Author: Vic Date: To: Hampshire LUG Discussion List Subject: Re: [Hampshire] sendmail oddity
> anyone recognise what this means?
Yep. I panicked the first time I saw it too :-)
> Jun 11 07:20:03 [host name] sendmail[26730]: STARTTLS=client,
> relay=xxxyz.co.uk.inbound10.symantecmail.net., version=TLSv1/SSLv3,
> verify=FAIL, cipher=AES256-SHA, bits=256/256
Note that this is a failure of verification, not a failure to deliver mail...
The key here is the STARTTLS verb. This tells the MTAs to Start using
Transport Layer Security - i.e. an encrypted channel. STARTTLS means your
SMTP traffic doesn't get sent in the clear - a Good THing (tm).
STARTTLS will cause an exchange of keys in the normal way of such things.
The first thing sendmail tries to do is to verify the authenticity of the
key - but as you haven't set up any such authentication, it will fail.
This is the FAIL message you're seeing - sendmail has been unable to prove
that the key it's been given is genuine.
Note that this won't stop the key being used - your traffic is still
secured. But you'll get this log message (just in case you were
experiencing a MITM attack).
