From owner-freebsd-questions@freebsd.org Mon Jul 10 15:34:23 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2C7BDAAEEC for ; Mon, 10 Jul 2017 15:34:23 +0000 (UTC) (envelope-from as@cmplx.uk) Received: from jail0199.vps.exonetric.net (jail0199.vps.exonetric.net [IPv6:2a02:1658:1::199:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "jail0199.vps.exonetric.net", Issuer "jail0199.vps.exonetric.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5E56268A57 for ; Mon, 10 Jul 2017 15:34:23 +0000 (UTC) (envelope-from as@cmplx.uk) Received: from jail0199.vps.exonetric.net (jail0199.vps.exonetric.net [178.250.76.108]) by jail0199.vps.exonetric.net (8.15.2/8.15.2) with ESMTPS id v6AFYLX6021479 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 10 Jul 2017 15:34:21 GMT (envelope-from as@jail0199.vps.exonetric.net) Received: (from as@localhost) by jail0199.vps.exonetric.net (8.15.2/8.15.2/Submit) id v6AFYLeA021478 for freebsd-questions@freebsd.org; Mon, 10 Jul 2017 15:34:21 GMT (envelope-from as) Date: Mon, 10 Jul 2017 15:34:21 GMT From: Anton Shterenlikht Message-Id: <201707101534.v6AFYLeA021478@jail0199.vps.exonetric.net> To: freebsd-questions@freebsd.org Subject: SOLVED: WAS Re: sendmail status and auth advice In-Reply-To: <201707101210.v6ACACeW010883@jail0199.vps.exonetric.net> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jul 2017 15:34:23 -0000 Matthew Seaman matthew at FreeBSD.org Mon Jul 10 12:56:18 UTC 2017 > >Authentication setup in sendmail hasn't changed for quite some time, so >the old docs you may find online are probably still relevant. One >problem you'll find is that the vast majority of the stuff you'll find >about sendmail authentication is talking about sendmail acting as the >server end of the authentication, whereas you want it to behave as the >client end. If I recall correctly that needs authinfo settings in >/etc/mail/access, or (recommended) you need to add FEATURE(`authinfo') >to your .mc file to create a dedicated file. Yes, "Using sendmail as a client with AUTH", http://www.sendmail.org/~ca/email/auth.html#authclientinfo has the required info, apart from: define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl which is mentioned here: https://unix.stackexchange.com/questions/132711/using-port-587-with-sendmail >I'd advise you to get hold of a copy of the O'Reilly Sendmail book -- >that's a pretty comprehensive guide on everything you need to know about >configuring sendmail. I have this book in the library, in fact I ordered it, but... it's a complete monster to read. >Another surprisingly useful guide is >/usr/share/sendmail/cf/README -- it covers a remarkably large amount of >stuff. Agreed. For what I need, one can go straight to SMTP AUTHENTICATION section. >If you are trying to configure sendmail to pretend to be a mail client >and submit messages by port 587 then in general you don't need a local >SSL certificate. Unless, of course, your service provider has >configured things to require one, but office365 doesn't do that. Yes, this is indeed what I'm trying to do, which, as I found out is called "Using sendmail as a client with AUTH". >However, normal sysadminly paranoia suggests that you definitely want >STARTTLS to happen before sendmail tries to send any passwords around. >I know it is possible to enforce that from the sendmail client end, but >I've forgotten exactly how since I stopped using sendmail for anything >significant mail-wize. This I haven't figured out yet. Thanks Anton