LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Sendmail Server Authentication: Certificate based: Error (http://www.linuxquestions.org/questions/linux-security-4/sendmail-server-authentication-certificate-based-error-4175461737/)

chingupt 05-13-2013 06:24 AM

Sendmail Server Authentication: Certificate based: Error
 
I have configured my setup for a server certificate based authentication. Both Server and Client are sendmail systems and both have the same set of certificates.

However when client communicated with the server, i get the following error:
403 4.7.0 authentication failed

Access file contents:
TLS_Srv:mx3.domaintest.com VERIFY TLS_Rcpt: VERIFY:CI:/O=Sendmail/OU=Sendmail+20Server/CN=debian/Email=admin@debian

db file created using following command:
makemap hash access.db < access

Client sendmail Logs:

May 13 03:38:26 sendmail[5052]: STARTTLS: CRLFile missing
May 13 03:38:26 sendmail[5052]: STARTTLS=client, init=1
May 13 03:38:26 sendmail[5052]: STARTTLS=client, start=ok
May 13 03:38:26 sendmail[5052]: STARTTLS=client, info: fds=7/6, err=2
May 13 03:38:27 sendmail[5052]: STARTTLS: TLS cert verify: depth=0 /O=Sendmail/OU=Sendmail Server/CN=debian/emailAddress=admin@debian, state=0, reason=self signed certificate
May 13 03:38:27 sendmail[5052]: STARTTLS=client, info: fds=7/6, err=2
May 13 03:38:27 sendmail[5052]: STARTTLS=client, get_verify: 18 get_peer: 0x81e7a60
May 13 03:38:27 sendmail[5052]: STARTTLS=client, relay=mx3.domaintest.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
May 13 03:38:27 sendmail[5052]: STARTTLS=client, cert-subject=/O=Sendmail/OU=Sendmail+20Server/CN=debian/emailAddress=admin@debian, cert-issuer=/O=Sendmail/OU=Sendmail+20Server/CN=debian/emailAddress=admin@debian, verifymsg=self signed certificate
May 13 03:38:27 sendmail[5052]: ruleset=tls_server, arg1=FAIL, relay=mx3.domaintest.com, reject=403 4.7.0 authentication failed

Server Logs:

May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2
May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2
May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1p003966: from=, size=706, class=0, nrcpts=1, msgid=<1368405535.7035.26.camel@client1.com>, proto=ESMTP, daemon=MTA-v4, relay=domain.com [client_ip]
May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1p003966: --- 250 2.0.0 r4D73R1p003966 Message accepted for delivery
May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2
May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1q003966: <-- QUIT
May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1q003966: --- 221 2.0.0 domaintest.com closing connection
May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=server, SSL_shutdown not done
May 13 02:03:41 domaintest sm-mta[3966]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
May 13 02:03:41 domaintest sm-mta[3970]: r4D73R1p003966: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30999, dsn=2.0.0, stat=Sent
May 13 02:03:41 domaintest sm-mta[3970]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory
May 13 02:03:41 domaintest sm-mta[3970]: r4D73R1p003966: done; delay=00:00:00, ntries=1
May 13 02:03:41 domaintest sm-mta[3970]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory

Where am i going wrong here??

In the client sendmail.cf file, i can see that the following rule is getting hit:
STLS_connection

authentication required: give appropriate error
other side did authenticate (via STARTTLS)
R <> OK $@ OK
R OK $:
R OK $:
R $* $:
R $#error $@ $2 $: $1 " authentication required"
R FAIL $#error $@ $2 $: $1 " authentication failed"
R NO $#error $@ $2 $: $1 " not authenticated"
R NOT $#error $@ $2 $: $1 " no authentication requested"
R NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R $+ $#error $@ $2 $: $1 " authentication failure " $4
R $: $>max $&{cipher_bits} : $&{auth_ssf}
R $- $: $(arith l $@ $4 $@ $2 $)
R TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3
R $* $:
R $@ OK
R $:
R < $+ ++ $+ >
R $+ $@ $>"TLS_req" $3 $|

Please guide!

Regards

druuna 05-13-2013 06:32 AM

Cross-posting is against the LQ rules. Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.

Continue in the other/original thread: https://www.linuxquestions.org/quest...or-4175461736/

Reported for closure.


All times are GMT -5. The time now is 09:18 PM.