LinuxQuestions.org - Configuring tls for a sendmail server

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - Configuring tls for a sendmail server (https://www.linuxquestions.org/questions/linux-software-2/configuring-tls-for-a-sendmail-server-815985/)

kaplan71

06-23-2010 03:28 PM

Configuring tls for a sendmail server

Hi there --

I want to configure tls for our sendmail 8.14.x server so that it will attempt to connect to a remote server using tls, and then fall back to an insecure connection. The sendmail.mc file has the following line:

Code:

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Does this configuration already have the server attempt to connect using tls first, and then fall back to an insecure connection? If not, what would the syntax be in order to accomplish this?

Also, what is the best way to check to see how the connection is being made? Thanks.

unSpawn

06-25-2010 04:17 AM

Best start at http://www.sendmail.org/m4/starttls.html#allow_con (or 'grep -rie tls_ /usr/share/sendmail-cf/cf/' or wherever else your Sendmail M4 macros live) for directives and information about tls_server, tls_client, and tls_rcpt rulesets. The logs should show any "^.*ruleset=tls_server.*TLS.handshake.failed" messages.

kaplan71

06-25-2010 07:47 AM

Hi there --

I ran the grep command, and checked the log files as you suggested in your e-mail. The grep command displayed a series of tls_server, tls_client, and tls_rcpt rulesets.

After that, I checked the maillog file, and did a grep for tls. There were indeed instances of tls handshakes using tls v1 and v3.

The above proves that tls is being used by the server, and it appears that it is the first choice for connection.

Thanks again for the help.

All times are GMT -5. The time now is 10:32 AM.