Tablo ripper ssl

tablo ripper sendmail
I am getting an error message
sendmail failed the remote certificate is invalid according to the validation procedure
how do disable ssl
I am using a relay in my local LAN on port 25

Is the MTA STARTTLS capable?

yes, but it uses a self signed certificate

You probably have need to either get a root authorized chain in there or configure a plaintext port.

the MTA is a linux box running postfix , other apps sending mail I just deselect ssl

Try getting the MTA’s cert into the Windows cert store as trusted.

that sounds like a pain in the aaa, The linux box works well with comcast auth , I mostly use it for apps like this , security cam dvr , linux system mail…

Forget about what happens at the MTA. The closed source Wiindows application (Tablo Ripper) has the restiction that you must overcome. Either Windows has to trust the certificate or you must figure out some other workaround; e.g., routing traffic Ripper -> sTunnel -> MTA

ok thanks for the reply

BTW, The linux box is configured to accept plain text on port 25, it then rewraps the headers and forwards to comcast server authenticated as me.

Put a sniifer on the wire and see exactly how the MTA advertises to the MUA (Ripper).

it just open no auth needed from any node on LAN at the command prompt .
just type "mail xxxx@wwww.net " hit send.

MAIL is available on Windows? Is not MAIL a Unix command.

Most people will translate that as appropriate

I would think the only differences is ripper is forcing ssl to use the DNS MX record
instead of just trusting the relay config

I guess one can alias the PS command. I do use PS. I do not use *NIX boxes, have not for decades (Sun).

I have several other windows apps my email relay works no problem
eg: https://www.softperfect.com/products/wifiguard/manual/

The MUA (I’m sure; but closed source… ?) uses the Windows cert store and If the MTA advertises any SSL/TLS and there is a failure “the remote certificate is invalid”, the MUA SHOULD abort. I’m sure the simplest soultion is to do an ‘openssl s_client -connect mta:25 -showcerts’ and shove the chain into Windows as trusted.

Again, put a sniffer into mix and view the negotiations.

Also this client uses plaintext unless you’ve installed OpenSSL;maybe you have. View the captured packets for both applications.