From owner-freebsd-security Tue Sep 17 6:22:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1EFB37B401 for ; Tue, 17 Sep 2002 06:22:25 -0700 (PDT) Received: from host185.dolanmedia.com (host185.dolanmedia.com [209.98.197.185]) by mx1.FreeBSD.org (Postfix) with SMTP id B1CB543E6A for ; Tue, 17 Sep 2002 06:22:24 -0700 (PDT) (envelope-from greg.panula@dolaninformation.com) Received: (qmail 78485 invoked by uid 0); 17 Sep 2002 13:22:24 -0000 Received: from greg.panula@dolaninformation.com by proxy with qmail-scanner-0.96 (. Clean. Processed in 0.489811 secs); 17 Sep 2002 13:22:24 -0000 X-Qmail-Scanner-Mail-From: greg.panula@dolaninformation.com via proxy X-Qmail-Scanner-Rcpt-To: freebsd-security@freebsd.org X-Qmail-Scanner: 0.96 (No viruses found. Processed in 0.489811 secs) Received: from unknown (HELO mail.dolanmedia.com) (10.1.1.23) by host185.dolanmedia.com with SMTP; 17 Sep 2002 13:22:23 -0000 Received: from dolaninformation.com (10.1.1.135) by mail.dolanmedia.com (Worldmail 1.3.167) for freebsd-security@freebsd.org; 17 Sep 2002 08:22:23 -0500 Message-ID: <3D872C8E.C0D318DD@dolaninformation.com> Date: Tue, 17 Sep 2002 08:22:22 -0500 From: Greg Panula Reply-To: greg.panula@dolaninformation.com Organization: Dolan Information Center Inc X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: asmtp 587 - quickie faq submission References: <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de> <20020911161018.GE19536@lupe-christoph.de> <008e01c25b58$2a2eb930$11fd2fd8@ADMIN00> <20020915122440.GF23222@lupe-christoph.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, here is the latest&greatest version: FAQ Submission: ASMTP Q: What is ASMTP? A: Authenticated SMTP, as explained in RFC 2554 Q: What is ASMTP good for? A: Allow the SMTP server to authenticate users before allowing them to use the smtp service for sending mail. Useful if you have roaming users that connect from foreign networks (e.g. hotel somewhere). Q: How do I or my users make use of ASMTP? A: The user's email client needs to be configured to authenticate themselves to the smtp server. Earthlink has a FAQ section explaining various email client configurations at http://support.earthlink.net/mu/1/psc/img/walkthroughs/Help_FAQ/7280.psc.html Q: How do I implement ASMTP on my mail server? A: Depends on your MTA. Q: Ok, how about with Postfix? A: For information about configuring ASMTP&Postfix checkout: http://howto.state-of-mind.de/ Q: Ok, how about with Sendmail? A: To implement ASMTP, you must install a sendmail with SASL compiled in. This requires the installation of the cyrus-sasl port. After you have installed cyrus-sasl, documentation for the modification of sendmail can be found in /usr/local/share/doc/cyrus-sasl/Sendmail.README. Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2 port. The documentation for this version ends up in .../doc/cyrus-sasl2. You can then either recompile the system's sendmail as described in /usr/local/share/doc/cyrus-sasl*/Sendmail.README or in /etc/defaults/make.conf (look for SASL) or install the sendmail-sasl port, and replace the default sendmail with the one from that port. Some additional information can be found at: http://www.sendmail.org/~ca/email/auth.html http://www.sendmail.org/~gshapiro/security.pdf FAQ Submission: Sendmail & port 587 Q: Why does Sendmail listen on Port 587? A: For compliance with RFC 2476 which states that separating the different parts of mail handling (submissions&transfers) is a good thing and port 587 was deemed to be the port for handling submissions. Sendmail 8.10.0 introduced DaemonPortOptions to support this. Checkout http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html for some quick info about DaemonPortOptions. Q: How do I turn off the Message Submission Agent aka stop Sendmail from listening on port 587? A: A: Add FEATURE(`no_default_msa') your config.mc config file and recreate your sendmail.cf file. Brief example of recreating your sendmail.cf can be found at: http://www.sendmail.org/m4/intro.html Comments, suggestions, corrections? Thanks, Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message