Re: STARTTLS wierdness in sendmail 8.12.10-1
On Fri, 19 Sep 2003, Marc-Christian Petersen wrote:
> please copy "/usr/share/sendmail/examples/starttls.m4 to /etc/mail/tls and
> execute 'sendmailconfig' after you copied the file over.
>
> It's an updated file you have to use by now. You should have read the install
> message by the sendmail update and the changelog too ;p
> You have to do the same with SASLv2 m4 if you use SASLv2.
Sigh, I was hoping to get more cleanup on the changes, but the
unexpected release of the exploit information fscked up me (and
upstream) :(
> > Anyone else see this?
>
> yes, Solution above. Anyway, even after that, TLS does not work anylonger. I
> always get "verify=NOT" if I try to send mail with my other clients.
> 8.12.9-latest from SID before 8.12.10-1 works fine.
That's not a failure, it indicates that verification wasn't even tried
That said, I'm able to see the same in my logs:
Sep 19 19:30:03 renegade sm-mta[11064]: STARTTLS=server, relay=localhost
[127.0.0.1], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES256-SHA,
bits=256/256
Sep 19 19:30:03 renegade sendmail[11060]: STARTTLS=client,
relay=localhost.badlands.org., version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-SHA, bits=256/256
(MTA didn't verify MSP, MSP tried but failed to verify MTA)
8.12.10-2 is already in incoming(FTBFS), so this fix will come in -3
--
Rick Nelson
Guns don't kill people. It's those damn bullets. Guns just make them go
really really fast.
-- Jake Johanson
Reply to: