Date: Sun, 3 Oct 2004 20:46:00 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Mike Jeays <Mike.Jeays@rogers.com> Cc: freebsd-questions@freebsd.org Subject: Re: SMTP Authentication Message-ID: <20041003194600.GA10737@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <1096815728.30508.37.camel@chaucer> References: <1096815728.30508.37.camel@chaucer>
next in thread | previous in thread | raw e-mail | index | archive | help
--mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 03, 2004 at 11:02:08AM -0400, Mike Jeays wrote: > How do I tell sendmail to provide an authentication string when I ask it > to send messages to my ISP (a cable provider)? They use PLAIN > authentication, and I did not have too much trouble getting the base 64 > string by snooping with Ethereal when I sent mail from Evolution, and > can send out emails "by hand" or from an Expect script. >=20 > The relevant part of my sendmail config file is: >=20 > define(`SMART_HOST', `smtp.broadband.rogers.com') >=20 > set SASL options > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl That's fine as it goes, but that's mostly to do with the server side of SMTP AUTH. =20 > There doesn't seem any way to tell it what my userid and password for > the ISP should be. >=20 > I have tried reading various documentation, but haven't been able to > find what is required. This is what the /etc/mail/authinfo file is for. This is the page you need to read -- specifically the second half: http://www.sendmail.org/m4/smtp_auth.html (or see the section "Providing SMTP AUTH Data when sendmail acts as Client" in /usr/share/sendmail/cf/README, which is basically the same text.) The define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl stuff is actually deprecated, but it still works for the time being. However, to be completely up to date and for maximum future proofing, instead of that line, you should use: FEATURE(`authinfo', `hash -o /etc/mail/authinfo')dnl Then edit the file /etc/mail/authinfo adding text as shown in the documentation: AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST= -MD5" AuthInfo:more.dom "U:user" "P=3Dc2VjcmV0" Then process that file into the db hash type read by Sendmail: # makemap hash authinfo.db < authinfo and make sure that the authinfo data is properly secured: # chown root:wheel authinfo* # chmod 600 authinfo* Then restart sendmail and try a few tests. Note that if you're using PLAIN authentication you should also use privacy options 'goaway' to help prevent the password being trivially disclosed: define(`confPRIVACY_FLAGS', `authwarnings,goaway')dnl You can use this method (with certain small modifications) to authenticate your MSP sendmail instance to your MTA sendmail -- search for 'msp-authinfo' in /usr/share/sendmail/cf/README. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBYFb4iD657aJF7eIRAgLjAKCWmkGzfZwCrWncqSzNQj8SYNbWHACeJGyT jclp1/yTwnI064fN1ee/wwU= =2Acp -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041003194600.GA10737>