[PLUG] Mail abuse problem
Paul Heinlein
heinlein at attbi.com
Mon Jun 2 10:14:02 UTC 2003
On 2 Jun 2003, Holger Stephan wrote:
> No SSL on SMTP, but it's planned now.
Hah! That's what you think. :-) Take a good look at your mail log,
you'll see plenty of entries that show you're already doing SSL on
SMTP:
Jun 1 05:03:33 servername sendmail[30187]: STARTTLS=server,
relay=franklin.cse.ogi.edu [129.95.40.9], version=TLSv1/SSLv3,
verify=NO, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
So franklin.cse.ogi.edu, the main mail server for the CSE dept at
OGI/OHSU, negotiated a 168-bit key exchange with your server. And,
sure enough, you can use the openssl binary (0.9.7 or higher) to
verify that:
[heinlein]$ openssl s_client -connect servername:25 -starttls smtp
CONNECTED(00000003)
Just make sure you substitute your real server name for 'servername.'
:-) Grep your sendmail.cf for '/ssl/' to get all the references.
--Paul Heinlein <heinlein at attbi.com>
More information about the PLUG
mailing list