Re: [OT]sendmail ssl authentication

Gnus development mailing list
 help / color / mirror / Atom feed

From: David <de_bb@arcor.de>
To: ding@gnus.org
Subject: Re: [OT]sendmail ssl authentication
Date: Fri, 16 May 2008 21:29:51 +0200	[thread overview]
Message-ID: <kz8wya82ts.fsf@kafka.physik3.gwdg.de> (raw)
In-Reply-To: <874p8y5dxt.fsf@newsguy.com>

reader@newsguy.com writes:
> And it does appear there may be some hope since I see mention of
> STARTTLS in the output of swaks:
>   
> reader > swaks --auth --tls-on-connect -p 465 -s smtp.comcast.net   
> To: reader@jtan.com
> Username: My-uid
> Password: My-passwd
> === Trying smtp.comcast.net:465...
> === Connected to smtp.comcast.net.
> === TLS started w/ cipher DHE-RSA-AES256-SHA
> <~  220 OMTA02.emeryville.ca.mail.comcast.net comcast ESMTP server ready

The "--tls-on-connect" initiates a ssmtp connection, i.e. the TLS
session is started right away so that everything is already encrypted
(even the server greeting).

When I telnet to smtp.comcast.net on the SMTP standard port (25) I also
see a "250-STARTTLS" after the EHLO handshake, so this server should
support STARTTLS on the standard port, and that's the correct thing to
do for SSL encrypted authentication. You can try it with

swaks --auth -tls -p 25 -s smtp.comcast.net

If this works, configure sendmail to do authentication with STARTTLS on
the standard port 25 and don't use port 465. If it doesn't work, you
might indeed have to set up stunnel if sendmail doesn't support ssmtp
directly.

-David

next prev parent reply	other threads:[~2008-05-16 19:29 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-15 14:31 reader
2008-05-16  1:47 ` Dave Goldberg
2008-05-16  7:42 ` David
2008-05-16 17:58   ` reader
2008-05-16 19:29     ` David [this message]
2008-05-16 23:15       ` reader
2008-05-17  9:56         ` sendmail " Adam Sjøgren
2008-05-17 23:46           ` reader
2008-05-18  4:07             ` Adam Sjøgren
2008-05-19 14:41               ` reader

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=kz8wya82ts.fsf@kafka.physik3.gwdg.de \
    --to=de_bb@arcor.de \
    --cc=ding@gnus.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).