Sendmail Server Authentication: Certificate based: Error
I have configured my setup for a server certificate based authentication. Both Server and Client are sendmail systems and both have the same set of certificates.
However when client communicated with the server, i get the following error: 403 4.7.0 authentication failed Access file contents: TLS_Srv:mx3.domaintest.com VERIFY TLS_Rcpt: VERIFY:CI:/O=Sendmail/OU=Sendmail+20Server/CN=debian/Email=admin@debian db file created using following command: makemap hash access.db < access Client sendmail Logs: May 13 03:38:26 sendmail[5052]: STARTTLS: CRLFile missing May 13 03:38:26 sendmail[5052]: STARTTLS=client, init=1 May 13 03:38:26 sendmail[5052]: STARTTLS=client, start=ok May 13 03:38:26 sendmail[5052]: STARTTLS=client, info: fds=7/6, err=2 May 13 03:38:27 sendmail[5052]: STARTTLS: TLS cert verify: depth=0 /O=Sendmail/OU=Sendmail Server/CN=debian/emailAddress=admin@debian, state=0, reason=self signed certificate May 13 03:38:27 sendmail[5052]: STARTTLS=client, info: fds=7/6, err=2 May 13 03:38:27 sendmail[5052]: STARTTLS=client, get_verify: 18 get_peer: 0x81e7a60 May 13 03:38:27 sendmail[5052]: STARTTLS=client, relay=mx3.domaintest.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 May 13 03:38:27 sendmail[5052]: STARTTLS=client, cert-subject=/O=Sendmail/OU=Sendmail+20Server/CN=debian/emailAddress=admin@debian, cert-issuer=/O=Sendmail/OU=Sendmail+20Server/CN=debian/emailAddress=admin@debian, verifymsg=self signed certificate May 13 03:38:27 sendmail[5052]: ruleset=tls_server, arg1=FAIL, relay=mx3.domaintest.com, reject=403 4.7.0 authentication failed Server Logs: May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2 May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2 May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1p003966: from=, size=706, class=0, nrcpts=1, msgid=<1368405535.7035.26.camel@client1.com>, proto=ESMTP, daemon=MTA-v4, relay=domain.com [client_ip] May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1p003966: --- 250 2.0.0 r4D73R1p003966 Message accepted for delivery May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=read, info: fds=8/4, err=2 May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1q003966: <-- QUIT May 13 02:03:41 domaintest sm-mta[3966]: r4D73R1q003966: --- 221 2.0.0 domaintest.com closing connection May 13 02:03:41 domaintest sm-mta[3966]: STARTTLS=server, SSL_shutdown not done May 13 02:03:41 domaintest sm-mta[3966]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory May 13 02:03:41 domaintest sm-mta[3970]: r4D73R1p003966: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30999, dsn=2.0.0, stat=Sent May 13 02:03:41 domaintest sm-mta[3970]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory May 13 02:03:41 domaintest sm-mta[3970]: r4D73R1p003966: done; delay=00:00:00, ntries=1 May 13 02:03:41 domaintest sm-mta[3970]: poststats: /var/lib/sendmail/sendmail.st: No such file or directory Where am i going wrong here?? In the client sendmail.cf file, i can see that the following rule is getting hit: STLS_connection authentication required: give appropriate error other side did authenticate (via STARTTLS) R <> OK $@ OK R OK $: R OK $: R $* $: R $#error $@ $2 $: $1 " authentication required" R FAIL $#error $@ $2 $: $1 " authentication failed" R NO $#error $@ $2 $: $1 " not authenticated" R NOT $#error $@ $2 $: $1 " no authentication requested" R NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" R $+ $#error $@ $2 $: $1 " authentication failure " $4 R $: $>max $&{cipher_bits} : $&{auth_ssf} R $- $: $(arith l $@ $4 $@ $2 $) R TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 R $* $: R $@ OK R $: R < $+ ++ $+ > R $+ $@ $>"TLS_req" $3 $| Please guide! Regards |
Cross-posting is against the LQ rules. Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.
Continue in the other/original thread: https://www.linuxquestions.org/quest...or-4175461736/ Reported for closure. |
All times are GMT -5. The time now is 11:38 PM. |