From owner-freebsd-questions@FreeBSD.ORG Sun Dec 30 00:17:17 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27C9316A417 for ; Sun, 30 Dec 2007 00:17:17 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 9EA6013C465 for ; Sun, 30 Dec 2007 00:17:16 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: by fg-out-1718.google.com with SMTP id 16so2961916fgg.35 for ; Sat, 29 Dec 2007 16:17:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:received:x-authentication-warning:date:from:to:cc:subject:message-id:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; bh=FS7ZZ4vvRI+T0wDRVctsxP7xvZJ4/QR67NSSv5YUasM=; b=lmZ9d+3XNOAeHBZuj8OV1W0LzNiTTieAsnRSF3G4Ykur6Rq/pGojKA8sWcLbz7QdZkbGbwedPQN7R9d5hE5ALcn3gOatkUz0RlWO+kw2WEonl+acJ9sZNc0NrJD21j+wXKitJEh+V6imQHgYxdKqbjkTLWwtbPGkO7QIq9QXws8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=x-authentication-warning:date:from:to:cc:subject:message-id:references:mime-version:content-type:content-disposition:in-reply-to:user-agent; b=Z6ptiFSN08CAUXakZj6W1Rd2XNIrDn8VxQf/KJtBuLAkuMceok3SkAKyWBLxa3QTdyHVXoI62K0IolUy969xvAWiyhswIk2gIqePOOBxOnGQ2EYmLU3oZbZ8G454xC0ejq9vUhhGQtG2WtE6MPrIT1YDZe04edr+lQqmgZM+390= Received: by 10.86.60.7 with SMTP id i7mr4784580fga.67.1198972305943; Sat, 29 Dec 2007 15:51:45 -0800 (PST) Received: from darklight.org.ru ( [194.186.18.14]) by mx.google.com with ESMTPS id a37sm15162388fkc.3.2007.12.29.15.51.42 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 29 Dec 2007 15:51:45 -0800 (PST) Received: from darklight.org.ru (smmsp@darklight.org.ru [127.0.0.1]) by darklight.org.ru (8.14.2/8.14.2) with ESMTP id lBTNpTlv007367; Sun, 30 Dec 2007 02:51:37 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) Received: (from yuri@localhost) by darklight.org.ru (8.14.2/8.14.2/Submit) id lBTMXCrm006980; Sun, 30 Dec 2007 01:33:12 +0300 (MSK) (envelope-from yuri.pankov@gmail.com) X-Authentication-Warning: darklight.org.ru: yuri set sender to yuri.pankov@gmail.com using -f Date: Sun, 30 Dec 2007 01:33:12 +0300 From: Yuri Pankov To: Andrew Falanga Message-ID: <20071229223312.GA96302@darklight.org.ru> References: <200712291336.58690.af300wsm@gmail.com> <4776B33A.4050105@infracaninophile.co.uk> <200712291524.42466.af300wsm@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200712291524.42466.af300wsm@gmail.com> User-Agent: Mutt/1.5.17 (2007-11-01) Cc: FreeBSD Questions Subject: Re: Having problems with SMTP authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Dec 2007 00:17:17 -0000 On Sat, Dec 29, 2007 at 03:24:42PM -0700, Andrew Falanga wrote: > On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: > > Andrew Falanga wrote: > > > dnl set SASL options > > > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > > > > But when I ask my e-mail client to "check what the server supports", the > > > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > > > listed when it's included in this macro file? Is there anything missing > > > from this section of the handbook that I've missed? > > > > LOGIN will only be enabled over an encrypted connection. All you need > > to do to enable the stock sendmail to support STARTTLS is tell it to > > use one or more SSL certs. Adding something like this to > > /etc/mail/`hostname`.mc is how to do that: > > this seems to imply you want me to create a file named .mc. The > instructions I followed in the handbook also mentioned that, "Many > administrators choose to use the output from hostname(1) as the .mc file for > uniqueness." Do I have to make this new file, paste into it all the stuff > in "freebsd.mc" and then add these lines too? > Just run `make` in /etc/mail, it will create `hostname`.mc for you, edit it, and run `make all install restart` (targets are described in /etc/mail/Makefile). > > > > dnl > > dnl TLS stuff > > dnl > > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > > define(`confCACERT_PATH', `CERT_DIR')dnl > > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl > > > > Which means you'ld put the PEM encoded cacert, key and cert into > > /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert > > respectively. To generate all of those, there are some pithy > > instructions here: > > > > http://www.sendmail.org/~ca/email/other/cagreg.html > > Thanks for all this. > > Andy > > > > > When submitting a new message, most mail clients will automatically > > do STARTTLS if it's available. > > > > Cheers, > > > > Matthew HTH, Yuri