Login or Register to Ask a Question and Join Our Community


AIX

AIX sendmail and tls

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX sendmail and tls
# 1  
Old 05-06-2015
AIX sendmail and tls
The situation

Code:
Version AIX7.1/8.14.4
 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS
                MILTER MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETINET6
                NETUNIX NEWDB NIS NISPLUS PIPELINING SCANF STARTTLS USERDB
                USE_LDAP_INIT XDEBUG

Code:
  openssl.base             1.0.1.513    CE    F    Open Secure Socket Layer

I configure sendmail for use tls

Code:
divert(0)dnl
VERSIONID(`Mustafar')
OSTYPE(aixsample)dnl
DOMAIN(`generic')dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)dnl
define(`SMART_HOST', `posta.server.local')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/server.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/ibmunix.server.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/ibmunix.server.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/ibmunix.server.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/ibmunix.server.key')dnl
define(`confRAND_FILE',`egd:/dev/random')dnl
define(`TLS_VERSION',`TLSV1')dnl
define(`confLOG_Level', `16')

I can receive mail from other server(all with tls)
but if try to send an email from this server

Code:
May  7 03:31:57 ibmunix mail:warn|warning sendmail[13303906]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
May  7 03:31:57 ibmunix mail:warn|warning sendmail[13303906]: STARTTLS=client: 13303906:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:593:
May  7 03:31:57 ibmunix mail:notice sendmail[13303906]: ruleset=tls_server, arg1=SOFTWARE, relay=posta.server.local, reject=403 4.7.0 TLS handshake failed.

The other servers are configure for allow TLS only,no ssl3
but i try also with ssl3 server,same error.
Any suggestion?
Thanks
# 2  
Old 05-09-2015
only one suggestion. did you try to connect to the SMTP server with openssl command from AIX?
Code:
aix# openssl s_client -connect server:465

# 3  
Old 05-10-2015
Iuse port 25,i want tls not ssl

---------- Post updated at 11:44 PM ---------- Previous update was at 03:41 PM ----------

One thing i don't understand,here i read

Code:
Macros related to STARTTLS are: 

  •  ${cert_issuer} holds the DN of the CA (the cert issuer).
    • 

  •  ${cert_subject} holds the DN of the cert (called the cert subject).
    • 

  •  ${cn_issuer} holds the CN of the CA (the cert issuer).
    • 

  •  ${cn_subject} holds the CN of the cert (called the cert subject).
    • 

  •  ${tls_version} the TLS/SSL version used for the connection, e.g., TLSv1,     TLSv1/SSLv3, SSLv3, SSLv2.
    • 

  •  ${cipher} the cipher used for the connection, e.g., EDH-DSS-DES-CBC3-SHA,     EDH-RSA-DES-CBC-SHA, DES-CBC-MD5, DES-CBC3-SHA.
    •

My question is,how to make those macro on .mc file?
I have tried those syntax,but doesn't work

Code:
 define(`macroTLS_VERSION',`TLSv1')dnl

and
Code:
 define(`confTLS_VERSION',`TLSv1')dnl

and
Code:
 define(`TLS_VERSION',`TLSv1')dnl

How to pass tlsv1 to sendmail?
Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

Unable to establish connection over TLS 1.2 on AIX 7.1/7.2

Hello Team, I would need your help to enable communication over TLS1.2 on AIX 7.1 or 7.2 with IBM JDK 1.8 latest update. By default, the request is trying to establish a connection over TLSv1 even though TLS 1.2 is explicitly enabled on server as well as on Java 8. The openssl command throws... (4 Replies)
Discussion started by: Naina2019
4 Replies

2. Solaris

How to configure CUPS on Solaris 11.3 - TLS and no TLS?

We are implementing CUPS on a new Solaris 11.3 system. The same system will run an application where users can print to networked printers inside our organisation, or to a printer outside of our organisation over the internet. For users printing to internal network printers, no encryption is... (0 Replies)
Discussion started by: SallyB
0 Replies

3. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

4. UNIX for Dummies Questions & Answers

Problems with Sendmail AUTH and TLS

Greetings. I desperately need help to get my sendmail configuration working again. I followed this guide: Unmemorable Memories » Blog Archive » Enabling SMTP-AUTH for Sendmail on Debian Linux 3.1 to enable TLS and AUTH in sendmail and now I get an error I just cannot find any information... (1 Reply)
Discussion started by: Mr.Glaurung
1 Replies

5. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

6. AIX

sendmail on AIX

Hi, Is sendmail required to read local mail for root user on AIX? I shutdown sendmail daemon and sent a test mail to root and I got it. I don't know if I'm missing something here. Thanks regards Israel. (1 Reply)
Discussion started by: iga3725
1 Replies

7. AIX

Problems with sendmail on AIX

hi, i got this error, i have no idea where to start.. anyone please??? Warning: .cf file is out of date: sendmail AIX5.3/8.13.4 supports version 10, .c f file is version 9 WARNING: local host name (BAANPRO) is not qualified; see cf/README: WHO AM I? Running /var/spool/mqueue/o3CBj3np1138768... (3 Replies)
Discussion started by: fdeivis
3 Replies

8. AIX

AIX sendmail configuration

I want to configure sendmail on AIX 4 and 5 to send emails to a windows SMTP proxy server for distribution. Mail would be going from AIX to Windows but any return emails would be sent not AIX but to a default Windows return address. What variables in the AIX sendmail.cf file would need to be... (1 Reply)
Discussion started by: rahe
1 Replies

9. UNIX for Dummies Questions & Answers

Implementing TLS with Sendmail and having problem with cert request

Hi. One of my company's customers requires mails to be sent to them to use TLS. Thanks to some good documentation on the web, I've got this mostly figured out, but now I'm stuck at generating the CSR. My company's mail domain is sg.bunny.com (not real address, obviously), but the email gateway... (0 Replies)
Discussion started by: pierreery
0 Replies

10. AIX

How to configure sendmail for AIX 5.3

Hello All, I am very new to this sendmail thing. I need to set up AIX servers with sendmail service to get emails in my corporate email address. All I am asked to do is use SMTP gateways (already in place) for using sendmail. thanks in advance (0 Replies)
Discussion started by: solaix14
0 Replies
Login or Register to Ask a Question