From owner-freebsd-questions@FreeBSD.ORG Sat Dec 29 20:51:13 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D61716A419 for ; Sat, 29 Dec 2007 20:51:13 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 8A53813C468 for ; Sat, 29 Dec 2007 20:51:12 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id lBTKp6BK037383; Sat, 29 Dec 2007 20:51:07 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.4.1 smtp.infracaninophile.co.uk lBTKp6BK037383 Authentication-Results: smtp.infracaninophile.co.uk; dkim=hardfail (SSP) header.i=unknown Message-ID: <4776B33A.4050105@infracaninophile.co.uk> Date: Sat, 29 Dec 2007 20:51:06 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.9 (X11/20071122) MIME-Version: 1.0 To: Andrew Falanga References: <200712291336.58690.af300wsm@gmail.com> In-Reply-To: <200712291336.58690.af300wsm@gmail.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 29 Dec 2007 20:51:07 +0000 (GMT) X-Virus-Scanned: ClamAV 0.92/5284/Sat Dec 29 18:14:47 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on happy-idiot-talk.infracaninophile.co.uk Cc: FreeBSD Questions Subject: Re: Having problems with SMTP authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Dec 2007 20:51:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrew Falanga wrote: > dnl set SASL options > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > But when I ask my e-mail client to "check what the server supports", the > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > listed when it's included in this macro file? Is there anything missing from > this section of the handbook that I've missed? LOGIN will only be enabled over an encrypted connection. All you need to do to enable the stock sendmail to support STARTTLS is tell it to use one or more SSL certs. Adding something like this to /etc/mail/`hostname`.mc is how to do that: dnl dnl TLS stuff dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Which means you'ld put the PEM encoded cacert, key and cert into /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert respectively. To generate all of those, there are some pithy instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html When submitting a new message, most mail clients will automatically do STARTTLS if it's available. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdrM68Mjk52CukIwRCHdTAJ9oUv7PNaV41xopL9/uw1UMcx1gDACghT4Z orlyowTjs5ZXPsv+7B/nebg= =LWRP -----END PGP SIGNATURE-----