Red Hat

STARTTLS is not being offered by sendmail when I telnet to the local port on the localhost. STARTTLS is compiled into sendmail. I have valid certificates, pointed to in the .mc file, built to a .cf file. There is a listener running on port 587 and in the log I see entries that seem to indicate it is running:

STARTTLS=server, Diffie-Hellman init, key=1024 bit (1)
STARTTLS=server, init=1

But when I issue EHLO, no STARTTLS. I have set debugging to Level 14, then to 100 because, well, why not? Yet there are no clues. I don't need auth, so I am not using those options in the config, nor am I running saslauthd. Regardless, it should be offered if I have certificates, they are in the correct path expected in the config file, etc.

Any advice?

I figured out what was preventing TLS from starting. In the access file you can also enable or disable TLS via the Srv_Features options [1]. There are four options, with the S/s being the one for TLS. An uppercase S turn it off for networks, IPs, or globally. A lowercase turns it on. As you can guess, it was turned off globally with the 'S' option. So I just had to modify the access file and rebuild it. Now TLS is offered.

[1] sendmail 8.12 (see New Features)