Re: Openssl 0.9.7 and Sendmail 8.13.0
On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. ... By the way, access.db is a database so you'll need to do something like praliases -f access.db to read its contents. And in that case, the line will probably read srv_features:127.0.0.1:S. And praliases said: [ long list of irrelevant entries deleted, but none with srv_features. ] Are you sure that sendmail was built with STARTTLS support then? Does sendmail -d0.1 -bv postmaster mention STARTTLS? George -- [EMAIL PROTECTED] pgpo0jvyTAlS7.pgp Description: PGP signature
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Mon, Jul 19, 2004 at 09:25:44AM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. ... By the way, access.db is a database so you'll need to do something like praliases -f access.db to read its contents. And in that case, the line will probably read srv_features:127.0.0.1:S. And praliases said: [ long list of irrelevant entries deleted, but none with srv_features. ] Are you sure that sendmail was built with STARTTLS support then? Does sendmail -d0.1 -bv postmaster mention STARTTLS? doctor.nl2k.ab.ca//usr2/home/doctor$/usr/sbin/sendmail -d0.1 -bv postmaster Version 8.13.0 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETISO NETUNIX NEWDB PIPELINING SASLv2 SCANF STARTTLS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = doctor (canonical domain name) $j = doctor.nl2k.ab.ca (subdomain name) $m = nl2k.ab.ca (node name) $k = doctor.nl2k.ab.ca Notice: -bv may give misleading output for non-privileged user root... deliverable: mailer local, user root George -- [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Microsoft is not the solution; it is the question; what is the answer?? NO!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Mon, Jul 19, 2004 at 07:58:07AM -0600, The Doctor wrote: On Mon, Jul 19, 2004 at 09:25:44AM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. ... By the way, access.db is a database so you'll need to do something like praliases -f access.db to read its contents. And in that case, the line will probably read srv_features:127.0.0.1:S. And praliases said: [ long list of irrelevant entries deleted, but none with srv_features. ] Are you sure that sendmail was built with STARTTLS support then? Does sendmail -d0.1 -bv postmaster mention STARTTLS? doctor.nl2k.ab.ca//usr2/home/doctor$/usr/sbin/sendmail -d0.1 -bv postmaster Version 8.13.0 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETISO NETUNIX NEWDB PIPELINING SASLv2 SCANF STARTTLS USERDB XDEBUG I don't know then. The s_client command works for me as long as the sendmail daemon supports STARTTLS -- sendmail 8.13.0, openssl 0.9.7d, and Linux 2.6.7. George -- [EMAIL PROTECTED] pgpSB2XuIreup.pgp Description: PGP signature
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Sun, Jul 18, 2004 at 02:30:13PM -0600, The Doctor wrote: Are there any know issues?? ... doctor.nl2k.ab.ca//usr/source/sendmail-8.13.0$ openssl s_client -starttls smtp -connect 127.0.0.1:25 CONNECTED(0003) 7464:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. George -- [EMAIL PROTECTED] pgpPvuvz9f1qs.pgp Description: PGP signature
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 02:30:13PM -0600, The Doctor wrote: Are there any know issues?? ... doctor.nl2k.ab.ca//usr/source/sendmail-8.13.0$ openssl s_client -starttls smtp -connect 127.0.0.1:25 CONNECTED(0003) 7464:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. in access.db? George -- [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Microsoft is not the solution; it is the question; what is the answer?? NO!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. in access.db? That depends on the type of database support sendmail was built with, but probably yes. By the way, access.db is a database so you'll need to do something like praliases -f access.db to read its contents. And in that case, the line will probably read srv_features:127.0.0.1:S. George -- [EMAIL PROTECTED] pgpmf6fP7PKL8.pgp Description: PGP signature
Re: Openssl 0.9.7 and Sendmail 8.13.0
On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote: On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote: On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote: Check whether there's a line such as srv_features:127.0.0.1 S in your mail server's access DB -- that disables STARTTLS when the connecting client is 127.0.0.1. in access.db? That depends on the type of database support sendmail was built with, but probably yes. By the way, access.db is a database so you'll need to do something like praliases -f access.db to read its contents. And in that case, the line will probably read srv_features:127.0.0.1:S. And praliases said: Script started on Sun Jul 18 20:34:47 2004 doctor.nl2k.ab.ca//usr2/home/doctor$ps raliases -p /etc/mail/access.db praliases: illegal option -- p usage: praliases [-C cffile] [-f aliasfile] doctor.nl2k.ab.ca//usr2/home/doctor$praliases -p /etc/mail/access.db /etc/mail/access.db[Kf /etc/mail/access.db 216.95.238:RELAY 204.209.81:RELAY 63.251.135.75:RELAY 63.251.135.103:RELAY 63.251.135.109:RELAY 64.95.77.163:RELAY 24.157.180.4:RELAY 24.114.240.99:RELAY 24.70.89:RELAY 24.71.223.10:RELAY 142.179.203.144:RELAY 150.210.226.1:REJECT 139.142.254.162:REJECT 24.16.43.183:REJECT 24.141.58.89:REJECT 142.165.135.109:REJECT 142.165.143.133:REJECT 205.206.70.2:RELAY 208.38.41.4:RELAY [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT emitraining.com:RELAY [EMAIL PROTECTED]:REJECT from:[EMAIL PROTECTED]:ERROR:5.7.1:550 Probable Sobig.B worm rejected [EMAIL PROTECTED]:ERROR:5.7.1:550 Sobig.A worm rejected [EMAIL PROTECTED]:ERROR:5.7.1:550 Hybris worm rejected [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown clientrate:127.0.0.1:0 clientconn:127.0.0.1:0 127.0.0.1:RELAY 66.48.34:RELAY 63.251.135.74:RELAY 63.251.135.115:RELAY 63.251.135.98:RELAY 64.59.128.220:RELAY 64.95.77.162:RELAY 64.95.77.164:RELAY 24.65.203.159:RELAY 24.157.180.5:RELAY 24.67.170.33:RELAY 24.70.88:RELAY 24.67.72.85:RELAY 142.179.205.99:RELAY 199.185.130.39:RELAY 66.58.194:REJECT 80.162.0.239:REJECT 219.97.166:REJECT 198.53.7:REJECT 200.141.146:REJECT 24.80.93.168:REJECT 218.113.42.135:REJECT 221.124.64.23:REJECT aci-internet.ca:REJECT itwebtools.com:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:RELAY camcontacts.com:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT [EMAIL PROTECTED]:REJECT to:[EMAIL PROTECTED]:POISON [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown [EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown clientrate::10 clientconn::10 doctor.nl2k.ab.ca//usr2/home/doctor$exit exit Script done on Sun Jul 18 20:35:11 2004 George -- [EMAIL PROTECTED] -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Microsoft is not the solution; it is the question; what is the answer?? NO!! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]