Date: Sun, 30 Dec 2007 01:33:12 +0300 From: Yuri Pankov <yuri.pankov@gmail.com> To: Andrew Falanga <af300wsm@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Having problems with SMTP authentication Message-ID: <20071229223312.GA96302@darklight.org.ru> In-Reply-To: <200712291524.42466.af300wsm@gmail.com> References: <200712291336.58690.af300wsm@gmail.com> <4776B33A.4050105@infracaninophile.co.uk> <200712291524.42466.af300wsm@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 29, 2007 at 03:24:42PM -0700, Andrew Falanga wrote: > On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: > > Andrew Falanga wrote: > > > dnl set SASL options > > > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > > > > But when I ask my e-mail client to "check what the server supports", the > > > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > > > listed when it's included in this macro file? Is there anything missing > > > from this section of the handbook that I've missed? > > > > LOGIN will only be enabled over an encrypted connection. All you need > > to do to enable the stock sendmail to support STARTTLS is tell it to > > use one or more SSL certs. Adding something like this to > > /etc/mail/`hostname`.mc is how to do that: > > this seems to imply you want me to create a file named <hostname>.mc. The > instructions I followed in the handbook also mentioned that, "Many > administrators choose to use the output from hostname(1) as the .mc file for > uniqueness." Do I have to make this new file, paste into it all the stuff > in "freebsd.mc" and then add these lines too? > Just run `make` in /etc/mail, it will create `hostname`.mc for you, edit it, and run `make all install restart` (targets are described in /etc/mail/Makefile). > > > > dnl > > dnl TLS stuff > > dnl > > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > > define(`confCACERT_PATH', `CERT_DIR')dnl > > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl > > > > Which means you'ld put the PEM encoded cacert, key and cert into > > /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert > > respectively. To generate all of those, there are some pithy > > instructions here: > > > > http://www.sendmail.org/~ca/email/other/cagreg.html > > Thanks for all this. > > Andy > > > > > When submitting a new message, most mail clients will automatically > > do STARTTLS if it's available. > > > > Cheers, > > > > Matthew HTH, Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071229223312.GA96302>