Paul Heinlein wrote:
On Fri, 12 Jan 2007, Aleksandar Milivojevic wrote:
Maybe the version of Entourage you have doesn't support STARTTLS. Try enabling implicit SSL
This is what I suspect. I was hoping someone could actually confirm.
port in Sendmail's configuration by adding this line:
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
After adding that line, Sendmail will listen on port 465 (smtps) in addition to port 25. You'll have SSL on port 465, and on port 25 you can have plaintext or TLS (after client issues STARTTLS).
I tried to do this and discovered that sendmail stopped listening on port 25. I am not sure what is up with this since the sendmail.mc config does say:
dnl # The following causes sendmail to additionally listen to port 465,
I'll experiment some more but if somebody has an idea as to why this might be occurring I am all ears.
This is good advice, but the question is forcing us to guess. It'd be a lot easier to answer you with some more information:
- what port is Entourage trying to contact?
Sorry, but by a standard setup I meant port 25
- is it using STARTTLS or straight SMTP/SSL?
This was one of my questions. From googling I suspect not and asked if someone could confirm.
- could there be any firewalls hijacking traffic?
No I mentioned that Mac Mail and Thunderbird both work from this same machine. They both use the standard port 25 and both use STARTTLS.
Assuming you know the IP address of the Mac client machine, try launching a tcpdump session on the mail server
sudo tcpdump -A -s0 host $CLIENT_ADDR
Entourage will try to contact one of three ports:
25 (smtp) 465 (smtps) 587 (submission)
tcpdump will show you what port the client is addressing and whether the client is using STARTTLS (port 25 or 587) or straight SSL (port 465). In the former case, the tcpdump output will include the string 'Ready to start TLS' before any certificate info is sent over the wire. If the connection is straight SSL, it won't be there.
Thanks this is a very useful idea. It will certainly help me confirm what Entourage X is actually trying to do.