Date: Mon, 12 Mar 2012 22:47:42 +0700 From: kamolpat <kamolpat@dmaccess.net> To: Matthew Seaman <matthew@FreeBSD.org> Cc: freebsd-questions@FreeBSD.org Subject: Re: question about SMTP-authentication (3rd ) Message-ID: <4F5E1A9E.8020408@dmaccess.net> In-Reply-To: <4F5E00CE.6000600@FreeBSD.org> References: <4F58D68D.2060700@dmaccess.net> <4F58ED8A.7050602@FreeBSD.org> <4F5DF97B.7070306@dmaccess.net> <4F5E00CE.6000600@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Matthew, Ok, I got sendmail complied. Thanks. But seem like ... POP3 still working in clear text usr/pwd sending to Server (but it work, I can get mail from server normal). When I chose option in ThunderBird to another mode, it doesn't work (accept "connection security: none", "authentication method: password transmitted insecurity" this is the option that TB dectected during setting mail account) SMTP doesn't work it declare from Thunder Bird: ================ Send Message Error The Kerberos/GSSAPI ticket was not accepted by the SMTP server mail.dmaccess.co.th Please check that you are logged in to the Kerberos/GSSAPI realm. (event I change "authentication method: Kerberos/GSSAPI", it still inform this message) from /var/log/maillog Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA this is my test on server ===================== ns1:kamolpat:/etc>telnet dmaccess.co.th 25 Trying 202.170.122.33... Connected to dmaccess.co.th. Escape character is '^]'. 220 ns1.dmaccess.co.th ESMTP Sendmail 8.14.4/8.14.4; Mon, 12 Mar 2012 22:23:14 GMT ehlo dmaccess.co.th 250-ns1.dmaccess.co.th Hello ns1.dmaccess.co.th [202.170.122.33], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP quit 221 2.0.0 ns1.dmaccess.co.th closing connection Connection closed by foreign host. this is my /etc/mail/freebsd.mc ============================= Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=78>; dnl Uncomment the first line to change the location of the default <http://202.170.122.33:10099/sendmail/move.cgi?idx=78&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=78&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=79>; dnl /etc/mail/local-host-names and comment out the second line. <http://202.170.122.33:10099/sendmail/move.cgi?idx=79&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=79&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=80>; dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') <http://202.170.122.33:10099/sendmail/move.cgi?idx=80&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=80&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=81>; define(`confCW_FILE', `-o /etc/mail/local-host-names') <http://202.170.122.33:10099/sendmail/move.cgi?idx=81&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=81&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=82>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=82&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=82&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=83>; dnl Enable for both IPv4 and IPv6 (optional) <http://202.170.122.33:10099/sendmail/move.cgi?idx=83&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=83&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=84>; DAEMON_OPTIONS(`Name=IPv4, Family=inet') <http://202.170.122.33:10099/sendmail/move.cgi?idx=84&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=84&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=85>; DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') <http://202.170.122.33:10099/sendmail/move.cgi?idx=85&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=85&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=86>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=86&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=86&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=87>; define(`confBIND_OPTS', `WorkAroundBrokenAAAA') <http://202.170.122.33:10099/sendmail/move.cgi?idx=87&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=87&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=88>; define(`confNO_RCPT_ACTION', `add-to-undisclosed') <http://202.170.122.33:10099/sendmail/move.cgi?idx=88&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=88&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=89>; define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') <http://202.170.122.33:10099/sendmail/move.cgi?idx=89&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=89&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=90>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=90&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=90&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=91>; GENERICS_DOMAIN_FILE(`/etc/mail/genericdomains'); <http://202.170.122.33:10099/sendmail/move.cgi?idx=91&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=91&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=92>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=92&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=92&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=93>; dnl set SASL options <http://202.170.122.33:10099/sendmail/move.cgi?idx=93&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=93&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=94>; TRUST_AUTH_MECH (`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=94&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=94&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=95>; define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=95&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=95&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=96>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=96&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=96&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=97>; dnl SSL Options <http://202.170.122.33:10099/sendmail/move.cgi?idx=97&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=97&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=98>; define(`confCACERT_PATH',`/etc/ssl')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=98&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=98&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=99>; define(`confCACERT',`/etc/ssl/dm_new.crt')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=99&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=99&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=100>; define(`confSERVER_CERT',`/etc/ssl/dm_new.crt')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=100&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=100&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=101>; define(`confSERVER_KEY',`/etc/ssl/dm_ca.key')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=101&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=101&up=1>; *Define* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=102>; define(`confTLS_SRV_OPTIONS',`V')dnl <http://202.170.122.33:10099/sendmail/move.cgi?idx=102&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=102&up=1>; Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=103>; <http://202.170.122.33:10099/sendmail/move.cgi?idx=103&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=103&up=1>; *Mailer* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=104>; MAILER(local) <http://202.170.122.33:10099/sendmail/move.cgi?idx=104&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=104&up=1>; *Mailer* <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=105>; MAILER(smtp) pkg_info ========= cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer) cyrus-sasl-saslauthd-2.1.25 SASL authentication server for cyrus-sasl2 ..... openssl-1.0.0_9 SSL and crypto library qpopper-4.0.9_3 Berkeley POP 3 server (now maintained by Qualcomm) sendmail-8.14.4_2 Reliable, highly configurable mail transfer agent with util ================================== ns1:kamolpat:/etc/ssl>ll total 32 -rw------- 1 root wheel 455 Mar 8 22:10 dm_RSA.key -rw------- 1 root wheel 736 Mar 8 22:12 dm_ca.key -rw------- 1 root wheel 1415 Mar 8 22:13 dm_new.crt -rw------- 1 root wheel 887 Mar 8 22:08 dmcert.pem -rw------- 1 root wheel 745 Mar 8 22:08 dmreq.pem -rw-rw---- 1 root wheel 11120 Mar 8 22:05 openssl.cnf -rw-rw---- 1 root wheel 9472 Mar 8 21:55 openssl.cnf.original ======================================= Installation of Open SSL according to FreeBSD Handbook->Chapter 15 Security -> 15.8 OpenSSL on freebsd.org What I do something wrong? Thanks Kamolpat On 3/12/2012 8:57 PM, Matthew Seaman wrote: > On 12/03/2012 13:26, kamolpat wrote: >> According to your recommendation .... (as following). When I do make at >> /usr/src/sur.sbin/sendmail it show as following. >> ns1:kamolpat:/usr/src/usr.sbin/sendmail>make clean >> rm -f sm_os.h sendmail alias.o arpadate.o bf.o collect.o conf.o >> control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o >> headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o >> ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o >> sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o >> udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz >> aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz >> aliases.5.cat.gz sendmail.8.cat.gz >> ns1:kamolpat:/usr/src/usr.sbin/sendmail>make >> ln -sf >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/include/sm/os/sm_os_freebsd.h >> sm_os.h >> cc -O2 -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src >> -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB >> -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS >> -D_FFR_TLS_1 -I/usr/local/include/sasl -DSASL=2 -std=gnu99 >> -fstack-protector -c >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c >> In file included from >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:135:25: >> error: sasl/sasl.h: No such file or directory >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:136:29: >> error: sasl/saslutil.h: No such file or directory >> In file included from >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:607: >> error: expected '=', ',', ';', 'asm' or '__attribute__' before ':' token >> /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:691: >> error: expected specifier-qualifier-list before 'sasl_conn_t' >> *** Error code 1 >> >> Stop in /usr/src/usr.sbin/sendmail. >> >> ======================================== >> then I try to find where is sasl.h >> >> ns1:kamolpat:/usr>find . -name "sasl.h" >> ./local/include/sasl/sasl.h >> ./ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.25/include/sasl.h >> ./ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.25/include/sasl.h >> >> >> What should I do next? Shold I just copy the sasl.h to >> /usr/src/contrib/sendmail/src/sendmail ? > No. Don't do that. It won't help anything. > > You need to follow my instructions correctly. Specifically this line > needs to be in /etc/make.conf in order to pick up the SASL header files: > > SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 > > Where, you will note, this does *not* say /usr/local/include/sasl, which > is what appears in your compiler output. > > Cheers, > > Matthew > E-mail message checked by Internet Security (7.0.0.508) Database version: 6.19440 http://www.pctools.com/en/internet-security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F5E1A9E.8020408>