Is there a way to completely disable outbound opportunistic TLS support in SendMail?
CentOS 5.x SendMail 8.14.4
An overzealous network security feature is causing TLS negotiations to fail when my Sendmail server tries to talk to external hosts. This is causing sendmail to constantly requeue some messages because it won't fail over to unencrypted delivery.
Is there a way to disable outbound TLS completely? I'm aware that I can add Try_TLS:broken.server NO entries for the individual mx records (or partial domains) but I'd prefer to just disable this entirely until the root cause gets resolved.
As far as I can tell, there doesn't appear to be any way to tell SendMail to not use TLS whatsoever.
I tried Try_TLS:* but that didn't work.
I understand that the root cause is not my specific system but as I don't have control of the affected parts, I'd like to at least get mail flowing. Any ideas?
Solution 1:
How about:
Try_TLS: NO
without the wildcard?
Solution 2:
I prefer @Adamo's answer but just in case someone else stumbles across this, there's an alternate method of doing this.
Locate the CLIENT_OPTIONS part of a sendmail.mc file and add M=S.
So for example, if you had something like:
CLIENT_OPTIONS(`Family=inet, Addr=1.2.3.4’)dnl
You could change it to:
CLIENT_OPTIONS(`Family=inet, M=S, Addr=1.2.3.4’)dnl
The difference is that with this second method, SendMail won't even bother to look for TLS at all (which could be arguably worse depending on how/why you're making this change).