Re: client end of ssl authenticaiton

In article <87mymrdqtp.fsf@xxxxxxxxxxx> reader@xxxxxxxxxxx writes:
per@xxxxxxxxxxxx (Per Hedeland) writes:

In article <877idva5sd.fsf@xxxxxxxxxxx> reader@xxxxxxxxxxx writes:

But judging by the way its done with thunderbird I'm guessing that
just as a client.. it must be simpler. All I had to do there was
check an ssl box during setup. And I noticed it popped up a port
number 465.

You're right about cert config not being *required* for the client
(though it means that you lose a major benefit of using SSL), but see my
response to a question about this same scenario (though different ISP it
seems) posted just yesterday, at:

http://groups.google.com/group/comp.mail.sendmail/msg/30673f90c94b4beb

I see the reponse... thanks... but I don't see any proposed solution
unless you are saying I should be absolutely sure it is required.

Exactly. If you can use the standard STARTTLS instead of the
non-standard SMTPS, you will have significantly less headache with
sendmail. So double-check with your ISP whether they support STARTTLS
first.

If they don't seem to have a clue about that, you can try connecting
to the SMTP server with 'telnet <server> 25' and type in

EHLO some.host.name

If the response includes the word STARTTLS, it just may work.

My only real clue about it being a requirement is that my wifes
windows xp setup with outlook quit working too, and I piddled with it
for a good while until finally tried the ssl box which when checked
shows port 465 will be used.

Not a good basis for decision, using STARTTLS with outlook may be
problematic and/or non-obvious.

You didn't go into the solution part... only saying the reader
wouldn't want to go there.

Do you suspect I can get past the comcast server some other way?

STARTTLS is a possibility, and it's not "getting past" as in avoiding
the SSL requirement, just doing it in a standard way that has builtin
suppport in sendmail.

--Per Hedeland
per@xxxxxxxxxxxx


.

Relevant Pages

  • Re: Using Sendmail as an SSL client without STARTTLS
    ... I'd like to know if it is possible to configure Sendmail as a client ... that authenticates itself to a mail hub either using SMTP AUTH over SSL ... STARTTLS) connections. ...
    (comp.mail.sendmail)
  • SSL and IPS (was RE: ssh and ids)
    ... How many simultaneous SSL sessions can be tracked?" ... I assume you're talking about a case in which the client constantly ... If you walk the possible session id space and ... The server chooses the session ID, ...
    (Focus-IDS)
  • Re: IIS6.0 + SSL Breaks down!
    ... Ok, I asked the IIS SSL developer, and he gave me the details. ... bad public specification on SSL make SSL Client Certificates ...
    (microsoft.public.inetserver.iis)
  • Re: Can SSL sessions be compromised?
    ... etc) attachments using webmail during these SSL sessions. ... who the client thinks the server is ... ... part of this has to do with the fundamental digital certificate and PKI ...
    (comp.security.misc)
  • Re: OpenSSL read/write timeouts
    ... This is an example of a SSL client with minimum functionality. ... This SSL client verifies the server's certificate against the ... the SSL server does not request & verify the client ...
    (comp.os.vms)