STARTTLS is not being offered by sendmail when I telnet to the local port on the localhost. STARTTLS is compiled into sendmail. I have valid certificates, pointed to in the .mc file, built to a .cf file. There is a listener running on port 587 and in the log I see entries that seem to indicate it is running:
STARTTLS=server, Diffie-Hellman init, key=1024 bit (1)
STARTTLS=server, init=1
But when I issue EHLO, no STARTTLS. I have set debugging to Level 14, then to 100 because, well, why not? Yet there are no clues. I don't need auth, so I am not using those options in the config, nor am I running saslauthd. Regardless, it should be offered if I have certificates, they are in the correct path expected in the config file, etc.
Any advice?