From owner-freebsd-questions@freebsd.org Sun Mar 11 19:57:11 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5A379F4A743 for ; Sun, 11 Mar 2018 19:57:11 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (mail.dpedia.de [178.254.4.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DA6027BEEE for ; Sun, 11 Mar 2018 19:57:09 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [87.152.186.245] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1ev6RV-0003Ve-NE for freebsd-questions@freebsd.org; Sun, 11 Mar 2018 20:15:37 +0100 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id w2BJFbH7002225 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 11 Mar 2018 20:15:37 +0100 (CET) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.15.2/8.14.9/Submit) id w2BJFbWu002224 for freebsd-questions@freebsd.org; Sun, 11 Mar 2018 20:15:37 +0100 (CET) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Sun, 11 Mar 2018 20:15:37 +0100 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: Re: difficulty installing sendmail+tls+sasl2 package Message-ID: <20180311191537.GA2197@c720-r314251> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) X-message-flag: Mails containing HTML will not be read! Please send only plain text. User-Agent: Mutt/1.8.0 (2017-02-23) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 87.152.186.245 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2018 19:57:11 -0000 Here is what I (always on any update) run to get sendmail working with SASL; and note: regarding your last question about imap and smartphones: this has nothing todo with running sendmail as an outbound server. HIH matthias $Id: sendmail.txt,v 1.5 2017/03/07 16:37:50 guru Exp $ how to enable AUTH in SMTP (required since 2010 for my outbound mail): we need the follwing ports and a recompiled 'sendmail' with some config; details are described here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html - install port security/cyrus-sasl2 - config line in /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd - install port security/cyrus-sasl2-saslauthd, - edit /etc/rc.conf: saslauthd_enable="YES" - restart daemon with # /usr/local/etc/rc.d/saslauthd start - recompile sendmail with /etc/make.conf set to SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # cd /usr/src/lib/libsmutil # make cleandir && make obj && make # cd /usr/src/lib/libsm # make cleandir && make obj && make # cd /usr/src/usr.sbin/sendmail # make cleandir && make obj && make && make install - configure sendmail with the lines in /etc/mail/current.Sisis.de.mc: # added by guru # define(`SMART_HOST', `smtp.1blu.de')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`masquerade_envelope') FEATURE(`accept_unresolvable_domains') FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl # MAILER(local) MAILER(smtp) # added by guru # MASQUERADE_AS(`unixarea.de') # dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl # # end of adds - run make and move the config as: # mv current.Sisis.de.cf sendmail.cf # mv current.Sisis.de.submit.cf submit.cf # /etc/rc.d/sendmail onerestart AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html - config AUTH in (create) /etc/mail/auth/client-info as: AuthInfo:smtp.1blu.de "U:root" "I:w51XXXXXXXXXX" "P:XXXXXXXXXXXXX" see: http://www.sendmail.org/documentation/configurationReadme The RHS for an AuthInfo: entry in the access map should consists of a list of tokens, each of which has the form: "TDstring" (including the quotes). T is a tag which describes the item, D is a delimiter, either ':' for simple text or '=' for a base64 encoded string. Valid values for the tag are: U user (authorization) id I authentication id P password R realm M list of mechanisms delimited by spaces - build the database # cd /etc/mail/auth # makemap hash client-info < client-info # chmod 0600 client-info all should be fine now; - to test SSL: # /etc/rc.d/sendmail restart # printf "To: guru@unixarea.de\nSubject: r314251 test\n\ntest\n" | /usr/sbin/sendmail -t # tail -f /var/log/maillog Oct 5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Oct 5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=, ctladdr= (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu) -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045