Re: Openssl 0.9.7 and Sendmail 8.13.0

[George Theall]

On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote:
 On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
  On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
   On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:

Check whether there's a line such as srv_features:127.0.0.1 S in your
mail server's access DB -- that disables STARTTLS when the connecting
client is 127.0.0.1. 
...
  By the way, access.db is a database so you'll need to do something like
  praliases -f access.db to read its contents.  And in that case, the
  line will probably read srv_features:127.0.0.1:S. 
 
 
 And praliases said:

[ long list of irrelevant entries deleted, but none with srv_features. ]

Are you sure that sendmail was built with STARTTLS support then? Does
sendmail -d0.1 -bv postmaster mention STARTTLS?

George
-- 
[EMAIL PROTECTED]


pgpo0jvyTAlS7.pgp
Description: PGP signature

Re: Openssl 0.9.7 and Sendmail 8.13.0

[The Doctor]

On Mon, Jul 19, 2004 at 09:25:44AM -0400, George Theall wrote:
 On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote:
  On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
   On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
 
 Check whether there's a line such as srv_features:127.0.0.1 S in your
 mail server's access DB -- that disables STARTTLS when the connecting
 client is 127.0.0.1. 
 ...
   By the way, access.db is a database so you'll need to do something like
   praliases -f access.db to read its contents.  And in that case, the
   line will probably read srv_features:127.0.0.1:S. 
  
  
  And praliases said:
 
 [ long list of irrelevant entries deleted, but none with srv_features. ]
 
 Are you sure that sendmail was built with STARTTLS support then? Does
 sendmail -d0.1 -bv postmaster mention STARTTLS?

doctor.nl2k.ab.ca//usr2/home/doctor$/usr/sbin/sendmail -d0.1 -bv postmaster
Version 8.13.0
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETISO NETUNIX NEWDB PIPELINING SASLv2 SCANF
STARTTLS USERDB XDEBUG

 SYSTEM IDENTITY (after readcf) 
  (short domain name) $w = doctor
  (canonical domain name) $j = doctor.nl2k.ab.ca
 (subdomain name) $m = nl2k.ab.ca
  (node name) $k = doctor.nl2k.ab.ca


Notice: -bv may give misleading output for non-privileged user
root... deliverable: mailer local, user root

 
 George
 -- 
 [EMAIL PROTECTED]



-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Microsoft is not the solution; it is the question; what is the answer?? NO!!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl 0.9.7 and Sendmail 8.13.0

[George Theall]

On Mon, Jul 19, 2004 at 07:58:07AM -0600, The Doctor wrote:
 On Mon, Jul 19, 2004 at 09:25:44AM -0400, George Theall wrote:
  On Sun, Jul 18, 2004 at 08:35:48PM -0600, The Doctor wrote:
   On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
 On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
  
  Check whether there's a line such as srv_features:127.0.0.1 S in your
  mail server's access DB -- that disables STARTTLS when the connecting
  client is 127.0.0.1. 
  ...
By the way, access.db is a database so you'll need to do something like
praliases -f access.db to read its contents.  And in that case, the
line will probably read srv_features:127.0.0.1:S. 
   
   
   And praliases said:
  
  [ long list of irrelevant entries deleted, but none with srv_features. ]
  
  Are you sure that sendmail was built with STARTTLS support then? Does
  sendmail -d0.1 -bv postmaster mention STARTTLS?
 
 doctor.nl2k.ab.ca//usr2/home/doctor$/usr/sbin/sendmail -d0.1 -bv postmaster
 Version 8.13.0
  Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
 NAMED_BIND NETINET NETISO NETUNIX NEWDB PIPELINING SASLv2 SCANF
 STARTTLS USERDB XDEBUG

I don't know then.  The s_client command works for me as long as the
sendmail daemon supports STARTTLS -- sendmail 8.13.0, openssl 0.9.7d,
and Linux 2.6.7. 


George
-- 
[EMAIL PROTECTED]


pgpSB2XuIreup.pgp
Description: PGP signature

Re: Openssl 0.9.7 and Sendmail 8.13.0

[George Theall]

On Sun, Jul 18, 2004 at 02:30:13PM -0600, The Doctor wrote:

 Are there any know issues??
...
 doctor.nl2k.ab.ca//usr/source/sendmail-8.13.0$ openssl s_client -starttls smtp 
 -connect 127.0.0.1:25
 CONNECTED(0003)
 7464:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
 protocol:s23_clnt.c:478:

Check whether there's a line such as srv_features:127.0.0.1 S in your
mail server's access DB -- that disables STARTTLS when the connecting
client is 127.0.0.1. 

George
-- 
[EMAIL PROTECTED]


pgpPvuvz9f1qs.pgp
Description: PGP signature

Re: Openssl 0.9.7 and Sendmail 8.13.0

[The Doctor]

On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
 On Sun, Jul 18, 2004 at 02:30:13PM -0600, The Doctor wrote:
 
  Are there any know issues??
 ...
  doctor.nl2k.ab.ca//usr/source/sendmail-8.13.0$ openssl s_client -starttls smtp 
  -connect 127.0.0.1:25
  CONNECTED(0003)
  7464:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
  protocol:s23_clnt.c:478:
 
 Check whether there's a line such as srv_features:127.0.0.1 S in your
 mail server's access DB -- that disables STARTTLS when the connecting
 client is 127.0.0.1. 


in access.db?
 
 George
 -- 
 [EMAIL PROTECTED]



-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Microsoft is not the solution; it is the question; what is the answer?? NO!!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Openssl 0.9.7 and Sendmail 8.13.0

[George Theall]

On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
 On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
  
  Check whether there's a line such as srv_features:127.0.0.1 S in your
  mail server's access DB -- that disables STARTTLS when the connecting
  client is 127.0.0.1. 
 
 
 in access.db?

That depends on the type of database support sendmail was built with,
but probably yes. 

By the way, access.db is a database so you'll need to do something like
praliases -f access.db to read its contents.  And in that case, the
line will probably read srv_features:127.0.0.1:S. 

George
-- 
[EMAIL PROTECTED]


pgpmf6fP7PKL8.pgp
Description: PGP signature

Re: Openssl 0.9.7 and Sendmail 8.13.0

[The Doctor]

On Sun, Jul 18, 2004 at 09:02:22PM -0400, George Theall wrote:
 On Sun, Jul 18, 2004 at 03:18:48PM -0600, The Doctor wrote:
  On Sun, Jul 18, 2004 at 04:50:49PM -0400, George Theall wrote:
   
   Check whether there's a line such as srv_features:127.0.0.1 S in your
   mail server's access DB -- that disables STARTTLS when the connecting
   client is 127.0.0.1. 
  
  
  in access.db?
 
 That depends on the type of database support sendmail was built with,
 but probably yes. 
 
 By the way, access.db is a database so you'll need to do something like
 praliases -f access.db to read its contents.  And in that case, the
 line will probably read srv_features:127.0.0.1:S. 


And praliases said:

 
Script started on Sun Jul 18 20:34:47 2004
doctor.nl2k.ab.ca//usr2/home/doctor$ps raliases -p /etc/mail/access.db
praliases: illegal option -- p
usage: praliases [-C cffile] [-f aliasfile]
doctor.nl2k.ab.ca//usr2/home/doctor$praliases -p 
/etc/mail/access.db /etc/mail/access.dbf 
/etc/mail/access.db
216.95.238:RELAY
204.209.81:RELAY
63.251.135.75:RELAY
63.251.135.103:RELAY
63.251.135.109:RELAY
64.95.77.163:RELAY
24.157.180.4:RELAY
24.114.240.99:RELAY
24.70.89:RELAY
24.71.223.10:RELAY
142.179.203.144:RELAY
150.210.226.1:REJECT
139.142.254.162:REJECT
24.16.43.183:REJECT
24.141.58.89:REJECT
142.165.135.109:REJECT
142.165.143.133:REJECT
205.206.70.2:RELAY
208.38.41.4:RELAY
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
emitraining.com:RELAY
[EMAIL PROTECTED]:REJECT
from:[EMAIL PROTECTED]:ERROR:5.7.1:550 Probable Sobig.B worm rejected
[EMAIL PROTECTED]:ERROR:5.7.1:550 Sobig.A worm rejected
[EMAIL PROTECTED]:ERROR:5.7.1:550 Hybris worm rejected
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
clientrate:127.0.0.1:0
clientconn:127.0.0.1:0
127.0.0.1:RELAY
66.48.34:RELAY
63.251.135.74:RELAY
63.251.135.115:RELAY
63.251.135.98:RELAY
64.59.128.220:RELAY
64.95.77.162:RELAY
64.95.77.164:RELAY
24.65.203.159:RELAY
24.157.180.5:RELAY
24.67.170.33:RELAY
24.70.88:RELAY
24.67.72.85:RELAY
142.179.205.99:RELAY
199.185.130.39:RELAY
66.58.194:REJECT
80.162.0.239:REJECT
219.97.166:REJECT
198.53.7:REJECT
200.141.146:REJECT
24.80.93.168:REJECT
218.113.42.135:REJECT
221.124.64.23:REJECT
aci-internet.ca:REJECT
itwebtools.com:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:RELAY
camcontacts.com:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
[EMAIL PROTECTED]:REJECT
to:[EMAIL PROTECTED]:POISON
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
[EMAIL PROTECTED]:ERROR:5.1.1:550 User unknown
clientrate::10
clientconn::10
doctor.nl2k.ab.ca//usr2/home/doctor$exit
exit

Script done on Sun Jul 18 20:35:11 2004
 George
 -- 
 [EMAIL PROTECTED]



-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Microsoft is not the solution; it is the question; what is the answer?? NO!!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]