Linux – way to completely disable outbound opportunistic TLS support in SendMail

centoslinuxsendmailsmtptls

CentOS 5.x
SendMail 8.14.4

An overzealous network security feature is causing TLS negotiations to fail when my Sendmail server tries to talk to external hosts. This is causing sendmail to constantly requeue some messages because it won't fail over to unencrypted delivery.

Is there a way to disable outbound TLS completely? I'm aware that I can add Try_TLS:broken.server NO entries for the individual mx records (or partial domains) but I'd prefer to just disable this entirely until the root cause gets resolved.

As far as I can tell, there doesn't appear to be any way to tell SendMail to not use TLS whatsoever.

I tried Try_TLS:* but that didn't work.

I understand that the root cause is not my specific system but as I don't have control of the affected parts, I'd like to at least get mail flowing. Any ideas?

Best Answer

How about:

Try_TLS:  NO

without the wildcard?

Related Solutions

Centos – Disable local delivery in Sendmail

What I did to disable local delivery. I'll be using the example.com domain.

Requirements:

example.com A entry pointing to IP address assigned to one of the eth interfaces.
/etc/hosts defining example.com assigned to the very same IP address as above
example.com MX records pointing to Google servers (ASPMX.L.GOOGLE.COM, etc)
default sendmail installation (mine was on Ubuntu)

Steps:

vim /etc/mail/sendmail.mc

at the end:

define(`MAIL_HUB', `example.com.')dnl
define(`LOCAL_RELAY', `example.com.')dnl

and then:

sendmailconfig (or /etc/mail/make depending on your distro)
service sendmail restart

testing:

echo -e "To: user@example.com\nSubject: Test\nTest\n" | sendmail -bm -t -v
echo -e "To: user\nSubject: Test\nTest\n" | sendmail -bm -t -v

You should see it connecting to the google server and then you should see your mail being delivered to your Google inbox.

IIS6 SMTP and TLS on outbound connections

There is no way to create an opportunistic SMTP server in IIS. You'll need to create two virtual SMTP servers (one with TLS required, and one without) and route mail accordingly.

http://www.phreek.org/index.php/prkblog/comments/enable_tls_on_your_iis_60_smtp_virtual_server

Best Answer

Related Solutions

Centos – Disable local delivery in Sendmail

IIS6 SMTP and TLS on outbound connections

Related Topic