On Mon, Dec 22, 2003 at 12:40:46PM -0600, Kevin D. Kinsey, DaleCo, S.P. wrote:
> Don't know if anyone can or wants to help, I've
> scanned a lot of search results and followed
> 3 different "how to's" (starting with the Handbook)
> and though I'm closer, perhaps, I'm still not there.
> I need an SSL-capable POP3 and SMTP as our
> needs expand.  POP3 I've accomplished with
> imap-uw; Sendmail has been some trouble
> for 3 days now, and at least one client is really
> needing to be able to send with M$ OE ASAP....

I've got one colleague who uses OE to read e-mail off my server via UW
IMAPS, a second that uses both OE and Mozilla and a third who has
never managed to get OE to authenticate properly.  I guess it's
something to do with the OE version...
> Both OE and the Mozilla mail client (and Mutt *on*
> the server, last I checked) are timing out attempting
> to use "SMTP Auth".  With Sendmail set to "LogLevel=25",
> here's a snippet of where I *think* the problem lies...
> ----------------------------------------------------------------------------------------
> Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212:
>                --- 451 Name server 
> timeout

Osirusoft is dead and gone.  You should take that out of your
MTA/anti-spam configuration.

> Dec 22 12:20:51 ezekiel sm-mta[94212]: AUTH: available mech=NTLM
>                LOGIN ANONYMOUS PLAIN OTP DIGEST-MD5 CRAM-MD5, allowed 
> Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212: Milter: no active 
> filter
> Dec 22 12:20:51 ezekiel sm-mta[94212]: STARTTLS=server,
>                error: accept failed=-1, SSL_error=1, timedout=0, errno=0
> Dec 22 12:20:51 ezekiel sm-mta[94212]: STARTTLS=server: 
> 94212:error:1408A0C1:SSL
>                 routines:SSL3_GET_CLIENT_HELLO:no shared  
> cipher:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_srvr.c:886:
> Dec 22 12:20:51 ezekiel sm-mta[94212]: hBMIG1ka094212: []
>                    did not issue MAIL/EXPN/VRFY/ETRN during connection 
> Dec 22 12:21:02 ezekiel sm-mta[94238]: NOQUEUE: connect from []
> Dec 22 12:22:08 ezekiel sm-mta[94238]: hBMIL2ka094238: ---
>                    451 Name server timeout
> Dec 22 12:24:30 ezekiel sm-mta[94224]: hBMIJVka094224: ---
>                    451 Name server 
> timeout
> --------------------------------------------------------------------------------------------
> There are a few curiosities here in my mind, (Milter (?) and timeouts
> looking for the spamcop NS's, but the issue seems most likely to
> be the SSL error ("accept failed=-1" and "no shared cipher".
> What have I misconfigured?  I've tried all possible combinations of
> checkboxes on the clients ... at least I think so.  They just hang forever;
> OE during the "securing" phase.  If someone knows the incantations
> I don't know for Sendmail, I'd appreciate a look at your spell book....

Hmmm... SASL related stuff from my config:


    SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2

SASL ports:

    % pkg_info -I '*sasl*'
    cyrus-sasl-2.1.17_1 RFC 2222 SASL (Simple Authentication and Security Layer)
    cyrus-sasl-saslauthd-2.1.17_1 SASL authentication server for cyrus-sasl2


    dnl ## Set SASL options
    define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl


    define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
    define(`confCACERT_PATH', `CERT_DIR')dnl
    define(`confCACERT', `CERT_DIR/cacert.pem')dnl
    define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
    define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
    define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
    define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl

I'm using a self-signed cert generated according to these instructions:


and you may find this page useful, although using client certificates
is possibly overkill (the standard LOGIN that OE uses should be


Note the bit about making sure the certificate signer (CN of
cacert.pem) is different to the common name of the certificate.

Not having a windows box anywhere available I can't remember off-hand
exactly how to set up the OE end, but it's not too difficult if you
work through the available options.



PS.  Reply only to list, as your mailer bounces messages from my site
for no apparent reason.

Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to