunately) out of the box as a server advertises STARTTLS support, even when TLS is not configured / enabled. When the sendmail client connects, it will naturally try to negotiate, fail, and go boom. I enable STARTTLS both client-side and server-side on all my SMTP servers, but I know to monitor the logs and to whitelist (or blacklist, depending on your point of view ;-) the servers which advertise STARTTLS even though they don't actually support it. I don't know that it's reasonable to expect everyone using RH to have to do the same, or even to know to do the same.... Is it possible to have sendmail just be tolerant of such broken servers? E.g. give up on TLS when things go wrong, but not give up on transmission? Chris, can you supply an example of a broken Exchange server ( off bugzilla if need be ). The only problems I've seen are FAIL with fallback to non TLS. We need a better infrastructure to setup certs within Red Hat. Newest rpm at http://people.redhat.com/laroche/sendmail* has some script, but we need more of this. greetings, Florian La Roche Fixed since 8.12.10-3. |