From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311 Description of problem: Sendmail 8.12.2 supports STARTTLS, but the version distributed with the Skipjack beta1 has problems, for example there is no /usr/share/ssl/certs/sendmail.pem created by the sendmail rpm. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. telnet to port 25 2. Say: EHLO something 3. No STARTTLS is listed as an ESTMP option Actual Results: No STARTTLS is listed as an ESTMP option Expected Results: It would be much nicer to see STARTTLS listed. Additional info: sendmail seems to be built with STARTTLS support, so this should just be a configuration issue.
FYI sendmail won't show STARTTLS in response to an EHLO until the proper certs are installed. It would seem problematic to distribute with some generic certs for security reasons.
I also think this should be configured on a local machine if it is wanted. Thanks, Florian La Roche
Similar certificates are generated for Apache and imapd, the security implications would seem to be about the same as for generating one for sendmail. I generated a sendmail.pem in the right directory using the Makefile found in /usr/share/ssl/certs and restarted sendmail, but no STARTTSL appeared.