Bug 57790 - STARTTLS not available in SENDMAIL
STARTTLS not available in SENDMAIL
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-12-22 20:03 EST by Need Real Name
Modified: 2007-04-18 12:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-10 00:23:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-12-22 20:03:13 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)

Description of problem:
sendmail does not offer STARTTLS as authentication mechanism (using 
sendmail 8.11.6-3), no 'secure' SMTP is possible.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.
modify /etc/sendmail.mc and make sendmail.cf according to documentation 
at sendmail.org and restart sendmail

excerpt from sendmail.mc:

define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN STARTTLS')
dnl
define(`confCACERT_PATH',`/usr/share/ssl')dnl
define(`confCACERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_CERT',`/usr/share/ssl/cert.pem')dnl
define(`confCLIENT_KEY',`/usr/share/ssl/cert.pem')dnl


2.
check STARTTLS availability using:
telnet localhost 25
ehlo localhost

-> no AUTH STARTTLS available
Log indicates:
NOQUEUE: localhost.localdomain [127.0.0.1] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MTA

3.
Netscape etc. cannot connect to SMTP using TLS

Actual Results:  no STARTTLS available

Expected Results:  TLS available as authentication mechanism

Additional info:
Comment 1 Wenzhuo Zhang 2002-01-09 07:55:27 EST
Redhat please provide sendmail-8.12.1 rpm updates. sendmail-8.12 no longer needs
sfio to provide STARTTLS.
Comment 2 Wenzhuo Zhang 2002-01-09 09:45:06 EST
It looks to me there is also an smtp-auth problem with the sendmail package in
redhat7.2. Using the same sendmail.cf and supporting packages, I can only get
"LOGIN" and "PLAIN" authentication mechanism to work in rh72. However, other
auth mechanisms are available in rh70 + sendmail-8.11.6-2.7.0.
Comment 3 Wenzhuo Zhang 2002-01-10 00:23:11 EST
ignore my last comment. it's a cyrus-sasl problem due to missing /etc/sasldb.
running saslpasswd to set a password solves the problem.
Comment 4 Florian La Roche 2002-03-10 02:46:50 EST
Ok, problem has been resolved. We will also have 8.12.2 or newer in the
next release.

Thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.