139212 – inadequate logging during TLS sessions

Bug 139212 - inadequate logging during TLS sessions

Summary: inadequate logging during TLS sessions

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	sendmail
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-11-14 02:51 UTC by Damian Menscher
Modified:	2008-08-02 23:40 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-07-24 15:58:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Damian Menscher 2004-11-14 02:51:05 UTC

Description of problem:
If sendmail connects to a remote server, initiates a TLS session, and
then the remote end tempfails the message, the reason of the tempfail
does't get logged.  For example, the session:

220 mail.igb.uiuc.edu ESMTP Postfix
>>> EHLO zeus.itg.uiuc.edu
>>> STARTTLS
220 Ready to start TLS
>>> EHLO zeus.itg.uiuc.edu
>>> MAIL From:<j-sinn.uiuc.edu> SIZE=21378878
452 Message size exceeds fixed limit
>>> QUIT
221 Bye

logged ONLY the line:

Nov 13 19:39:50 zeus sendmail[17695]: STARTTLS=client,
relay=mail.igb.uiuc.edu., version=TLSv1/SSLv3, verify=OK,
cipher=DHE-RSA-AES256-SHA, bits=256/256

The log should have said something about being deferred with the 452
return code.  (Without that, an admin has to process the queue by hand
in verbose mode in order to get information on why connections are
being tempfailed.)

Version-Release number of selected component (if applicable):
sendmail-8.12.11-4.RHEL3.1

How reproducible:
Always

Steps to Reproduce:
1. send mail to a server that supports TLS that will tempfail the
connection
2. check /var/log/maillog

Other information:
I doubt it's related, but just in case: sendmail fell back to their
backup MX, which wasn't alive, and logged that it couldn't reach it
with the standard "Connection refused" message.

Comment 1 Thomas Woerner 2007-07-24 13:09:05 UTC

Could you please verify if this problem is also present with newer sendmail
versions?

Comment 2 Thomas Woerner 2007-07-24 15:58:56 UTC

This request was evaluated by Red Hat Engineering for inclusion in a Red
Hat Enterprise Linux maintenance release.

Red Hat does not currently plan to provide this change in a Red Hat Enterprise
Linux update release for currently deployed products.

With the goal of minimizing risk of change for deployed systems, and in
response to customer and partner requirements, Red Hat takes a conservative
approach when evaluating enhancements for inclusion in maintenance updates
for currently deployed products. The primary objectives of update releases
are to enable new hardware platform support and to resolve critical
defects.

However, Red Hat will further review this request for potential inclusion
in future major releases of Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.