Date: Mon, 10 Jul 2017 13:56:08 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: sendmail status and auth advice Message-ID: <c504f7dc-0097-843f-9f06-680f1f4d17f7@FreeBSD.org> In-Reply-To: <201707101210.v6ACACeW010883@jail0199.vps.exonetric.net> References: <201707101210.v6ACACeW010883@jail0199.vps.exonetric.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2pLlaKjwMCn6vVjhquxxKgSLpk1u2e0uM Content-Type: multipart/mixed; boundary="871fuqxQ61tc7HpLGNnsjHapJoIUkUHVd"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <c504f7dc-0097-843f-9f06-680f1f4d17f7@FreeBSD.org> Subject: Re: sendmail status and auth advice References: <201707101210.v6ACACeW010883@jail0199.vps.exonetric.net> In-Reply-To: <201707101210.v6ACACeW010883@jail0199.vps.exonetric.net> --871fuqxQ61tc7HpLGNnsjHapJoIUkUHVd Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2017/07/10 13:10, Anton Shterenlikht wrote: > https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.h= tml > points to > http://www.sendmail.org/~ca/email/auth.html > which is up to 8.13, last updated in 2006. > The version I have on FreeBSD 11.0-RELEASE-p9 is > sendmail+tls+sasl2-8.15.2_3. > So I'm worried the advice might not be up to date. > Is it? >=20 > Trying to find some sendmail docs online I realised > that sendmail.org now points to > https://www.proofpoint.com/us/sendmail-open-source > which seems to be a for profit company. > And there seem to be no sendmail docs on that site. >=20 > Are there still current sendmail docs online somewhere? >=20 > I'm struggling to set up sendmail on my server to *send* > only via smtp.office365.com 587 (STARTTLS). > What is the easiest strategy to implement and/or the > easiest guide to follow? >=20 > Am I correct that for send only use of AUTH I don't > need to issue or use certificates? >=20 > Would be thankful for any advice. >=20 Authentication setup in sendmail hasn't changed for quite some time, so the old docs you may find online are probably still relevant. One problem you'll find is that the vast majority of the stuff you'll find about sendmail authentication is talking about sendmail acting as the server end of the authentication, whereas you want it to behave as the client end. If I recall correctly that needs authinfo settings in /etc/mail/access, or (recommended) you need to add FEATURE(`authinfo') to your .mc file to create a dedicated file. I'd advise you to get hold of a copy of the O'Reilly Sendmail book -- that's a pretty comprehensive guide on everything you need to know about configuring sendmail. Another surprisingly useful guide is /usr/share/sendmail/cf/README -- it covers a remarkably large amount of stuff. If you are trying to configure sendmail to pretend to be a mail client and submit messages by port 587 then in general you don't need a local SSL certificate. Unless, of course, your service provider has configured things to require one, but office365 doesn't do that. However, normal sysadminly paranoia suggests that you definitely want STARTTLS to happen before sendmail tries to send any passwords around. I know it is possible to enforce that from the sendmail client end, but I've forgotten exactly how since I stopped using sendmail for anything significant mail-wize. Cheers, Matthew --871fuqxQ61tc7HpLGNnsjHapJoIUkUHVd-- --2pLlaKjwMCn6vVjhquxxKgSLpk1u2e0uM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJ8BAEBCgBmBQJZY3luXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnzw0P/2xn7REH4gRkpR1f/HoyzqEK GhcNjvDDOTFGrGxQ7CFIbLBbwOhBhNjAgfa2jD4nRVGzCZzGt0Xb3Hl2YeWAxf4M xecb8hm2wGIJnQMza02OLttMPE1J01CazsmjfAzW08fbpN1rGtaZ3Lkty9kIslW0 gdKKklSKHWiK664vo6cyKmS1tF6lfwcCoY9PmITptR54ElW+f/BNK6mpiyHO7tCT cGzQ7N2SLBYxX3+5m13i5ljuYQ/ka8/PlKN25/2APhhwZnsREQgZqr2DgpYL2uEV ISNwCFcaUqIcm+u+3VMs302XbEpxvKLVrgPn6gYQEAZrpGlZNmIlmTidjqnvxyTA +kO/x0CKB64y5ks6gObGBZxqyu4YytgQ2srFEEA30+BD4p6Anl8Vc+kr864Gcrey iTcaNPf4Anp3ohMlbjOnuTsolcjOyju9OD9MGM5y8zT/psgYzb4fB2o8E4i3K72y kJzL7AnZCLRfcFgO9s/ddNEcrRWodq+oeQIoLrJbPcrfvpuRiYsC8Hgf4yvfmg1y JGGDoQnIX+sKS5xknNNGNRALCXZMEOsg8YWbsRFa9F6L57ny/nUDcKh7v2H//7Yj RohYV5ncBI+yf7CQ95LllnokBk4IRYkphVHZA0UOPfjcvw2+Cof1o7VOyQN3lsLX 6Vi2OIXwbTm46kIn1MBB =tSbJ -----END PGP SIGNATURE----- --2pLlaKjwMCn6vVjhquxxKgSLpk1u2e0uM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c504f7dc-0097-843f-9f06-680f1f4d17f7>