Linux
--
Questions
--
Followers
Top Experts
Sendmail config
Hi there,
I am new to sendmail/systems administration. I'm running a dedicated server, and I think I've finally got sendmail working more or less the way I want: I can send and receive emails. However, when I try to send email from some domains to my server, it never gets through, and I get messages like this in my logs:
STARTTLS=client, relay=somesite.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Any ideas about how I can fix this?
Thanks in advance,
Matt
I am new to sendmail/systems administration. I'm running a dedicated server, and I think I've finally got sendmail working more or less the way I want: I can send and receive emails. However, when I try to send email from some domains to my server, it never gets through, and I get messages like this in my logs:
STARTTLS=client, relay=somesite.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Any ideas about how I can fix this?
Thanks in advance,
Matt
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
jlevie,
Thanks for the comment -- looks like you're gonna be the guy to help me sort out all my Sendmail problems ;)
The sender is my main website, which is a shared hosting setup run by guys who know what they're doing, so I think the problem is on my dedicated box, especially since I don't have problems sending mail to any other domain with my main site.
I thought maybe I had a problem with STARTTLS confiugration, so I enabled the following lines in my sendmail.mc file:
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
(they were commented-out by default). However, this didn't really seem to help anything -- I have a feeling maybe my certificates are not set up right. Could you tell me how to set this up? If I'd have to buy a certificate, I'd rather not -- could I just disable STARTTLS ?
BTW, I am running RedHat 9
Thanks again for the help!
-Matt
Thanks for the comment -- looks like you're gonna be the guy to help me sort out all my Sendmail problems ;)
The sender is my main website, which is a shared hosting setup run by guys who know what they're doing, so I think the problem is on my dedicated box, especially since I don't have problems sending mail to any other domain with my main site.
I thought maybe I had a problem with STARTTLS confiugration, so I enabled the following lines in my sendmail.mc file:
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
(they were commented-out by default). However, this didn't really seem to help anything -- I have a feeling maybe my certificates are not set up right. Could you tell me how to set this up? If I'd have to buy a certificate, I'd rather not -- could I just disable STARTTLS ?
BTW, I am running RedHat 9
Thanks again for the help!
-Matt
In most cases you won't need STARTTLS enabled in sendmail.mc. The only reason for doing so would be if you need to enable SMTP AUTH and also need to allow clients to use PLAIN or LOGIN for authentication and need to protect the plaintext password those methods use. Are you using SMTP AUTH?
currently I am not using SMTP AUTH, but eventually I think I'd like to be able to do AUTH LOGIN from a remote computer to send mail.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
SMTP AUTH can be done outside of an SSL encrypted session with the understanding that the username and password will be exposed to anyone with a sniffer that can see the SMTP transaction. But, the same is true of IMAP or POP. Whether is something to be concerned about only you can say. I'd need to see your senmail.mc to tell what's wrong.
This is not a huge concern -- I am planning to do most of my email using pine from the terminal (SSH connection), using a webmail client over https, or using scripts running on the server. In fact, for the time being I am considering limiting relaying ability only to the local machine. Would I need to buy a certificate for STARTTLS to work correctly, or is it possible to do a 'self-signed' one? If I can't self sign, doing SMTP AUTH outside of SSL would probably be acceptable....
Here are the non-comment lines from my sendmail.mc file  (most of this is default settings...I also set up some simple domain masquerading using Webmin):
divert(-1)dnl
include(`/usr/share/sendma
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',`
dnl define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics'
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
define(`confDEF_USER_ID',`
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics'
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,
DAEMON_OPTIONS(`Port=smtp,
FEATURE(`accept_unresolvab
FEATURE(`accept_unresolvab
LOCAL_DOMAIN(`localhost.lo
MAILER(smtp)dnl
MAILER(procmail)dnl
--------------------------
Thanks again for your help, it's appreciated!
-Matt
Here are the non-comment lines from my sendmail.mc file  (most of this is default settings...I also set up some simple domain masquerading using Webmin):
divert(-1)dnl
include(`/usr/share/sendma
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',`
dnl define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics'
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
define(`confDEF_USER_ID',`
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics'
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
define(`confCACERT_PATH',`
define(`confCACERT',`/usr/
define(`confSERVER_CERT',`
define(`confSERVER_KEY',`/
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,
DAEMON_OPTIONS(`Port=smtp,
FEATURE(`accept_unresolvab
FEATURE(`accept_unresolvab
LOCAL_DOMAIN(`localhost.lo
MAILER(smtp)dnl
MAILER(procmail)dnl
--------------------------
Thanks again for your help, it's appreciated!
-Matt
Linux
--
Questions
--
Followers
Top Experts
Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.