LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Sendmail did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL (http://www.linuxquestions.org/questions/linux-server-73/sendmail-did-not-issue-mail-expn-vrfy-etrn-during-connection-to-mta-ssl-670155/)

DragonM15 09-15-2008 09:41 PM

Sendmail did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
 
I am setting up a mail server. I have TLS-SSL set up. My sendmail.mc is as follows:

Code:

dnl ### do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

dnl ### do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl

dnl ###
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks
define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks
define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks
define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
OSTYPE(linux)dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtuser_entire_domain')dnl

FEATURE(dnsbl,`blackholes.mail-abuse.org',
` Mail from $&{client_addr} rejected; see
http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl
FEATURE(dnsbl,`dialups.mail-abuse.org',
` Mail from dial-up rejected; see
http://mail-abuse.org/dul/enduser.htm')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(access_db)dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

When trying to send mail through squirrelmail I get the error message:
Code:

did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
My Sendmail was setup with PLAIN, LOGIN, DIGEST-MD5, CRAM-MD5 authentication, however when I connect to the smpt server through telnet and run 'ehlo localhost' I only get AUTH Login Plain

When I connect with Thunderbird it works fine, setup with tls support.

If I configure Squirrelmail with TLS to connect to port 465, and Plain authentication it works fine. But I would like more than plain.

Login gives me the error message above, but if I use Digest or Cram I get the error message:
Code:

Command parameter not implemented
504 5.3.3 AUTH mechanism CRAM-MD5 not available

From Squirrelmail and I also get the above error message did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL and this error in maillog:
Code:

version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Anybody have any ideas?

Thanks

DragonM15 09-23-2008 07:48 PM

I take it nobody has any ideas?

Mr. C. 09-24-2008 01:29 AM

I haven't configured Sendmail in a long time, so can't help here much.

If Sendmail and Squirremail are on the same host, you don't have to worry about encrypting your localhost connections - they are not sniffable since packets don't go out on the wire.

PLAIN over TLS is fine - the passwords are encrypted as the communications channel is encrypted.

Port 465 is the old SMTPS (SSL) port (used primarily these days by Outlook/Outlook express). Can you not use port 25 w/STARTTLS?


All times are GMT -5. The time now is 10:12 AM.