Re: sendmail + sasl == Broken?
Sorry for the delay...
On Fri, 14 Mar 2003, The Doctor What wrote:
> I did not mean to disparage your text. My apologies.
Heh, no problem, It is always hard to critique ones one text, if you
can make it clearer - please help !
> What happened is that I didn't remember what SASL was. If it had
> mentioned SMTP_AUTH, I would have realized what it was. Also, the
> script makes no attempt to detect (if it is possible) if the admin
> had already set something up.
Ah, if SASL is already in use, it should work fine - but I only use
SASL for sendmail - not IMAP/IPOP... if there's something I need to
account for, please let me know
> Perhaps you could show all the non-commented lines from
> /etc/mail/sasl/Sendmail.conf
To what end ?
> The log says:
> Mar 14 17:24:03 gerf sm-mta[15246]: STARTTLS=server, relay=rack.gnubian.org [209.61.188.219], version=TLSv1/SSLv3, verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
>
> I can only assume that the verify FAIL means that I failed to log
> in. I couldn't find a better reference for what these lines mean.
No, what you're showing here is STARTTLS (TLS - OpenSSL) encrypted
communication, probably betwixt the msp and mta. The verify=FAIL means
that sendmail encrypted the communication, but couldn't verify the
supplied certificate - most likely because it is self-signed (thats the
way I currently setup the sendmail package, am looking at providing a
dummy CA).
> method. This led me to track down that Evolution is storing the
> method in the email itself. This meant that my changing the method
> in the configuration settings had no effect. :-(
Ah... interesting, I'll have to file that away :)
> Anyway, I have it working with all four options, though I will turn
> off DIGEST and CRAM, since I think using PLAIN or LOGIN via SSL is
> much saner and managable.
If you do that, please make sure you require SSL before accepting
plain/login over the internet (or lan if non-trusted machines are
about)
> I would like to thank you very much for helping me out. I think
> what would help would be a client to test with (say a simple python
> script or something) that would report everything that it can. If
> it was included with a howto and a description on how to set up
> super high logging (level 14), the combination would be powerful.
Yes, indeed that would be very nice - I'm python illiterate, however :)
> Having suggested it, I might try to write such a python script, if
> modules exist for sending email. :-)
I'm sure they do, perl has some, but it also has a general TCP/IP
method - and sendmail is simple enough...
--
Rick Nelson
<stu> Stupid nick highlighting
<stu> Whenever someone starts with "stupid" it highlights the nick. Hmm.
-- #Debian
Reply to: