Re: [0T] sendmail relay to gmail smtp server

[Harry Putnam]

wahjava.ml@gmail.com (Ashish SHUKLA) writes:

> Harry Putnam writes:
>> NOTE:  This is a copy of a post made on the ding group but I didn't
>> think to cross post it here so please pardon me not using the normal
>> cross post procedure.  The ding group seems to be dead for the moment
>> and the query is relevant here as well I hope.
>
>
> [...]
>
>
>> I think these are the sendmail logs that contain the relevant error:
>
>> (I'm not sure if the `verify=FAIL' means what it suggests)
>
>> ,----
>> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client,
>> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL,
>> | cipher=RC4-SHA, bits=128/12
>> | 
>> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243:
>> |   to=<reader@newsguy.com>, ctladdr=<reader@reader.local.lan>
>> |   (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563,
>> |   relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, 
>> |   stat=Service unavailable
>> | 
>> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: DSN: 
>> Service unavailable
>> `----
>
> Could you please make sure your certificates/CA are properly setup in
> sendmail?  Looks like sendmail is having issues verifying gmail's TLS
> certificate after STARTTLS, and therefore it's not continuing with STARTTLS,
> and because gmail doesn't accept email over non-TLS transport it fails.

Thanks for your input... I've solved the problem with a big dose of
help from Per H on comp.mail.sendmail.

I had a typo in /etc/mail/authinfo where I had misspelled:

   Authinfo

was spelled like:

   Athinfo <missing the `u'>

But for your information the cert stuff is handled on debian by a
single line in sendmail.mc:

 include(`/etc/mail/tls/starttls.m4')dnl

Pointing to a directory /etc/mail/tls which holds all the relavent
cert stuff.