I tried the sendmail list and it was suggested I try this list. Specs/ ################################## Sendmail version :sendmail-8.12.9 OpenSSL version: OpenSSL 0.9.6g Sasl version cyrus-sasl-1.5.27_7 OS is Freebsd 5.0 Eudora 6.0 or 5.2 #############################
Ok I have sendmail /w tls and auth working for all clients except Eudora. I am using self-signed Certs. When I connect I get this in the logs: Jun 9 20:00:17 foo.com sm-mta[84051]: STARTTLS=server: 84051:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:tls peer did not respond with certificate list:s3_srvr.c:1720: >From the Eudora web-site: With OpenSSL0.9.6d (or later) the OpenSSL developers have put an option in OpenSSL to disable the CBC Countermeasure. These countermeasures must be disabled in order to allow Eudora to successfully negotiate an SSL connection. It looks like this is done in sendmail/tls.c:796 SSL_CTX_set_options(*ctx, SSL_OP_ALL); /* XXX bug compatibility? */ Is this set by default in sendmail? Doesn't seem like it would be. I have Googled my arse off and still havent a clear answer? Is there any way to find out if this parameter is set already ? >strings sendmail |grep SSL_CTX give me some info but no listing for this. What are others doing to make Eudora work? I was asked for better log so I upped logging to 14 on sendmail and this is what I get: *************************************************** With LogLevel =14 Jun 10 08:13:07 foo sm-mta[86562]: started as: /usr/sbin/sendmail -L sm-mta - bd -q30m Jun 10 08:14:01 foo sm-mta[86565]: NOQUEUE: connect from testbox.foo.com [xx.xx.xx.xx] Jun 10 08:14:01 foo sm-mta[86565]: AUTH: available mech=ANONYMOUS KERBEROS_V4, allowed mech=GSSAPI LOGIN DIG EST-MD5 PLAIN Jun 10 08:14:04 foo sm-mta[86565]: STARTTLS=server, error: accept failed=-1, SSL_error=1, timedout=0, errno= 0 Jun 10 08:14:04 foo sm-mta[86565]: STARTTLS=server: 86565:error:140890E9:SSL routines:SSL3_GET_CLIENT_CERTIF ICATE:tls peer did not respond with certificate list:s3_srvr.c:1720: Jun 10 08:14:04 foo sm-mta[86565]: h5ACE1dl086565: testbox.foo.com [xx.xx.xx.xx] did not issue MAIL/EX PN/VRFY/ETRN during connection to MTA ************************************************** Thanks Steve Devine ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
