Re: Can't seem to disable STARTTLS in Fedora sendmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alexander Dalloz wrote: 
Am Fr, den 30.01.2004 schrieb Rick Stevens um 21:40:

Adam Lanier wrote:

On Fri, 30 Jan 2004 11:32:19 -0800 (PST), Wayne Johnson <wdtj@xxxxxxxxx> wrote:


We have a new Fedora system that is suppose to send it's mail (using
sendmail, no flames PLEASE!), to smtp.comcast.net.  When we attempt to
send it from a local account, we get an error back that the user is
invalid.  Strange, but it works find for mail being relayed from/for
other windows machines.


[snip]


il.mc, etc.), but sendmail continues to attempt TLS.

How do I turn TLS off!


This is probably a question better suited to a sendmail mailing list/newsgroup but...

The sendmail book lists the following mc file directives that relate to starttls:

define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR`'/cacert.pem')
define(`confSERVER_CERT', `CERT_DIR`'/client.cert.pem')
define(`confSERVER_KEY', `CERT_DIR`'/client.key.pem')
define(`confCLIENT_CERT', `CERT_DIR`'/client.cert.pem')
define(`confCLIENT_KEY', `CERT_DIR`'/client.key.pem')

If any of these are in your sendmail.mc, remove them (or rem them out), rebuild the sendmail.cf file (with the command: m4 sendmail.mc > sendmail.cf) and restart sendmail. 

Another way is to edit the current sendmail.cf file and make sure
this line is in it and uncommented:

	O TLSSrvOptions=V

This tells sendmail to NOT request the client's certificate.  Note that
this option is not safe and is only present in sendmail V8.12.x.



Really a bad idea to edit the sendmail.cf directly. Each service restart
will delete such a manual direct setting in the .cf file! And editing
the sendmai.cf directly often causes errors. Even the OP did set that
with define(`confTLS_SRV_OPTIONS', `V') in the sendmail.mc file.


Yeah, you're right.  I hate that.  I've disabled it in my startups.  I
use many custom rules that aren't part of the standard m4 stuff and I
have no desire to learn m4 to put them in.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         C program run. C program crash. C programmer quit.         -
----------------------------------------------------------------------



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux