Prev: Sendmail stops running the queue
Next: beginers info
From: cisx admin on 2 Jul 2010 09:19
Hi,

I get alot of log lines that are useless in sendmail, when an email is
already recieved but with a .forward file is forwarded to an external
address. Basically internal sendmail traffic.


Jul 2 12:16:45 gale sendmail[29607]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3,
verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jul 2 12:16:45 gale sendmail[29606]: STARTTLS=client,
relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-
AES256-SHA, bits=256/256

i have tried:
in the /etc/mail/access
Try_TLS:locahost NO
Try_TLS:127.0.0.1 NO

TLS works fine for the connections who request it or support it, is
there a way of telling sendmail to not try use TLS for internal
traffic?

Many Thanks
From: Claus Aßmann on 2 Jul 2010 21:17
cisx admin wrote:

> I get alot of log lines that are useless in sendmail, when an email is

Why are they useless?

> already recieved but with a .forward file is forwarded to an external
> address. Basically internal sendmail traffic.

> Jul 2 12:16:45 gale sendmail[29607]: STARTTLS=server,
....

> Try_TLS:127.0.0.1 NO

Are you sure those logfile entries are about forwarded mails?
Unless you have a weird setup, sendmail doesn't contact itself
in this case.

BTW: why do you care about those two entries?
From: ska on 5 Jul 2010 03:13
cisx admin wrote:
> I get alot of log lines that are useless in sendmail, when an email is
> already recieved but with a .forward file is forwarded to an external
> address. Basically internal sendmail traffic.

Does your .forward files contain just the recipient addresses or do
you call sendmail as program to forward the messages? As Claus said,
if you put the address into .forward, sendmail does not re-connect
itself.

> in the /etc/mail/access
> Try_TLS:locahost NO
> Try_TLS:127.0.0.1 NO

I use:
SRV_Features:<<client IP>> SV
to disable the STARTTLS advertising, op.me sec 5.1.4.14.

Maybe you need "Try_TLS:localhost.localdomain", maybe you need a dot
in the end, in order to get TryTLS working.

-ska
From: cisx admin on 6 Jul 2010 10:44
Hi Claus and Hi ska,

> Why are they useless?
a percentage of the log file is of these loglines, which if were not
there would be better (for various minor reasons).


> Does your .forward files contain just the recipient addresses or do
> you call sendmail as program to forward the messages? As Claus said,
> if you put the address into .forward, sendmail does not re-connect
> itself.

The .forward file is, I humbly apologise, different from stated.
the .forward file forwards the email to a perl script, which invokes
sendmail again, with the following command, so as to forward an email
onto an external address.
open(SENDMAIL, "|/usr/sbin/sendmail -oi -t") || die "Cannot open
sendmail output";
print SENDMAIL $message;
close (SENDMAIL);

> Maybe you need "Try_TLS:localhost.localdomain", maybe you need a dot
> in the end, in order to get TryTLS working.

I have tried this.

Many thanks!
 | 
Pages: 1
Prev: Sendmail stops running the queue
Next: beginers info