Topic
  • 1 reply
  • Latest Post - ‏2012-06-06T15:59:56Z by SystemAdmin
SystemAdmin
SystemAdmin
134 Posts

Pinned topic Trying to setup Sendmail Server with STARTTLS on AIX 6.1

‏2012-06-01T17:14:49Z |
I'm having trouble getting Sendmail (Version AIX6.1/8.13.4) server with STARTTLS to work with Sendmail client (same version). The client attempts to send but the following is output:
root@ds3db:/home/root> echo test | mail -v dcarlile@citgo.com
Warning: Option: CRLFile requires at least OpenSSL 0.9.7
dcarlile@citgo.com... Connecting to techif.citgo.com. via esmtp...
220 techif.citgo.com ESMTP Sendmail Fri, 1 Jun 2012 12:10:55 -0500
>>> EHLO ds3db.citgo.com
250-techif.citgo.com Hello ds3db.citgo.com http://146.146.23.46, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
dcarlile@citgo.com... Deferred: 403 4.7.0 TLS handshake failed.
Closing connection to techif.citgo.com.
root@ds3db:/home/root>

Sendmail logs on the client show:
Jun 1 12:10:55 ds3db mail:info sendmail1138824: NOQUEUE: connect from root@localhost
Jun 1 12:10:55 ds3db mail:info sendmail1138824: q51HAtHS1138824: from=dcarlil, size=29, class=0, nrcpts=1, msgid=<201
206011710.q51HAtHS1138824@ds3db.citgo.com>, relay=root@localhost
Jun 1 12:10:55 ds3db mail:info sendmail1138824: q51HAtHS1138824: SMTP outgoing connect on ds3db
Jun 1 12:10:55 ds3db mail:info sendmail1138824: STARTTLS=client, init=1
Jun 1 12:10:55 ds3db mail:info sendmail1138824: STARTTLS=client, start=ok
Jun 1 12:10:55 ds3db mail:err|error sendmail1138824: q51HAtHS1138824: STARTTLS=client, error: connect failed=0, SSL_e
rror=5, timedout=0, errno=0
Jun 1 12:10:55 ds3db mail:notice sendmail1138824: ruleset=tls_server, arg1=SOFTWARE, relay=techif.citgo.com, reject=4
03 4.7.0 TLS handshake failed.
Jun 1 12:10:55 ds3db mail:info sendmail1138824: q51HAtHS1138824: to=dcarlile@citgo.com, ctladdr=dcarlil (1712/1), del
ay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30029, relay=techif.citgo.com. http://146.146.23.39, dsn=4.0.0, stat=Deferred
: 403 4.7.0 TLS handshake failed.

I don't understand SSL_error=5, and can't find a good answer on the web...
Any help would be appreciated.
Updated on 2012-06-06T15:59:56Z at 2012-06-06T15:59:56Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    134 Posts

    Re: Trying to setup Sendmail Server with STARTTLS on AIX 6.1

    ‏2012-06-06T15:59:56Z  
    FYI...
    Here is some more information. I am using AIX 6.1 (6100-04-03-1009) with openssl version 0.9.8.1801 on this sendmail client and the sendmail server this client sends to is using openssl version 0.9.8.1800. IBM support is saying the last known version of openssl that worked with sendmail_ssl is 0.9.8.1103. The logs on the sendmail server (after expanding debug output to 15) shows the following:

    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 220 techif.citgo.com ESMTP Sendmail Tue, 5 Jun
    2012 11:06:46 -0500
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: <-- EHLO ds3db.citgo.com
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-techif.citgo.com Hello ds3db http://146.146.23.46 , pleased to meet you
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-ENHANCEDSTATUSCODES
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-PIPELINING
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-8BITMIME
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-SIZE
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-DSN
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-ETRN
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-STARTTLS
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250-DELIVERBY
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 250 HELP
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: <-- STARTTLS
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: --- 220 2.0.0 Ready to start TLS
    Jun 5 11:06:46 techif mail:warn|warning sendmail1175578: STARTTLS=server, error: accept failed=0, SSL_error=1, timedo
    ut=0, errno=0
    Jun 5 11:06:46 techif mail:warn|warning sendmail1175578: STARTTLS=server: 1175578:error:140B6044:SSL routines:SSL_GET
    _SERVER_SEND_CERT:internal error:ssl_lib.c:1991:
    Jun 5 11:06:46 techif mail:warn|warning sendmail1175578: STARTTLS=server: 1175578:error:1409A044:SSL routines:SSL3_SE
    ND_SERVER_CERTIFICATE:internal error:s3_srvr.c:2657:
    Jun 5 11:06:46 techif mail:info sendmail1175578: q55G6ke91175578: ds3db http://146.146.23.46 did not issue MAIL/EXPN/VRFY/
    ETRN during connection to MTA

    I am currently waiting to hear from IBM Support to see if the problem is with sendmail_ssl or openssl.