Bug 57790 - STARTTLS not available in SENDMAIL
Summary: STARTTLS not available in SENDMAIL
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail
Version: 7.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-12-23 01:03 UTC by Need Real Name
Modified: 2007-04-18 16:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-01-10 05:23:16 UTC


Attachments (Terms of Use)

Description Need Real Name 2001-12-23 01:03:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

Description of problem:
sendmail does not offer STARTTLS as authentication mechanism (using 
sendmail 8.11.6-3), no 'secure' SMTP is possible.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
modify /etc/sendmail.mc and make sendmail.cf according to documentation 
at sendmail.org and restart sendmail

excerpt from sendmail.mc:

define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN STARTTLS')
dnl
define(`confCACERT_PATH',`/usr/share/ssl')dnl
define(`confCACERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_KEY',`/usr/share/ssl/cert.pem')dnl


2.
check STARTTLS availability using:
telnet localhost 25
ehlo localhost

-> no AUTH STARTTLS available
Log indicates:
NOQUEUE: localhost.localdomain [127.0.0.1] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MTA

3.
Netscape etc. cannot connect to SMTP using TLS

Actual Results:  no STARTTLS available

Expected Results:  TLS available as authentication mechanism

Additional info:

Comment 1 Wenzhuo Zhang 2002-01-09 12:55:27 UTC
Redhat please provide sendmail-8.12.1 rpm updates. sendmail-8.12 no longer needs
sfio to provide STARTTLS.

Comment 2 Wenzhuo Zhang 2002-01-09 14:45:06 UTC
It looks to me there is also an smtp-auth problem with the sendmail package in
redhat7.2. Using the same sendmail.cf and supporting packages, I can only get
"LOGIN" and "PLAIN" authentication mechanism to work in rh72. However, other
auth mechanisms are available in rh70 + sendmail-8.11.6-2.7.0.

Comment 3 Wenzhuo Zhang 2002-01-10 05:23:11 UTC
ignore my last comment. it's a cyrus-sasl problem due to missing /etc/sasldb.
running saslpasswd to set a password solves the problem.

Comment 4 Florian La Roche 2002-03-10 07:46:50 UTC
Ok, problem has been resolved. We will also have 8.12.2 or newer in the
next release.

Thanks,

Florian La Roche



Note You need to log in before you can comment on or make changes to this bug.