Originally posted by: aixunix33

Latest aix 7.1 sendmail

configure tls as this

nclude(`/usr/samples/tcpip/sendmail/m4/cf.m4')
divert(0)dnl
VERSIONID(`Mustafar')
OSTYPE(aixsample)dnl
DOMAIN(`generic')dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
define(`confRUN_AS_USER', `mailnull:mail')
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)dnl
define(`confCACERT_PATH', `/opt/freeware/etc/pki//certs')dnl
define(`confCACERT', `/opt/freeware/etc/pki//certs/blu.privata.crt')dnl
define(`confSERVER_CERT', `/opt/freeware/etc/pki//certs/ibmaix.blu.privata.crt')dnl
define(`confSERVER_KEY', `/opt/freeware/etc/pki//private/ibmaix.blu.privata.key')dnl
define(`confCLIENT_CERT', `/opt/freeware/etc/pki//certs/ibmaix.blu.privata.crt')dnl
define(`confCLIENT_KEY', `/opt/freeware/etc/pki//private/ibmaix.blu.privata.key')dnl
define(`confRAND_FILE',`egd:/dev/urandom')dnl
D{tls_version}TLSv1
O DHParameters=/opt/freeware/etc/pki/private/dhparams.pem
O PrivacyOptions=goaway
dnl# hide stmp version
define(`confSMTP_LOGIN_MSG',`Sendomail $w MTA pronto per servirvi ; $b')
LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=HIGH:!ADH-DES-CBC3-SHA:!ADH-AES128-SHA:!ADH-AES256-SHA:!ADH-CAMELLIA128-SHA:!ADH-CAMELLIA256-SHA:!DH-AES128-SHA256:!DH-AES256-SHA256:!aNULL:!DES:!3DES:!MD5:!DES+MD5:!RC4
O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE
O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
O PidFile=/var/run/sendmail.pid


On Linux i have the same configuration,but with

new sendmail version.

When i send a letter to aix workstation on linux i see those

messages

Jan 21 21:25:37 slack64 sendmail[7482]: u0LKPZ4W007482: to=root@ibmaix, ctladdr=giuseppe (10083/100), delay=00:00:02, xdelay=00:00:01, mailer=relay, pri=30194, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u0LKPaYA007483 Message accepted for delivery)
Jan 21 21:26:37 slack64 sendmail[7511]: u0LKQahO007511: from=giuseppe, size=194, class=0, nrcpts=1, msgid=<201601212026.u0LKQahO007511@slack64.blu.privata>, relay=giuseppe@localhost
Jan 21 21:26:37 slack64 sm-mta[7512]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jan 21 21:26:37 slack64 sendmail[7511]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256

And the mail return to me.

what's the problem?

Self signed certs or other?

On other servers i can send email with tls

Originally posted by: gsrini

Hi,

Have you linked "/usr/lib/sendmail" with "/usr/sbin/sendmail_ssl" on the AIX sendmail server? Also please check if you have installed the latest openssl version.

Regards,

Srinivas.

Originally posted by: aixunix33

Yes of course is linked

Originally posted by: gsrini

You can also run "openssl s_client -starttls smtp -connect localhost:25" on the AIX server to check if sendmail with TLS is configured properly.

Originally posted by: aixunix33

This command runs fine

openssl s_client -connect ibmaix:25 -starttls smtp -tls1