Test STARTTLS
Once you have built sendmail with STARTTLS support, and before you install it, you should test to see whether STARTTLS is working. One way to perform such a test is like this:
# obj.*/sendmail/sendmail -bs -AmHere, we run the newly built
sendmail relative to the
source directory. The -bs tells sendmail
to speak SMTP on its standard input. The -Am tells
sendmail to use its server
configuration file (not
submit.cf), even though it is
running in mail-submission mode. Such a test session
might look like this:
220 your.host.domain ESMTP Sendmail 8.14.1/8.14.1; Fri, 14 Dec 2007 11:43:02 −0700 (PST)ehlo your.host.domain250-your.host.domain Hello root@localhost, pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-STARTTLS ← note this line 250-DELIVERBY 250 HELPquit221 2.0.0 your.host.domain closing connection
Here, the STARTTLS SMTP keyword appears, revealing that this site supports TLS encryptions of connections.
If STARTTLS doesn’t appear, rerun the command with extra debugging, like this:
# obj.*/sendmail/sendmail -O LogLevel=14 -bs -AmLook in your syslog logfiles for sendmail messages. Look for messages such as warnings about unsafe files, or warnings about the validity of X.509 certificates. If this fails, and you need additional help, you can connect to http://www.sendmail.org/tips/.
If STARTTLS does appear, run
sendmail as usual. Then
examine Received: header lines for mail you received from other sites that support STARTTLS, ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
