Gegroet, Jeffrey Stedfast heeft geschreven:>>
Evolution has the possibity to use TSL (SSL) for both IMAP and SMTP; but I have problems with sendmail mail over a TSL link. When I set up 'TSL/SSL' in the SMTP-configuration module, the TSL seams to fail. (I actually get this:
Received: from freya.belbone.net ([192.168.252.55]) by ossmail1.sunmail.belbone.net. (8.12.7/8.12.2) with ESMTP id h0MDXft5008821 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <kristoff belbone net>; Wed, 22 Jan 2003 14:33:41 +0100 (CET)(Note the 'verify=NO').
It looks like there seams to a a TSL-problem between evolution (on the mail-client, a mandrake 8.0 linux-box) and sendmail (on the mail-server, a solaris 9).
I have no idea what that means, but it's nothing you should worry about presumably.
OK. I finally got some extra time to look at this. I've increase the log-level on sendmail and this is what I get in my logfile:
A session from evolution: Jan 27 16:42:56 ossmail1 NOQUEUE: connect from [192.168.252.55] (...) Jan 27 16:42:56 ossmail1 h0RFgu9e027122: <-- STARTTLS Jan 27 16:42:56 ossmail1 h0RFgu9e027122: --- 220 2.0.0 Ready to start TLS Jan 27 16:42:57 ossmail1 STARTTLS=server, get_verify: 0 get_peer: 0x0Jan 27 16:42:57 ossmail1 STARTTLS=server, relay=[192.168.252.55], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Jan 27 16:42:57 ossmail1 STARTTLS=server, cert-subject=, cert-issuer= This is a session from a box running the mozilla mail-client: Jan 27 16:39:25 ossmail1 NOQUEUE: connect from [192.168.49.2] (...) Jan 27 16:42:56 ossmail1 h0RFgu9e027122: <-- STARTTLS Jan 27 16:42:56 ossmail1 h0RFgu9e027122: --- 220 2.0.0 Ready to start TLS Jan 27 16:42:57 ossmail1 STARTTLS=server, get_verify: 0 get_peer: 0x0Jan 27 16:39:25 ossmail1 STARTTLS=server, relay=[192.168.49.2], version=TLSv1/SSLv3, verify=OK, cipher=RC4-MD5, bits=128/128 Jan 27 16:39:25 ossmail1 STARTTLS=server, cert-subject=/C=BE/ST=Some-State/L=Bredene/O=belgacom/OU=ANS-ROC+20Expert-Center+20Data/CN=Kristoff+20Bonne+20+28person+29/Email=kristoff bel, cert-issuer=/C=BE/ST=Brussels+20Capital+20Region/L=Brussels/O=Belgacom/OU=ANS-ROC+20Expert+20Center+20Data/CN=kristoff+20Bonne/Email=kristof
Mind the 'get_peer:' line.I've checked online archives from comp.mail.sendmail, and -according the messages in there- this means that the mail-client does not present a certificate to the TLS server. (There has been a simular problem with certain versions of outlook which didn't present a certificate neither).
So, the problem is completely on the side of application that initiates the TLS-session. (Hence, -in this case- the evolution mail-client).
OK; I get it. (I'm going to write 1000 times "TLS" on the white-board in the corner, OK?)Well, for me, it's important there is an option in sendmail which allows relaying of messages to be linked to whether the connection was TSL validated or not.agh! stop calling it TSL, it's TLS - Transport Security Layer. :-)
this could be usefull for mail, like for SMTP-servers. Sendmail actually get two certificates: one for 'client' sessions and one for 'server' sessions. (These can be identical but this doesn't have to be the case).mail protocols do not use client-ssl-certs, just like they are not used for HTTP.
Well, they are used in other mail-clients; and mail-servers (like sendmail) can be set up to relay messages only when you use a certificate that has been issued by certain users.
Jeff
Cheerio! Kr. Bonne.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature