Bug 139212 - inadequate logging during TLS sessions
Summary: inadequate logging during TLS sessions
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: sendmail (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-14 02:51 UTC by Damian Menscher
Modified: 2008-08-02 23:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-24 15:58:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Damian Menscher 2004-11-14 02:51:05 UTC 
Description of problem:
If sendmail connects to a remote server, initiates a TLS session, and
then the remote end tempfails the message, the reason of the tempfail
does't get logged.  For example, the session:

220 mail.igb.uiuc.edu ESMTP Postfix
>>> EHLO zeus.itg.uiuc.edu
>>> STARTTLS
220 Ready to start TLS
>>> EHLO zeus.itg.uiuc.edu
>>> MAIL From:<j-sinn@zeus.itg.uiuc.edu> SIZE=21378878
452 Message size exceeds fixed limit
>>> QUIT
221 Bye

logged ONLY the line:

Nov 13 19:39:50 zeus sendmail[17695]: STARTTLS=client,
relay=mail.igb.uiuc.edu., version=TLSv1/SSLv3, verify=OK,
cipher=DHE-RSA-AES256-SHA, bits=256/256

The log should have said something about being deferred with the 452
return code.  (Without that, an admin has to process the queue by hand
in verbose mode in order to get information on why connections are
being tempfailed.)

Version-Release number of selected component (if applicable):
sendmail-8.12.11-4.RHEL3.1

How reproducible:
Always

Steps to Reproduce:
1. send mail to a server that supports TLS that will tempfail the
connection
2. check /var/log/maillog

Other information:
I doubt it's related, but just in case: sendmail fell back to their
backup MX, which wasn't alive, and logged that it couldn't reach it
with the standard "Connection refused" message.
Comment 1 Thomas Woerner 2007-07-24 13:09:05 UTC 
Could you please verify if this problem is also present with newer sendmail
versions?
Comment 2 Thomas Woerner 2007-07-24 15:58:56 UTC 
This request was evaluated by Red Hat Engineering for inclusion in a Red
Hat Enterprise Linux maintenance release.

Red Hat does not currently plan to provide this change in a Red Hat Enterprise
Linux update release for currently deployed products.

With the goal of minimizing risk of change for deployed systems, and in
response to customer and partner requirements, Red Hat takes a conservative
approach when evaluating enhancements for inclusion in maintenance updates
for currently deployed products. The primary objectives of update releases
are to enable new hardware platform support and to resolve critical
defects.

However, Red Hat will further review this request for potential inclusion
in future major releases of Red Hat Enterprise Linux.
Note You need to log in before you can comment on or make changes to this bug.