How to verify sendmail is not requiring TLS

I am running sendmail 8.14.9 and OpenSSL 1.0.2 on Slackware64 41.1 kernel 3.10.17. My sendmail .mc is listed below. I do not think I am requiring TLS, but some recipients are saying the a TLS failure is not falling back to unencrypted. How can I verify for sure that I am not requiring TLS?
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
DOMAIN(generic)dnl
define(`confSMTP_LOGIN_MSG', `mail.ohprs.org Service ready; $b')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confCHECKPOINT_INTERVAL',`10')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`bl.spamcop.net')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`redirect')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCACERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/gd_bundle.crt')dnl
define(`confSERVER_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confCLIENT_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confCLIENT_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
INPUT_MAIL_FILTER(`milter-bcc',`S=local:/var/run/milter-bcc.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
MASQUERADE_AS(`ohprs.org')dnl
MASQUERADE_DOMAIN(`ohprs.org')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window

LVL 1
MarkAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve BinkCommented:
Try connecting to your mail server and sending a test message through telnet.

http://www.port25.com/how-to-check-an-smtp-connection-with-a-manual-telnet-session-2/
0
MarkAuthor Commented:
Yeah, I've done that before, Below are my results. The target server, ohprs.org, does support TLS and does use it with recipient hosts. Does the fact that I sent a message using telnet (and HELO) mean it did not use TLS?
> telnet ohprs.org 25
Trying 64.129.23.80...
Connected to ohprs.org.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Thu, 12 Mar 2015 00:22:53 -0400
HELO novatec-inc.com
250 mail.hprs.local Hello rrcs-96-11-168-98.central.biz.rr.com [96.11.168.98], pleased to meet you
MAIL from: <mfoley@novatec-inc.com>
250 2.1.0 <mfoley@novatec-inc.com>... Sender ok
RCPT to: <mark@ohprs.org>
250 2.1.5 <mark@ohprs.org>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: mfoley@novatec-inc.com
To: mark@ohprs.org
Subject: test telnet 25

This is a test, this is only a test
.
250 2.0.0 t2C4MrRX026333 Message accepted for delivery
quit
221 2.0.0 mail.hprs.local closing connection
Connection closed by foreign host.

Open in new window

0
Steve BinkCommented:
The fact that you received a 250 response to your MAIL FROM command demonstrates that the server is not requiring TLS.  Had it required TLS, you would have seen a response like this:
[me@box:/home/me]
$> telnet srv1.mahserver.com 587
Trying w.x.y.z...
Connected to mahserver.com.
Escape character is '^]'.
220 srv1.mahserver.com ESMTP Postfix (Ubuntu)
ehlo mahstuff
250-srv1.mahserver.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: some_email@somedomain.com
530 5.7.0 Must issue a STARTTLS command first

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MarkAuthor Commented:
OK, that's what I need to know! Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.