[CentOS] Entourage X and Sendmail STARTTLS on CentOS 4.4

Sat Jan 13 06:03:57 UTC 2007
Paul R. Ganci <ganci at nurdog.com>

Paul Heinlein wrote:
> On Fri, 12 Jan 2007, Aleksandar Milivojevic wrote:
>> Maybe the version of Entourage you have doesn't support STARTTLS.  
>> Try enabling implicit SSL
This is what I suspect. I was hoping someone could actually confirm.
>> port in Sendmail's configuration by adding this line:
>>
>> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')
>>
>> After adding that line, Sendmail will listen on port 465 (smtps) in 
>> addition to port 25.  You'll have SSL on port 465, and on port 25 you 
>> can have plaintext or TLS (after client issues STARTTLS).
I tried to do this and discovered that sendmail stopped listening on 
port 25. I am not sure what is up with this since the sendmail.mc config 
does say:

dnl # The following causes sendmail to additionally listen to port 465,

I'll experiment some more but if somebody has an idea as to why this 
might be occurring I am all ears.
> This is good advice, but the question is forcing us to guess. It'd be 
> a lot easier to answer you with some more information:
> * what port is Entourage trying to contact?
Sorry, but by a standard setup I meant port 25
> * is it using STARTTLS or straight SMTP/SSL?
This was one of my questions. From googling I suspect not and asked if 
someone could confirm.
> * could there be any firewalls hijacking traffic?
No I mentioned that Mac Mail and Thunderbird both work from this same 
machine. They both use the standard port 25 and both use STARTTLS.
> Assuming you know the IP address of the Mac client machine, try 
> launching a tcpdump session on the mail server
>
>   sudo tcpdump -A -s0 host $CLIENT_ADDR
>
> Entourage will try to contact one of three ports:
>
>    25 (smtp)
>   465 (smtps)
>   587 (submission)
>
> tcpdump will show you what port the client is addressing and whether 
> the client is using STARTTLS (port 25 or 587) or straight SSL (port 
> 465). In the former case, the tcpdump output will include the string 
> 'Ready to start TLS' before any certificate info is sent over the 
> wire. If the connection is straight SSL, it won't be there.
Thanks this is a very useful idea. It will certainly help me confirm 
what Entourage X is actually trying to do.

-- 
Paul (ganci at nurdog.com)