From: reader@newsguy.com
To: ding@gnus.org
Subject: Re: [OT]sendmail ssl authentication
Date: Fri, 16 May 2008 18:15:45 -0500 [thread overview]
Message-ID: <87fxsh4z8e.fsf@newsguy.com> (raw)
In-Reply-To: <kz8wya82ts.fsf@kafka.physik3.gwdg.de>
David <de_bb@arcor.de> writes:
> reader@newsguy.com writes:
>> And it does appear there may be some hope since I see mention of
>> STARTTLS in the output of swaks:
>>
>> reader > swaks --auth --tls-on-connect -p 465 -s smtp.comcast.net
>> To: reader@jtan.com
>> Username: My-uid
>> Password: My-passwd
>> === Trying smtp.comcast.net:465...
>> === Connected to smtp.comcast.net.
>> === TLS started w/ cipher DHE-RSA-AES256-SHA
>> <~ 220 OMTA02.emeryville.ca.mail.comcast.net comcast ESMTP server ready
>
> The "--tls-on-connect" initiates a ssmtp connection, i.e. the TLS
> session is started right away so that everything is already encrypted
> (even the server greeting).
> When I telnet to smtp.comcast.net on the SMTP standard port (25) I also
> see a "250-STARTTLS" after the EHLO handshake, so this server should
> support STARTTLS on the standard port, and that's the correct thing to
> do for SSL encrypted authentication. You can try it with
Odd, when I do it, which is what led to my posting here, It refuses to
connect at all:
reader > telnet smtp.comcast.net 25
Trying 76.96.30.117...
Finally times out and server closes.
So no EHLO is possible.
I wonder if they block their own customers or something..?
However I learned it did show STARTTLS on port 587 by telnetting there
so I configured sendmail to contact port 587 and all is well.
The server I get on 587:
OMTA14.westchester.pa.mail.comcast.net
But trying the exact name on port 25 I still cannot connect.
> If this works, configure sendmail to do authentication with STARTTLS on
> the standard port 25 and don't use port 465. If it doesn't work, you
> might indeed have to set up stunnel if sendmail doesn't support ssmtp
> directly.
See above... but there is no real configuring to do.. at least not for
clientside.. modern sendmail, if it has STARTTLS compiled in, will do
the right thing if you have the password and uid in the necessary
places.
Thanks for your input... I like swaks. Although telnet will tell you
enough to figure it out .. swaks is nice
next prev parent reply other threads:[~2008-05-16 23:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-15 14:31 reader
2008-05-16 1:47 ` Dave Goldberg
2008-05-16 7:42 ` David
2008-05-16 17:58 ` reader
2008-05-16 19:29 ` David
2008-05-16 23:15 ` reader [this message]
2008-05-17 9:56 ` sendmail " Adam Sjøgren
2008-05-17 23:46 ` reader
2008-05-18 4:07 ` Adam Sjøgren
2008-05-19 14:41 ` reader
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fxsh4z8e.fsf@newsguy.com \
--to=reader@newsguy.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).