sendmail upgrade: SMTP_AUTH + version=TLSv1/SSLv3, verify=FAIL
Hi,
after upgrading sendmail because of the sendmail bug, some things with
SMTP_AUTH and TLS go strange: I get a "self signed certificate" when
sending a mail from my client-sendmail through the relay-sendmail.
Before upgrading, everything worked fine with this configuration:
The client-sendmails config:
/etc/mail/mailertable
[...]
aol.com relay:[199.10.14.2]
[...]
/etc/mail/access:
AuthInfo:199.10.14.2 "U:user" "P:password"
sendmail.mc:
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
=> why does these lines do not work anymore? SMTP_AUTH only works if I
remove(!) my old config from sendmail.mc.
Now the SSL Problem: this is the logfile of the relay-sendmail
(199.10.14.2) e.g. when sending a mail to xyz@aol.com though it:
Mar 10 04:56:35 jurb1 sm-mta[2365]: STARTTLS: cert verify: depth=0
/C=DE/ST=NRW/L=Bielefeld/O=nix/CN=www.loru.de/Email=marcus@loru.de,
state=0, reason=self signed certificate
=> why is "self signed" certificate of my client-sendmail a problem? I
don't want to buy one, so I have to sign it myself. This worked fine the
last two years.
Mar 10 04:56:35 jurb1 sm-mta[2365]: STARTTLS=server,
relay=pD95258B9.dip.t-dialin.net [217.82.18.185], version=TLSv1/SSLv3,
verify=FAIL, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
=> why "verify=FAIL". I use the certificates generated by debian's
sendmailconfig.
Mar 10 04:56:35 jurb1 sm-mta[2365]: AUTH: available mech=DIGEST-MD5
LOGIN PLAIN ANONYMOUS CRAM-MD5 EXTERNAL, allowed mech=EXTERNAL GSSAPI
KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
=> before upgrading only "CRAM-MD5 PLAIN LOGIN" were allowed
Mar 10 04:56:35 jurb1 sm-mta[2365]: AUTH=server,
relay=pD95258B9.dip.t-dialin.net [217.82.88.185],
authid=/C=DE/ST=NRW/L=Bielefeld/O=nix/CN=www.loru.de/Email=marcus@loru.de,
mech=EXTERNAL, bits=0
=> why is he using "mech=EXTERNAL". I want to use PLAIN login.
Thanks
Marcus
Reply to: