[CentOS] Entourage X and Sendmail STARTTLS on CentOS 4.4
Paul R. Ganci
ganci at nurdog.com
Sat Jan 13 06:03:57 UTC 2007
Paul Heinlein wrote:
> On Fri, 12 Jan 2007, Aleksandar Milivojevic wrote:
>> Maybe the version of Entourage you have doesn't support STARTTLS.
>> Try enabling implicit SSL
This is what I suspect. I was hoping someone could actually confirm.
>> port in Sendmail's configuration by adding this line:
>>
>> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
>>
>> After adding that line, Sendmail will listen on port 465 (smtps) in
>> addition to port 25. You'll have SSL on port 465, and on port 25 you
>> can have plaintext or TLS (after client issues STARTTLS).
I tried to do this and discovered that sendmail stopped listening on
port 25. I am not sure what is up with this since the sendmail.mc config
does say:
dnl # The following causes sendmail to additionally listen to port 465,
I'll experiment some more but if somebody has an idea as to why this
might be occurring I am all ears.
> This is good advice, but the question is forcing us to guess. It'd be
> a lot easier to answer you with some more information:
> * what port is Entourage trying to contact?
Sorry, but by a standard setup I meant port 25
> * is it using STARTTLS or straight SMTP/SSL?
This was one of my questions. From googling I suspect not and asked if
someone could confirm.
> * could there be any firewalls hijacking traffic?
No I mentioned that Mac Mail and Thunderbird both work from this same
machine. They both use the standard port 25 and both use STARTTLS.
> Assuming you know the IP address of the Mac client machine, try
> launching a tcpdump session on the mail server
>
> sudo tcpdump -A -s0 host $CLIENT_ADDR
>
> Entourage will try to contact one of three ports:
>
> 25 (smtp)
> 465 (smtps)
> 587 (submission)
>
> tcpdump will show you what port the client is addressing and whether
> the client is using STARTTLS (port 25 or 587) or straight SSL (port
> 465). In the former case, the tcpdump output will include the string
> 'Ready to start TLS' before any certificate info is sent over the
> wire. If the connection is straight SSL, it won't be there.
Thanks this is a very useful idea. It will certainly help me confirm
what Entourage X is actually trying to do.
--
Paul (ganci at nurdog.com)
More information about the CentOS
mailing list