Configuring tls for a sendmail server

kaplan71 · 06-23-2010, 03:28 PM

Hi there --

I want to configure tls for our sendmail 8.14.x server so that it will attempt to connect to a remote server using tls, and then fall back to an insecure connection. The sendmail.mc file has the following line:

Code:

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Does this configuration already have the server attempt to connect using tls first, and then fall back to an insecure connection? If not, what would the syntax be in order to accomplish this?

Also, what is the best way to check to see how the connection is being made? Thanks.

unSpawn · 06-25-2010, 04:17 AM

Best start at http://www.sendmail.org/m4/starttls.html#allow_con (or 'grep -rie tls_ /usr/share/sendmail-cf/cf/' or wherever else your Sendmail M4 macros live) for directives and information about tls_server, tls_client, and tls_rcpt rulesets. The logs should show any "^.*ruleset=tls_server.*TLS.handshake.failed" messages.

kaplan71 · 06-25-2010, 07:47 AM

Hi there --

I ran the grep command, and checked the log files as you suggested in your e-mail. The grep command displayed a series of tls_server, tls_client, and tls_rcpt rulesets.

After that, I checked the maillog file, and did a grep for tls. There were indeed instances of tls handshakes using tls v1 and v3.

The above proves that tls is being used by the server, and it appears that it is the first choice for connection.

Thanks again for the help.