Greetings, Jeffrey Stedfast heeft geschreven:
/As I had been asked to set up a new mail-server, I also took the time at looking at a new mail-client; and so that's why I have been 'playing around' with evolution for a couple of days now. One of the things I would like to ask is this: Evolution has the possibity to use TSL (SSL) for both IMAP and SMTP; but I have problems with sendmail mail over a TSL link. When I set up 'TSL/SSL' in the SMTP-configuration module, the TSL seams to fail. (I actually get this:Received: from freya.belbone.net ([192.168.252.55]) by ossmail1.sunmail.belbone.net. (8.12.7/8.12.2) with ESMTP id h0MDXft5008821 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <kristoff belbone net>; Wed, 22 Jan 2003 14:33:41 +0100 (CET)(Note the 'verify=NO'). It looks like there seams to a a TSL-problem between evolution (on the mail-client, a mandrake 8.0 linux-box) and sendmail (on the mail-server, a solaris 9). /I have no idea what that means, but it's nothing you should worry about presumably.
Well, for me, it's important there is an option in sendmail which allows relaying of messages to be linked to whether the connection was TSL validated or not.
Management has issued a policy on network-security (in general); and I want to be able to implement it as much as possible. So that why I want to FORCE people to use TSL. (One this is for sure, If you do not force them, they
will not use it. ;-))For IMAP, this is not a problem as the UW imap-server only allows connections that are TSL validated; so I want to implement the same thing on SMTP-level.
Clients do not use certs to verify who it is against the server for SSL ciphered mail protocols. The server sends its cert to the client so the client can verify the server is who it claims to be./One of the posibilities is that the problem could be related to related to the X.509 certificates used by openssl. I have installed the certificates of the server and the CA in the 'cert7.db' and 'keys3.db' on the client-side (using 'certutil' from mozilla). But how do I configure or know what key the client will use to set up a SMTP/TSL connection to the server?/
Well, sendmail has certificates both when acting as a server or a client.IFAIK, TSL allows certification on both sides; so that the server can be sure the client is really who he is. (based on the certificates). Althou this doesn't really any sence in a HTTP-server (where it is doubtfull the server will 'know' all the clients), this could be usefull for mail, like for SMTP-servers. Sendmail actually get two certificates: one for 'client' sessions and one for 'server' sessions. (These can be identical but this doesn't have to be the case).
Anycase, the question is, that -even if the certificate is only used for verifying the server- why the test fails. The server uses the same certificate for imap (UW imapd) and smtp (sendmail), imap/ssl between the mail-client and this server works, and smtp/tsl between that server and the 'gateway' (also running sendmail) also works.
Is there any way to get additional debug-info from the SMTP/TSL code in evolution to find out WHY it fails?
Cheerio! Kr. Bonne.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature