How to verify sendmail is not requiring TLS

I am running sendmail 8.14.9 and OpenSSL 1.0.2 on Slackware64 41.1 kernel 3.10.17. My sendmail .mc is listed below. I do not think I am requiring TLS, but some recipients are saying the a TLS failure is not falling back to unencrypted. How can I verify for sure that I am not requiring TLS?
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
DOMAIN(generic)dnl
define(`confSMTP_LOGIN_MSG', `mail.ohprs.org Service ready; $b')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confCHECKPOINT_INTERVAL',`10')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`bl.spamcop.net')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`redirect')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCACERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/gd_bundle.crt')dnl
define(`confSERVER_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confCLIENT_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confCLIENT_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
INPUT_MAIL_FILTER(`milter-bcc',`S=local:/var/run/milter-bcc.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
MASQUERADE_AS(`ohprs.org')dnl
MASQUERADE_DOMAIN(`ohprs.org')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window

LVL 1
jmarkfoleyAsked:
Who is Participating?
 
Steve BinkCommented:
The fact that you received a 250 response to your MAIL FROM command demonstrates that the server is not requiring TLS.  Had it required TLS, you would have seen a response like this:
[me@box:/home/me]
$> telnet srv1.mahserver.com 587
Trying w.x.y.z...
Connected to mahserver.com.
Escape character is '^]'.
220 srv1.mahserver.com ESMTP Postfix (Ubuntu)
ehlo mahstuff
250-srv1.mahserver.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: some_email@somedomain.com
530 5.7.0 Must issue a STARTTLS command first

Open in new window

0
 
Steve BinkCommented:
Try connecting to your mail server and sending a test message through telnet.

http://www.port25.com/how-to-check-an-smtp-connection-with-a-manual-telnet-session-2/
0
 
jmarkfoleyAuthor Commented:
Yeah, I've done that before, Below are my results. The target server, ohprs.org, does support TLS and does use it with recipient hosts. Does the fact that I sent a message using telnet (and HELO) mean it did not use TLS?
> telnet ohprs.org 25
Trying 64.129.23.80...
Connected to ohprs.org.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Thu, 12 Mar 2015 00:22:53 -0400
HELO novatec-inc.com
250 mail.hprs.local Hello rrcs-96-11-168-98.central.biz.rr.com [96.11.168.98], pleased to meet you
MAIL from: <mfoley@novatec-inc.com>
250 2.1.0 <mfoley@novatec-inc.com>... Sender ok
RCPT to: <mark@ohprs.org>
250 2.1.5 <mark@ohprs.org>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: mfoley@novatec-inc.com
To: mark@ohprs.org
Subject: test telnet 25

This is a test, this is only a test
.
250 2.0.0 t2C4MrRX026333 Message accepted for delivery
quit
221 2.0.0 mail.hprs.local closing connection
Connection closed by foreign host.

Open in new window

0
 
jmarkfoleyAuthor Commented:
OK, that's what I need to know! Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.