From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 15:48:11 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 01B101065672; Mon, 12 Mar 2012 15:48:11 +0000 (UTC) (envelope-from kamolpat@dmaccess.net) Received: from irpwifi3.truemail.co.th (irpwifi3.truemail.co.th [203.144.173.147]) by mx1.freebsd.org (Postfix) with ESMTP id D5F8D8FC16; Mon, 12 Mar 2012 15:48:07 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqsBAI4aXk86CIIh/2dsb2JhbAAMN6QukFWDYgEBAQQFASEkARgUARALCQoFBQECAQwBAQEHAQENAgcDAgECAQUOATEGCgMBBAECAQGIEa4uAY1FijWDHggBBYMgBIJehXSFJoICAZV0gTSBO4FKBg X-IronPort-AV: E=Sophos;i="4.73,571,1325437200"; d="gif'147?scan'147,208,217,147";a="486247585" Received: from ppp-58-8-130-33.revip2.asianet.co.th (HELO [192.168.1.2]) ([58.8.130.33]) by irp3.truemail.co.th with ESMTP; 12 Mar 2012 22:47:43 +0700 Message-ID: <4F5E1A9E.8020408@dmaccess.net> Date: Mon, 12 Mar 2012 22:47:42 +0700 From: kamolpat User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: Matthew Seaman References: <4F58D68D.2060700@dmaccess.net> <4F58ED8A.7050602@FreeBSD.org> <4F5DF97B.7070306@dmaccess.net> <4F5E00CE.6000600@FreeBSD.org> In-Reply-To: <4F5E00CE.6000600@FreeBSD.org> X-PCToolsMIME: Updated by PC Tools Mime Parser 1.0.0.4 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@FreeBSD.org Subject: Re: question about SMTP-authentication (3rd ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 15:48:11 -0000 Dear Matthew, Ok, I got sendmail complied. Thanks. But seem like ... POP3 still working in clear text usr/pwd sending to Server (but it work, I can get mail from server normal). When I chose option in ThunderBird to another mode, it doesn't work (accept "connection security: none", "authentication method: password transmitted insecurity" this is the option that TB dectected during setting mail account) SMTP doesn't work it declare from Thunder Bird: ================ Send Message Error The Kerberos/GSSAPI ticket was not accepted by the SMTP server mail.dmaccess.co.th Please check that you are logged in to the Kerberos/GSSAPI realm. (event I change "authentication method: Kerberos/GSSAPI", it still inform this message) from /var/log/maillog Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA this is my test on server ===================== ns1:kamolpat:/etc>telnet dmaccess.co.th 25 Trying 202.170.122.33... Connected to dmaccess.co.th. Escape character is '^]'. 220 ns1.dmaccess.co.th ESMTP Sendmail 8.14.4/8.14.4; Mon, 12 Mar 2012 22:23:14 GMT ehlo dmaccess.co.th 250-ns1.dmaccess.co.th Hello ns1.dmaccess.co.th [202.170.122.33], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP quit 221 2.0.0 ns1.dmaccess.co.th closing connection Connection closed by foreign host. this is my /etc/mail/freebsd.mc ============================= Other dnl Uncomment the first line to change the location of the default Other dnl /etc/mail/local-host-names and comment out the second line. Other dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') *Define* define(`confCW_FILE', `-o /etc/mail/local-host-names') Other Other dnl Enable for both IPv4 and IPv6 (optional) Other DAEMON_OPTIONS(`Name=IPv4, Family=inet') Other DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') Other *Define* define(`confBIND_OPTS', `WorkAroundBrokenAAAA') *Define* define(`confNO_RCPT_ACTION', `add-to-undisclosed') *Define* define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') Other Other GENERICS_DOMAIN_FILE(`/etc/mail/genericdomains'); Other Other dnl set SASL options Other TRUST_AUTH_MECH (`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl *Define* define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl Other Other dnl SSL Options *Define* define(`confCACERT_PATH',`/etc/ssl')dnl *Define* define(`confCACERT',`/etc/ssl/dm_new.crt')dnl *Define* define(`confSERVER_CERT',`/etc/ssl/dm_new.crt')dnl *Define* define(`confSERVER_KEY',`/etc/ssl/dm_ca.key')dnl *Define* define(`confTLS_SRV_OPTIONS',`V')dnl Other *Mailer* MAILER(local) *Mailer* MAILER(smtp) pkg_info ========= cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.25 SASL authentication server for cyrus-sasl2 ..... openssl-1.0.0_9 SSL and crypto library qpopper-4.0.9_3 Berkeley POP 3 server (now maintained by Qualcomm) sendmail-8.14.4_2 Reliable, highly configurable mail transfer agent with util ================================== ns1:kamolpat:/etc/ssl>ll total 32 -rw------- 1 root wheel 455 Mar 8 22:10 dm_RSA.key -rw------- 1 root wheel 736 Mar 8 22:12 dm_ca.key -rw------- 1 root wheel 1415 Mar 8 22:13 dm_new.crt -rw------- 1 root wheel 887 Mar 8 22:08 dmcert.pem -rw------- 1 root wheel 745 Mar 8 22:08 dmreq.pem -rw-rw---- 1 root wheel 11120 Mar 8 22:05 openssl.cnf -rw-rw---- 1 root wheel 9472 Mar 8 21:55 openssl.cnf.original ======================================= Installation of Open SSL according to FreeBSD Handbook->Chapter 15 Security -> 15.8 OpenSSL on freebsd.org What I do something wrong? Thanks Kamolpat On 3/12/2012 8:57 PM, Matthew Seaman wrote: > On 12/03/2012 13:26, kamolpat wrote: >> According to your recommendation .... (as following). When I do make at >> /usr/src/sur.sbin/sendmail it show as following. >> ns1:kamolpat:/usr/src/usr.sbin/sendmail>make clean >> rm -f sm_os.h sendmail alias.o arpadate.o bf.o collect.o conf.o >> control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o >> headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o >> ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o >> sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o >> udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz >> aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz >> aliases.5.cat.gz sendmail.8.cat.gz >> ns1:kamolpat:/usr/src/usr.sbin/sendmail>make >> ln -sf >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/include/sm/os/sm_os_freebsd.h >> sm_os.h >> cc -O2 -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src >> -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB >> -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS >> -D_FFR_TLS_1 -I/usr/local/include/sasl -DSASL=2 -std=gnu99 >> -fstack-protector -c >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c >> In file included from >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:135:25: >> error: sasl/sasl.h: No such file or directory >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:136:29: >> error: sasl/saslutil.h: No such file or directory >> In file included from >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:607: >> error: expected '=', ',', ';', 'asm' or '__attribute__' before ':' token >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:691: >> error: expected specifier-qualifier-list before 'sasl_conn_t' >> *** Error code 1 >> >> Stop in /usr/src/usr.sbin/sendmail. >> >> ======================================== >> then I try to find where is sasl.h >> >> ns1:kamolpat:/usr>find . -name "sasl.h" >> ./local/include/sasl/sasl.h >> ./ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.25/include/sasl.h >> ./ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.25/include/sasl.h >> >> >> What should I do next? Shold I just copy the sasl.h to >> /usr/src/contrib/sendmail/src/sendmail ? > No. Don't do that. It won't help anything. > > You need to follow my instructions correctly. Specifically this line > needs to be in /etc/make.conf in order to pick up the SASL header files: > > SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 > > Where, you will note, this does *not* say /usr/local/include/sasl, which > is what appears in your compiler output. > > Cheers, > > Matthew > E-mail message checked by Internet Security (7.0.0.508) Database version: 6.19440 http://www.pctools.com/en/internet-security/