sendmail TLS question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I'm having a bit of an issue with sendmail.  To be honest, this is in a recent installation of CentOS rather than fedora, but the CentOS forum hasn't been particularly useful.  So, this is a cry of desperation.

Basically, I had been running Fedora 16 on a virtual server, but since it's no longer supported, I was getting antsy about keeping it up.  The virtual server provider didn't have an image for Fedora 19, but did have one for CentOS 6, and I figured that was as close as I would be going to get.

In the new installation, I cannot send to one site.  I can send OK to other sites. I have regenerated all of my certificates, and I self-sign.  It *looks* like the recipient is trying to verigy through gmail, though he insists that he doesn't use gmail.  I don't know if it's me or its him.  Any pointers would be greatly appreciated.

Here's the maillog for the mail that doesn't go through, with the "real" recipient name being replaced with "recipient@xxxxxxxxxxxxx" (though the rest of the relay is left intact):


**********************************
Aug 23 14:33:00 hope sendmail[2006]: r7NJX0rY002004: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, init=1
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, start=ok
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: x509 cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS: TLS cert verify: depth=1 /C=US/O=Google Inc/CN=Google Internet Authority, state=0, reason=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, get_verify: 20 get_peer: 0x2136f10
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, relay=recipient.com.s8a1.psmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=client, cert-subject=/C=US/ST=California/L=Mountain+20View/O=Google+20Inc/CN=*.psmtp.com, cert-issuer=/C=US/O=Google+20Inc/CN=Google+20Internet+20Authority, verifymsg=unable to get local issuer certificate
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:00 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:01 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: to=<recipient@xxxxxxxxxxxxx>, ctladdr=<consults@xxxxxxxxxxxxxxxxxx> (505/505), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=120495, relay=recipient.com.s8a1.psmtp.com. [64.18.7.10], dsn=2.0.0, stat=Sent (Thanks)
Aug 23 14:33:02 hope sendmail[2006]: r7NJX0rY002004: done; delay=00:00:02, ntries=1
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:33:02 hope sendmail[2006]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************


Here's one that went through, sent from my server at billoblog.com to my work address at ecu.edu:

*************************************************************
Aug 23 14:11:29 hope sendmail[1798]: r7NJBSnc001796: SMTP outgoing connect on hope.billoblog.com
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, init=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, start=ok
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: x509 cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@xxxxxxx, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS: TLS cert verify: depth=0 /C=US/ST=North Carolina/L=Greenville/O=East Carolina University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@xxxxxxx, state=0, reason=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, get_verify: 18 get_peer: 0x2023998
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, relay=mail1.ecu.edu., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, cert-subject=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@xxxxxxx, cert-issuer=/C=US/ST=North+20Carolina/L=Greenville/O=East+20Carolina+20University/OU=ecu.edu/CN=mail1.ecu.edu/emailAddress=postmaster@xxxxxxx, verifymsg=self signed certificate
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: to=<oliverw@xxxxxxx>, ctladdr=<consults@xxxxxxxxxxxxxxxxxx> (505/505), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120322, relay=mail1.ecu.edu. [150.216.17.111], dsn=2.0.0, stat=Sent (ok: Message 296403614 accepted)
Aug 23 14:11:30 hope sendmail[1798]: r7NJBSnc001796: done; delay=00:00:01, ntries=1
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=read, info: fds=11/10, err=2
Aug 23 14:11:30 hope sendmail[1798]: STARTTLS=client, SSL_shutdown failed: -1
*************************************************************


Here is a local email:
*************************************************************
Aug 23 14:42:06 hope sendmail[2112]: NOQUEUE: connect from hope.billoblog.com [50.7.12.26]
Aug 23 14:42:06 hope sendmail[2112]: AUTH: available mech=NTLM CRAM-MD5 LOGIN PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: Milter: no active filter
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 hope.billoblog.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 23 Aug 2013 14:42:06 -0500
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-hope.billoblog.com Hello hope.billoblog.com [50.7.12.26], pleased to meet you
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ENHANCEDSTATUSCODES
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-PIPELINING
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-8BITMIME
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-SIZE
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DSN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-ETRN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250-DELIVERBY
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 250 HELP
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: <-- STARTTLS
Aug 23 14:42:06 hope sendmail[2112]: r7NJg6jS002112: --- 220 2.0.0 Ready to start TLS
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS: internal error: tls_verify_cb: ssl == NULL
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, get_verify: 0 get_peer: 0x0
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, relay=hope.billoblog.com [50.7.12.26], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Aug 23 14:42:06 hope sendmail[2112]: AUTH: available mech=NTLM CRAM-MD5 LOGIN PLAIN DIGEST-MD5 ANONYMOUS GSSAPI, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:06 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jS002112: <-- EHLO hope.billoblog.com
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-hope.billoblog.com Hello hope.billoblog.com [50.7.12.26], pleased to meet you Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ENHANCEDSTATUSCODES 
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-PIPELINING
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-8BITMIME
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-SIZE
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DSN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-ETRN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250-DELIVERBY
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 HELP
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: <-- RSET
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jT002112: --- 250 2.0.0 Reset state
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- MAIL FROM:<vendor@xxxxxxxxxxxxx>
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.0 <vendor@xxxxxxxxxxxxx>... Sender ok Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2 
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- RCPT TO:<billo@xxxxxxxxxxxxx>
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.1.5 <billo@xxxxxxxxxxxxx>... Recipient ok
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: <-- DATA
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 354 Enter mail, end with "." on a line by itself
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: STARTTLS=read, info: fds=11/3, err=2
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: from=<vendor@xxxxxxxxxxxxx>, size=321, class=0, nrcpts=1, msgid=<alpine.LRH.2.02.1308231441500.2099@xxxxxxxxxxxxxxxxxx>, proto=ESMTP, daemon=MTA, relay=hope.billoblog.com [50.7.12.26]
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jU002112: --- 250 2.0.0 r7NJg6jU002112 Message accepted for delivery
Aug 23 14:42:09 hope sendmail[2112]: r7NJg6jV002112: <-- QUIT
*************************************************************


Any ideas?  I have no idea what "STARTTLS=read, info: fds=11/10, err=2" means, and Google hasn't been much help.

Thanks,

billo



--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux