From owner-freebsd-isp@FreeBSD.ORG  Sat Sep 22 17:59:09 2007
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 91FB416A418
	for <freebsd-isp@freebsd.org>; Sat, 22 Sep 2007 17:59:09 +0000 (UTC)
	(envelope-from mwlucas@bewilderbeast.blackhelicopters.org)
Received: from bewilderbeast.blackhelicopters.org
	(bewilderbeast.blackhelicopters.org [198.22.63.8])
	by mx1.freebsd.org (Postfix) with ESMTP id 51E2B13C467
	for <freebsd-isp@freebsd.org>; Sat, 22 Sep 2007 17:59:09 +0000 (UTC)
	(envelope-from mwlucas@bewilderbeast.blackhelicopters.org)
Received: from bewilderbeast.blackhelicopters.org (localhost [127.0.0.1])
	by bewilderbeast.blackhelicopters.org (8.14.1/8.13.8) with ESMTP id
	l8MHiPfO037561
	for <freebsd-isp@freebsd.org>; Sat, 22 Sep 2007 13:44:26 -0400 (EDT)
	(envelope-from mwlucas@bewilderbeast.blackhelicopters.org)
Received: (from mwlucas@localhost)
	by bewilderbeast.blackhelicopters.org (8.14.1/8.13.8/Submit) id
	l8MHiPvM037560
	for freebsd-isp@freebsd.org; Sat, 22 Sep 2007 13:44:25 -0400 (EDT)
	(envelope-from mwlucas)
Date: Sat, 22 Sep 2007 13:44:25 -0400
From: "Michael W. Lucas" <mwlucas@blackhelicopters.org>
To: freebsd-isp@freebsd.org
Message-ID: <20070922174425.GA37518@bewilderbeast.blackhelicopters.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.2i
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0
	(bewilderbeast.blackhelicopters.org [127.0.0.1]);
	Sat, 22 Sep 2007 13:44:26 -0400 (EDT)
Subject: SMTP AUTH over SSL only?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Sep 2007 17:59:09 -0000

Hi folks,

I have a FreeBSD 7.0 server where I'd like to authenticate against
/etc/master.passwd when using SMTP AUTH and Sendmail.  This means
using LOGIN, which can use either plain text or SSL-tunneled
connections.  I'd like to allow SMTP AUTH only over SSL, and disallow
it over unencrypted connections.  Any suggestions on this?  Surely
there's just some switch I'm missing?  The archives and search engines
are full of people trying to get SSL working, not people trying to
turn off non-SSL connections.

Here's the relevant snippets of sendmail.mc I'm using.

TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`CERT_DIR', `/usr/local/etc/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/hostname-key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/hostname.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/hostname-key.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Any suggestions greatly appreciated!

Thanks,
==ml

-- 
Michael W. Lucas 	mwlucas@BlackHelicopters.org, mwlucas@FreeBSD.org
		http://www.BlackHelicopters.org/~mwlucas/
      Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com
On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons."