1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • stateful handling of opportunistic STARTTLS

    From Thorsten Glaser@21:1/5 to All on Sun Nov 12 01:39:22 2023
    Hi,

    when using the default opportunistic STARTTLS on delivering (when the
    contacted server has it, try it, else just ignore its absence), there
    is one thing I miss from sendmail which Postfix has: the latter, when
    STARTTLS fails (e.g. no shared cipher) it remembers that and on later
    delivery attempts, it doesn’t try STARTTLS (I think per message).

    Is there a way to teach sendmail to do that as well?

    Thanks,
    //mirabilos
    --
    (gnutls can also be used, but if you are compiling lynx for your own use,
    there is no reason to consider using that package)
    -- Thomas E. Dickey on the Lynx mailing list, about OpenSSL

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Thorsten Glaser on Sun Nov 12 01:04:51 2023
    Thorsten Glaser wrote:

    when using the default opportunistic STARTTLS on delivering (when the contacted server has it, try it, else just ignore its absence), there
    is one thing I miss from sendmail which Postfix has: the latter, when STARTTLS fails (e.g. no shared cipher) it remembers that and on later delivery attempts, it doesn’t try STARTTLS (I think per message).

    Do you mean TLSFallbacktoClear?

    8.16.1/8.16.1 2020/07/05
    To automatically handle TLS interoperability problems for outgoing
    mail, sendmail can now immediately try a connection again
    without STARTTLS after a TLS handshake failure.
    This can be configured globally via the option
    TLSFallbacktoClear or per session via the 'C' flag
    of tls_clt_features.

    Or do you mean some "long term storage" about this problem? If the
    latter: how long? Maybe the server problem is getting fixed so
    you want to use STARTTLS after all?

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thorsten Glaser@21:1/5 to All on Sun Nov 12 21:17:19 2023
    Claus A�mann dixit:

    Do you mean TLSFallbacktoClear?

    8.16.1/8.16.1 2020/07/05

    I think “yes, and I need to update my sendmail”.

    Thank you!

    bye,
    //mirabilos
    --
    Wish I had pine to hand :-( I'll give lynx a try, thanks.

    Michael Schmitz on nntp://news.gmane.org/gmane.linux.debian.ports.68k
    a.k.a. {news.gmane.org/nntp}#news.gmane.linux.debian.ports.68k in pine

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)