I am in the process of replacining a tired old server running sendmail 8.15.2.
Before I turn it off I want to make it send its remaining mail through the new server (which isn't running sendmail but that shouldn't matter.)
I see the SMART_HOST macro, but I want to make it relay with ssl to port
465 or with STARTTLS to port 587 on the new server. I have looked through the manual and if it's there, I don't see it.
I am in the process of replacining a tired old server running sendmail 8.15.2.
Before I turn it off I want to make it send its remaining mail through the new server (which isn't running sendmail but that shouldn't matter.)
I see the SMART_HOST macro, but I want to make it relay with ssl to port
465 or with STARTTLS to port 587 on the new server. I have looked through the manual and if it's there, I don't see it.
I am not sure which one of these you need. I have set both
and my Sendmail connects to smart host's TCP port 587.
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
Sendmail will use STARTTLS automatically as long as
your receiving server advertises to support it.
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
John Levine <johnl@taugh.com> wrote:
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
I have no idea as I have never used port 465. I suppose
it is deprecated anyway, but I am not 100% sure.
From a performance point of view, issuing STARTTLS
ESMTP command on port 587 makes no practical difference
compared to the immediate TLS on port 465.
It appears that Kalevi Kolttonen <kalevi@kolttonen.fi> said:
John Levine <johnl@taugh.com> wrote:
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
I have no idea as I have never used port 465. I suppose
it is deprecated anyway, but I am not 100% sure.
It's not deprecated at all. Every MTA I know supports it. Even sendmail.
From a performance point of view, issuing STARTTLS
ESMTP command on port 587 makes no practical difference
compared to the immediate TLS on port 465.
Port 465 is considerably more resistant to man-in-the-middle and
downgrade attacks than 587 is. A naughty middlebox might edit the EHLO response to remote STARTTLS, so the client goes ahead without it. On
465, if it can't do the handshake and get the certificate with the
expected name, the connection fails.
It appears that Kalevi Kolttonen <kalevi@kolttonen.fi> said:
John Levine <johnl@taugh.com> wrote:
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
I have no idea as I have never used port 465. I suppose
it is deprecated anyway, but I am not 100% sure.
It's not deprecated at all. Every MTA I know supports it. Even sendmail.
John Levine <johnl@taugh.com> wrote:
It appears that Kalevi Kolttonen <kalevi@kolttonen.fi> said:
John Levine <johnl@taugh.com> wrote:
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
I have no idea as I have never used port 465. I suppose
it is deprecated anyway, but I am not 100% sure.
It's not deprecated at all. Every MTA I know supports it. Even sendmail.
How does sendmail supports it?
I know there is Flag=s in DaemonPortOptions to open a port and offer
SMTP over SSL.
According to Hugo Villeneuve-Lapointe <hugo_villap@email.invalid>:
John Levine <johnl@taugh.com> wrote:
It appears that Kalevi Kolttonen <kalevi@kolttonen.fi> said:How does sendmail supports it?
John Levine <johnl@taugh.com> wrote:
Thanks, that should do it. Just out of curiosity is
there a way to tell it to do immediate TLS on port 465?
I have no idea as I have never used port 465. I suppose
it is deprecated anyway, but I am not 100% sure.
It's not deprecated at all. Every MTA I know supports it. Even sendmail. >>
I know there is Flag=s in DaemonPortOptions to open a port and offer
SMTP over SSL.
That's it. Ports 465 and 587 are for submission, from an MUA to an MSA.
In my application the old server is the submission cient and the new server is the submission server.
I'm afraid I don't think it is possible to do SMTP over SSL (port
465) between 2 sendmail servers (or I don't know how to do that).
John Levine <johnl@taugh.com> wrote:
That's it. Ports 465 and 587 are for submission, from an MUA to an MSA.
In my application the old server is the submission cient and the new server >> is the submission server.
I'm afraid I don't think it is possible to do SMTP over SSL (port
465) between 2 sendmail servers (or I don't know how to do that).
Well, there is the _FFR_SMTPS_CLIENT build time feature, enabling
underscore as a F= delivery agent flag:
#if _FFR_SMTPS_CLIENT
# define M_SMTPS_CLIENT '_' /* use SMTP over TLS (465/TCP) */
#endif
But you'll probably have to build your own sendmail binary for that.
I'd just go with STARTTLS if it was me...
Hugo Villeneuve-Lapointe wrote:
I'm afraid I don't think it is possible to do SMTP over SSL (port
465) between 2 sendmail servers (or I don't know how to do that).
Look for _FFR_SMTPS_CLIENT in the code.
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 65 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 06:07:05 |
| Calls: | 862 |
| Files: | 1,311 |
| D/L today: |
921 files (14,318M bytes) |
| Messages: | 264,697 |