Re: [OT]sendmail ssl authentication

[reader@newsguy.com]

David <de_bb@arcor.de> writes:

> reader@newsguy.com writes:
>> Sending a message with `mail -v' and watching the smtp conversation I
>> see my messages get to the comcast mail server, (posted separately)
>> but there is no mention of any authentication problem only a
>> `deferred' and then timeout.
>
> There is a great tool for testing SMTP connections called "swaks":
>
> http://www.jetmore.org/john/code/#swaks

Yes nice

>> In case anyone suggests it: I don't really want to side step and use
>> the smtp.el package inside of gnus because I like for other mail tools
>> like mailx to work too.
>
> OK. My next suggestion would then be to switch to Exim or
> Postfix. They're usually easier to configure and many distributions have
> scripts to create the configuration for you, based on some simple
> settings (Exim on Debian, for example).

I've used sendmail continuously for 7-8 yrs... and have been able to
get it sorted out thru quite a few ISP changes and sendmail updates.
I has been a chore at times... but I've found the others you mentioned
not to be nearly as well documented as sendmail... although I quickly
admit I am very much a lightweight in sendmail skills.

[...]

> See this thread for details and how to test with telnet/swaks what
> you're dealing with:
>
> http://thread.gmane.org/gmane.emacs.help/52049

Yes, quite a lot of helpful info there

>>Does anyone know what I need in sendmail setup to allow ssl
>>authentication at my ISP smtp server?
>
> I'd suggest you better ask that question in a group dealing with
> sendmail.

Yes I was doing that simultaneously and have a discussion going with
one of the heavy hitters on comp.mail.sendmail (Per Hedlund) Who so
far has been telling me to make sure STARTTLS cannot be made to work
some how before going the stunnel or some other ssl wrapper route.

And it does appear there may be some hope since I see mention of
STARTTLS in the output of swaks:
  
reader > swaks --auth --tls-on-connect -p 465 -s smtp.comcast.net   
To: reader@jtan.com
Username: My-uid
Password: My-passwd
=== Trying smtp.comcast.net:465...
=== Connected to smtp.comcast.net.
=== TLS started w/ cipher DHE-RSA-AES256-SHA
<~  220 OMTA02.emeryville.ca.mail.comcast.net comcast ESMTP server ready
 ~> EHLO reader.local.lan
<~  250-OMTA02.emeryville.ca.mail.comcast.net hello [67.162.73.42], pleased to meet you
<~  250-HELP
<~  250-AUTH LOGIN PLAIN CRAM-MD5
<~  250-SIZE 15728640
<~  250-ENHANCEDSTATUSCODES
<~  250-8BITMIME
<~  250-STARTTLS
<~  250 OK
 ~> AUTH CRAM-MD5
<~  334 PDI3MTExLjEyMTA5NTk0NzZAT01UQTAyLmVtZXJ5dmlsbGUuY2EubWFpbC5jb21jYXN0Lm5ldD4=
 ~> SGFycnlQdXRuYW0gY2VlMTBhOTJkMWQ0ZWYwZjUyMjg4NjQ0ZjdhMzM0NWE=
<~  235 2.7.0 ... authentication succeeded
 ~> MAIL FROM:<reader@reader.local.lan>
<~* 550 5.1.0 <reader@reader.local.lan> sender rejected : invalid sender domain
 ~> QUIT

It doesn't like my homemade domain name but that shouldn't happen with
sendmail since I am masquerading as my pop server newsguy.com

I guess the trick is getting sendmail to send whatever swak sends to
that port.