From owner-freebsd-arch Sat Jul 13 17:14:40 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BDCD37B400 for ; Sat, 13 Jul 2002 17:14:39 -0700 (PDT) Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4983543E4A for ; Sat, 13 Jul 2002 17:14:38 -0700 (PDT) (envelope-from gshapiro@gshapiro.net) Received: from monkeyboy.gshapiro.net (root@[IPv6:2001:218:1e1f:40:260:1dff:fef0:e51f]) by horsey.gshapiro.net (8.12.5.Beta0/8.12.5.Beta0) with ESMTP id g6DNgFdN085698 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sat, 13 Jul 2002 16:42:17 -0700 (PDT) Received: from monkeyboy.gshapiro.net (gshapiro@localhost [127.0.0.1]) by monkeyboy.gshapiro.net (8.12.5/8.12.5) with ESMTP id g6DNgCuo009681 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 13 Jul 2002 16:42:13 -0700 (PDT) (envelope-from gshapiro@monkeyboy.gshapiro.net) Received: (from gshapiro@localhost) by monkeyboy.gshapiro.net (8.12.5/8.12.5/Submit) id g6DNgBhv009678; Sat, 13 Jul 2002 16:42:11 -0700 (PDT) (envelope-from gshapiro) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15664.47827.844708.151118@monkeyboy.gshapiro.net> Date: Sat, 13 Jul 2002 16:42:11 -0700 From: Gregory Neil Shapiro To: Terry Lambert Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Mail subsystem defaults, adding authentication. In-Reply-To: <3D300FD4.7479A8E5@mindspring.com> References: <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com> <20020713045704.GA49379@ussenterprise.ufp.org> <3D300FD4.7479A8E5@mindspring.com> X-Mailer: VM 7.03 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG tlambert2> You need to submit your patches for this to the sendmail people. tlambert2> Without modification, sendmail does not enforce use of SSL for tlambert2> permitting advertisement of SMTP AUTH, and therefore addition of tlambert2> a pseudo-RFC-2595 "PLAIN" or "EXTERNAL X-UNIX" mechansim can not tlambert2> reasonably be added to FreeBSD so that it's operational by default. tlambert2> The STARTTLS SMTP command doesn't work, because it is issued tlambert2> after the EHLO, which solicits the capabilities list that exposes tlambert2> the SMTP AUTH. The only method that works, therefore, is to use tlambert2> an SSL connection -- SMTPS... port 465, instead of port 25). You tlambert2> can see the order of operation problem, I hope? You need to go back and read the RFC's/documentation. First, you can limit the AUTH mechanisms offered based on whether STARTTLS was used or not. Second, after a successful STARTTLS negotiation, a new EHLO is done and a new set of AUTH mechanisms is given. You can (and should) use STARTTLS with SMTP AUTH PLAIN/LOGIN and do not (and should not) use SMTP over SSL as it is non-standard. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message