From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/66955 Path: news.gmane.org!not-for-mail From: David Newsgroups: gmane.emacs.gnus.general Subject: Re: [OT]sendmail ssl authentication Date: Fri, 16 May 2008 21:29:51 +0200 Message-ID: References: <87bq37aba8.fsf@newsguy.com> <874p8y5dxt.fsf@newsguy.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1210966259 31522 80.91.229.12 (16 May 2008 19:30:59 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 16 May 2008 19:30:59 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M15432@lists.math.uh.edu Fri May 16 21:31:34 2008 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by lo.gmane.org with esmtp (Exim 4.50) id 1Jx5eL-0004Gd-TG for ding-account@gmane.org; Fri, 16 May 2008 21:31:30 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1Jx5dA-00068J-L0; Fri, 16 May 2008 14:30:16 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1Jx5d9-000687-26 for ding@lists.math.uh.edu; Fri, 16 May 2008 14:30:15 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtp (Exim 4.67) (envelope-from ) id 1Jx5d2-0006oK-Q7 for ding@lists.math.uh.edu; Fri, 16 May 2008 14:30:14 -0500 Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1Jx5dG-0002ca-00 for ; Fri, 16 May 2008 21:30:22 +0200 Original-Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Jx5cv-0006pf-5Y for ding@gnus.org; Fri, 16 May 2008 19:30:01 +0000 Original-Received: from kafka.physik3.gwdg.de ([134.76.92.48]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 16 May 2008 19:30:01 +0000 Original-Received: from de_bb by kafka.physik3.gwdg.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 16 May 2008 19:30:01 +0000 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 30 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: kafka.physik3.gwdg.de User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) Cancel-Lock: sha1:lKEETvVlwhvThaQ2FtvyRpE4MJI= X-Spam-Score: -2.6 (--) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:66955 Archived-At: reader@newsguy.com writes: > And it does appear there may be some hope since I see mention of > STARTTLS in the output of swaks: > > reader > swaks --auth --tls-on-connect -p 465 -s smtp.comcast.net > To: reader@jtan.com > Username: My-uid > Password: My-passwd > === Trying smtp.comcast.net:465... > === Connected to smtp.comcast.net. > === TLS started w/ cipher DHE-RSA-AES256-SHA > <~ 220 OMTA02.emeryville.ca.mail.comcast.net comcast ESMTP server ready The "--tls-on-connect" initiates a ssmtp connection, i.e. the TLS session is started right away so that everything is already encrypted (even the server greeting). When I telnet to smtp.comcast.net on the SMTP standard port (25) I also see a "250-STARTTLS" after the EHLO handshake, so this server should support STARTTLS on the standard port, and that's the correct thing to do for SSL encrypted authentication. You can try it with swaks --auth -tls -p 25 -s smtp.comcast.net If this works, configure sendmail to do authentication with STARTTLS on the standard port 25 and don't use port 465. If it doesn't work, you might indeed have to set up stunnel if sendmail doesn't support ssmtp directly. -David