I doubt this could be a bug but after 10 hours of debugging I have to post. The only clue I have left is that regardless if the below lines are used in sendmail.mc or if I comment them out, I get the same SSL errors (140BA0C3, 140770FC, SSL_new, etc) but can't find anything helpful on these codes. The same certs/key are being used on port 443 (apache) and 995 (dovecot) and are working flawlessly so I know the issue has to be Sendmail.
What am I missing?
---== Installed Software ==---[font=Courier]
$ rpm -qa | grep sendmail
sendmail-cf-8.13.8-8.1.el5_7
sendmail-8.13.8-8.1.el5_7
[/font]
---== Sendmail.mc ==---[font=Courier]
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/www.t1shopper.com.ev.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/www.t1shopper.com.key')dnl
[/font]
---==Testing from remote server ==---[font=Courier]
$ openssl s_client -host www.t1shopper.com -port 465
CONNECTED(00000003)
7948:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583:
[/font]
---== Here's the mail log from from the above client request ==--- [font=Courier]
Mar 3 18:52:41 www sendmail[9360]: NOQUEUE: connect from [98.142.1.1]
Mar 3 18:52:41 www sendmail[9360]: AUTH: available mech=CRAM-MD5 DIGEST-MD5, allowed mech=LOGIN PLAIN
Mar 3 18:52:41 www sendmail[9360]: q23Iqfve009360: Milter: no active filter
Mar 3 18:52:41 www sendmail[9360]: STARTTLS=server: 9360:error:140BA0C3:SSL routines:SSL_new:null ssl ctx:ssl_lib.c:244:
Mar 3 18:52:41 www sendmail[9360]: q23Iqfve009360: [98.142.1.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to SSLMTA
[/font]
[SOLVED] Sendmail failing to establish SSL connections
Re: Sendmail failing to establish SSL connections
Aaaaaaaaaaarrrrrrrrrrrrrrrrrrrrrr
Permissions. I had the permissions too wide again. I've done that before too. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it.
http://ist.uwaterloo.ca/security/howto/2006-08-03/
Permissions. I had the permissions too wide again. I've done that before too. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it. Dang it.
http://ist.uwaterloo.ca/security/howto/2006-08-03/
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
[SOLVED] Sendmail failing to establish SSL connections
Thanks for [d]confessing[/d] reporting back. :-) Marking this thread [SOLVED] for posterity.