Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 381139

Summary: mail-mta/sendmail CipherList option missing - can't disable SSLv2
Product: Gentoo Linux Reporter: Oleg Gawriloff <barzog>
Component: New packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: emerge --info output

Description Oleg Gawriloff 2011-08-30 09:57:21 UTC 
It seems that SSL support in sendmail is now working (despite setted ssl use flag).


martin-cl2 mail # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail1.telecom.by ESMTP Planescape 1.01/1.01; Tue, 30 Aug 2011 12:56:18 +0300
ehlo localhost
250-mail1.telecom.by Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 25600000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
Where's STARTTLS?


martin-cl2 mail # sendmail -d0.13 < /dev/null | grep FFR
   FFR Defines:


Reproducible: Always
Comment 1 Oleg Gawriloff 2011-08-30 09:58:27 UTC 
Created attachment 285063 [details]
emerge --info output
Comment 2 Eray Aslan gentoo-dev 2011-09-02 07:33:20 UTC 
Did you define confCACERT and friends in your config file?  See README.cf in /usr/share/doc/${P} directory and http://www.sendmail.org/~ca/email/starttls.html for more information.
Comment 3 Oleg Gawriloff 2011-09-07 12:06:28 UTC 
But why then sendmail complains about

Sep  7 15:02:58 martin-cl2 sm-mta[6557]: restarting /usr/sbin/sendmail due to signal
Sep  7 15:02:58 martin-cl2 sm-mta[6557]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 252: readcf: unknown option name CipherList

in .mc file:
LOCAL_CONFIG
O CipherList=DEFAULT:!SSLv2:!LOW:!EXPORT
in .cf file:

O CipherList=DEFAULT:!SSLv2:!LOW:!EXPORT

Same version and config Sendmail is installed on my other host with FreeBSD. There with this config we don't have any problems.

Documentation:
http://72.14.189.113/howto/sendmail/cipherlist/
Comment 4 Oleg Gawriloff 2011-09-07 12:25:48 UTC 
yes, sendmail is configured for SSL/TLS support. Errors with information in greeting I fixed (there was M=S option).
Comment 5 Eray Aslan gentoo-dev 2011-09-07 14:34:58 UTC 
i.e. problem is you cannot disable SSLv2.  I'll have a look.  Reopening.
Comment 6 Eray Aslan gentoo-dev 2011-09-08 06:43:21 UTC 
+*sendmail-8.14.5-r1 (08 Sep 2011)
+
+  08 Sep 2011; Eray Aslan <eras@gentoo.org> +sendmail-8.14.5-r1.ebuild:
+  Add CipherList option - bug #381139
+

Please reopen if you still have a problem.