sendmail TLS question
Bill Oliver
vendor at billoblog.com
Fri Aug 23 20:44:40 UTC 2013
I'm having a bit of an issue with sendmail. To be honest, this is in a recent installation of CentOS rather than fedora, but the CentOS forum hasn't been particularly useful. So, this is a cry of desperation.
Basically, I had been running Fedora 16 on a virtual server, but since it's no longer supported, I was getting antsy about keeping it up. The virtual server provider didn't have an image for Fedora 19, but did have one for CentOS 6, and I figured that was as close as I would be going to get.
In the new installation, I cannot send to one site. I can send OK to other sites. I have regenerated all of my certificates, and I self-sign. It *looks* like the recipient is trying to verigy through gmail, though he insists that he doesn't use gmail. I don't know if it's me or its him. Any pointers would be greatly appreciated.
Here's the maillog for the mail that doesn't go through, with the "real" recipient name being replaced with "recipient at recipient.com" (though the rest of the relay is left intact):
**********************************
Aug 23 14:33:00 hope sendmail[2006]: r7NJX0rY002004: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, init=1
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, start=ok
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: x509 cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: TLS cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, get_verify: 20 get_peer: 0x2136f10
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, relay=recipient.com.s8a1.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, cert-subject=/C=US/ST=California/L=Mountain+20View/O=Google+20Inc/CN=*.psmtp.com, cert-issuer=/C=US/O=Google+20Inc/CN=Google+20Internet+20Authority, verifymsg=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: to=<recipient at recipient.com>, ctladdr=<consults at hope.billoblog.com> (505/505), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=120495, relay=recipient.com.s8a1.psmtp.com. [64.18.7.10], dsn=2.0.0, stat=Sent (Thanks)
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: done; delay=00:00:02, ntries=1
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************
Here's one that went through, sent from my server at billoblog.com to my work address at ecu.edu:
*************************************************************
Aug 23 14:11:29 hope sendmail[1798]: r7NJBSnc001796: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, init=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, start=ok
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: x509 cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster at ecu.edu, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: TLS cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster at ecu.edu, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, get_verify: 18 get_peer: 0x2023998
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, relay=mail1.ecu.edu., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, cert-subject=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster at ecu.edu, cert-issuer=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster at ecu.edu, verifymsg=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: to=<oliverw at ecu.edu>, ctladdr=<consults at hope.billoblog.com> (505/505), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120322, relay=mail1.ecu.edu. [150.216.17.111], dsn=2.0.0, stat=Sent (ok: Message 296403614 accepted)
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: done; delay=00:00:01, ntries=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************
Here is a local email:
*************************************************************
Aug 23 14:42:06 hope sendmail[2112]: NOQUEUE: connect from hope.billoblog.com [50.7.12.26]
Aug 23 14:42:06 hope sendmail[2112]: AUTH: available mech=NTLM CRAM-MD5 LOGIN PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: Milter: no active filter
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 hope.billoblog.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 23 Aug 2013 14:42:06 -0500
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-hope.billoblog.com Hello hope.billoblog.com [50.7.12.26], pleased to meet you
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ENHANCEDSTATUSCODES
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-PIPELINING
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-8BITMIME
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-SIZE
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DSN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ETRN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DELIVERBY
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250 HELP
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 2.0.0 Ready to start TLS
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, get_verify: 0 get_peer: 0x0
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, relay=hope.billoblog.com [50.7.12.26], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Aug 23 14:42:06 hope sendmail[2112]: AUTH: available mech=NTLM CRAM-MD5 LOGIN PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-hope.billoblog.com Hello hope.billoblog.com [50.7.12.26], pleased to meet you
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ENHANCEDSTATUSCODES
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-PIPELINING
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-8BITMIME
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-SIZE
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DSN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ETRN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DELIVERBY
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 HELP
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: <-- RSET
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 2.0.0 Reset state
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- MAIL FROM:<vendor at billoblog.com>
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.0 <vendor at billoblog.com>... Sender ok
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- RCPT TO:<billo at billoblog.com>
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.5 <billo at billoblog.com>... Recipient ok
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- DATA
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 354 Enter mail, end with "." on a line by itself
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: from=<vendor at billoblog.com>, size=321, class=0, nrcpts=1, msgid=<alpine.LRH.2.02.1308231441500.2099 at hope.billoblog.com>, proto=ESMTP, daemon=MTA, relay=hope.billoblog.com [50.7.12.26]
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.0.0 r7NJg6jU002112 Message accepted for delivery
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jV002112: <-- QUIT
*************************************************************
Any ideas? I have no idea what "STARTTLS=read, info: fds=11/10, err=2" means, and Google hasn't been much help.
Thanks,
billo
More information about the users
mailing list