On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote:
> Everyone,
>
> Looks like the new version of oppenssl has broken my sendmail's use
> of
> tls. Has anyone else had this problem or seen a fix?
>
> Greg Ennis
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I should have had a note with a few more details. Sorry!
The os is Centos 5.11 with the latest update of openssl causing the
problem. I will use the name "one.domain.com"
Jul 03 04:19:14 Updated: openssl-0.9.8e-36.el5_11.i686
It is interesting that this Centos 5.11 machine (one.domain.com)
transfers its mail to our internal mail server that runs Centos
7.1.1503 (two.domain.com), and when the new openssl was updated June
16th on two.domain.com I had a similar problem. At that time when
two.domain.com accepted tls from one.domain.com it failed until I enter
"Try_TLS:one.domain.com NO" in the /etc/mail/access file of
two.domain.com.
My sendmail switches in one.domain.com include the following :
define(`confAUTH_OPTIONS', `A p y')dnl
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
dnl #
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
I would like to be able to continue using tls on one.domain.com, but am
ready to turn it off until this can be debugged. Has this problem
affected anyone else.
Greg Ennis
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
