cyrusv2 (lmtp) broken with tls enabled?

Fri, 19 Jul 2024 10:36:54 -0700 

Hi,

 I cannot get sendmail with the cyrusv2 mailer to send messages over lmtp with 
tls enabled on the cyrus imap server.

I have a public smtp server running sendmail that is configured to forward 
received items to a second server running cyrus imapd version 3.4.3. if I 
disable tls on the second server the items are received with no issues, even if 
I am using mech: DIGEST-MD5 for authentication. I think the issue is that the 
public server with cyrusv2 mailer is not using starttls:

:inittls: Loading hard-coded DH parameters
: Set client CA list: Client cert requested, not required
: SSL_accept() incomplete -> wait
: SSL_accept() incomplete -> wait
: Doing a peer verify
: *verify error:num=30:authority and subject key identifier mismatch*
: certificate verify failed in SSL_accept() -> fail

I believe the "*verify error:num=30:authority and subject key identifier 
mismatch*" is caused when a non ssl connection is trying to connect to an port 
that has ssl enabled.

if I run  lmtptest from the public server it connects with out issue:

lmtptest -t "" -p 24 -m DIGEST-MD5 -a cy...@example.com  -w mypassword 
imap.example.com

: inittls: Loading hard-coded DH parameters
: Set client CA list: Client cert requested, not required
: SSL_accept() incomplete -> wait
: SSL_accept() incomplete -> wait
: SSL_accept() succeeded -> done
: starttls: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits new) no 
authentication
: login: imap.example.com [x.x.x.x] cy...@example.com DIGEST-MD5+TLS User 
logged in

Here is my Mailer config in the sendmail.cf file:

Mcyrusv2,       P=[IPC], F=lsDFMnqXzA@/:|m,
                S=EnvFromSMTP/HdrFromL, R=EnvToL/HdrToL, E=\r\n,
                T=DNS/RFC822/SMTP,
                A=*TCP imap.example.com lmtps*

I also tried:
             *A=TCP imap.example.com lmtp*

lmtp\lmtps is configured to use port 24 in /etc/services

*Is there a option needed to tell the cyrusv2 mailer to use starttls for lmtp 
connections?* The public server with cyrusv2 is cyrus-imapd 3.6.0-1. Both 
servers are using openssl 3.0

Disabling tls from imapd.conf on the imap (second) server does allow the items 
to be received. but I would prefer to have tls running. 

Thank You




------------------------------------------
Cyrus: Info
Permalink: 
https://cyrus.topicbox.com/groups/info/T9a5d608c085d377d-M0baeb96d03343c6f75731749
Delivery options: https://cyrus.topicbox.com/groups/info/subscription

Reply via email to