On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote: > Everyone, > > Looks like the new version of oppenssl has broken my sendmail's use > of > tls. Has anyone else had this problem or seen a fix? > > Greg Ennis > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos I should have had a note with a few more details. Sorry! The os is Centos 5.11 with the latest update of openssl causing the problem. I will use the name "one.domain.com" Jul 03 04:19:14 Updated: openssl-0.9.8e-36.el5_11.i686 It is interesting that this Centos 5.11 machine (one.domain.com) transfers its mail to our internal mail server that runs Centos 7.1.1503 (two.domain.com), and when the new openssl was updated June 16th on two.domain.com I had a similar problem. At that time when two.domain.com accepted tls from one.domain.com it failed until I enter "Try_TLS:one.domain.com NO" in the /etc/mail/access file of two.domain.com. My sendmail switches in one.domain.com include the following : define(`confAUTH_OPTIONS', `A p y')dnl dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl define(`confCLIENT_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl I would like to be able to continue using tls on one.domain.com, but am ready to turn it off until this can be debugged. Has this problem affected anyone else. Greg Ennis