From owner-freebsd-questions@FreeBSD.ORG Tue Feb 13 00:32:28 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D8DF16A400 for ; Tue, 13 Feb 2007 00:32:28 +0000 (UTC) (envelope-from doug.mccomber@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.234]) by mx1.freebsd.org (Postfix) with ESMTP id 00BC613C48D for ; Tue, 13 Feb 2007 00:32:27 +0000 (UTC) (envelope-from doug.mccomber@gmail.com) Received: by nz-out-0506.google.com with SMTP id i11so1890193nzh for ; Mon, 12 Feb 2007 16:32:27 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OVpgevYqjOw51ayMzD/kSsQmRoA6ZpT/k0JAkvMt52HW8KeuenF0JY7QYEMH0BW/e9KdPWuzFWYcD/lIz7F5xgf2agiO7nzOSpDaTjdaFABq8Cg/R+aKrpB1K153ojeeRIJVMhecHv+5j56VpsvT03hFmRpuJHnXIxzUYhqV+yA= Received: by 10.115.78.1 with SMTP id f1mr7436840wal.1171326747102; Mon, 12 Feb 2007 16:32:27 -0800 (PST) Received: by 10.114.183.2 with HTTP; Mon, 12 Feb 2007 16:32:26 -0800 (PST) Message-ID: Date: Mon, 12 Feb 2007 20:32:26 -0400 From: "Doug McComber" To: freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: Re: force smtp auth X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 00:32:28 -0000 On 2/12/07, Jeffrey Goldberg wrote: > On Feb 11, 2007, at 8:27 PM, Doug McComber wrote: > > > This is for a web server that runs Drupal. I don't use the server for > > email as I have that hosted elsewhere. I just want Drupal to be able > > to send email (from localhost) via smtp auth. This is working right > > now except mail can also be sent without using smtp auth. > > I'm not entirely sure what you are asking. Is all the mail that > Drupal sends from localhost? That is, is there a need for Drupal to > listen on port 25 (or 587) at all? If there is no need for > listening, then sendmail should be set up as a client only and listen > only to localhost. I don't work with sendmail on FreeBSD so I can't > say exactly how you do this, but getting something like > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') > > in the .mc source for your sendmail.cf should tell it to listen to > daemon host. > > If you do want to connect to the machine remotely and have it relay > mail for you, then having something like > > DAEMON_OPTIONS(`Name=MSA, Port=587, M=E') > > in the mc file that is the source for your sendmail.cf file should do > the trick. That tells sendmail to listen on port 587 (smtp > submission port) and require authentication. The M=E is what > requires the authentication. > > Don't add that by hand, it is already nicely set up if you use > > FEATURE(`msp') > > If you want to force authentication even on localhost connections, > then I guess something like > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA, M=E') > > should do the trick. > > Poking around I see that the src mc file is /usr/src/etc/sendmail/ > freebsd.mc > > However, there is a good chance that I've answered the wrong > question, because I'm not sure what it is that you are after. > > And someone who is familiar with managing sendmail on FreeBSD will be > able to tell you the FreeBSD way of doing things. > > -j > > > -- > Jeffrey Goldberg http://www.goldmark.org/jeff/ > > Thanks Jeffrey. What I'm after is that I want sendmail to require smtp auth regardless of who what or where. This is because I am only using sendmail on this server for php content management systems (drupal) to send verification emails. But, the reality is that over time a#$%oles will find a new security flaw in php and/or the cms and use my server to send spam (or worse). So, with smtp auth required for ALL smtp connections I can (hope to) stop this from happening. Anyway, what worked to force smtp auth was M=Ea. Thanks again, Doug