I have a server running slackware 13.1 with sendmail and dovecot, which has been happy for 5 years or so. incoming emails (receiving) which get sent to dovecot are coming in just fine, but for some strange reason, starttls is no longer being advertised by sendmail, so outgoing (sending) emails are being blocked.
running
shows that 250-STARTTLS is not in the list shown, which it used to be. I have updated ssl certificates (self certified ca and cert) as the previous self cert's had expired in 2015 (dovecot uses it's own ones in a different place, also self certified) and as that is the only thing that is changed, that is my suspect, but I'm not sure how to check if that is why sendmail is not advertising STARTTLS anymore. any tips or pointers would be appreciated. I can post sendmail.cf or config.mc or other config files if it would help.

If the issue is a bad cert and the resulting failed connect attempts that should be in the log files.
Running grep -i 'TTLS' across every log file I can find (/var/log/[maillog|dmesg|secure|dovecot|sendmail] at the very least) is often the best place to start with mystery issues. I'd tell you to regen your certs and restart your mail server but I think you've probably already done that...

1 members found this post helpful.

thank you dijetlo. that was a life saver. the problem turned out to be very simple. I needed to change the permissions of /etc/mail/smtp.key.pem to 600 and then, low and behold, everything worked. With having a busy server as far as incoming mail into the log and not knowing what to look for, I was getting desperate.

the error message that the grep of /var/log/messages (you suggested) showed was
blah bla blah:STARTTLS=server: file /etc/mail/certs/smtp.key.pem unsafe: Group readable file

Hey Tim,
OUTSTANDING!
Suggestion: File that away in your "Administrative Tools" mental directory, I've used that trick more times than I can count and it almost always gives you some direction as to what the actual problem is.
Be good