Date: Tue, 08 Aug 2006 10:24:45 +0200 From: Frank Staals <frankstaals@gmx.net> To: Greg Groth <ggroth@gregs-garage.com> Cc: questions@FreeBSD.org Subject: Re: Sendmail Question; unable to send mail as normal user Message-ID: <44D84A4D.4050801@gmx.net> In-Reply-To: <44D7924D.3050605@gregs-garage.com> References: <44D3C56A.60806@gmx.net> <44D77B38.7020002@gmx.net> <44D785C6.10605@gregs-garage.com> <44D78A85.8000301@gmx.net> <44D7924D.3050605@gregs-garage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Groth wrote: >> Hmm I guess that sould be the problem then: >> >> root@Fstaals$ telnet localhost 25 >> Trying ::1... >> Trying 127.0.0.1... >> Connected to localhost.eu.org >> Escape character is '^]'. >> 220 Fstaals.net ESMTP Sendmail 8.13.3/8.13.3; Mon, 7 Aug 2006 >> 20:31:30 +0200 (CE >> ST) >> EHLO localhost >> 250-Fstaals.net Hello localhost.eu.org [127.0.0.1], pleased to meet you >> 250-ENHANCEDSTATUSCODES >> 250-PIPELINING >> 250-8BITMIME >> 250-SIZE >> 250-DSN >> 250-ETRN >> 250-DELIVERBY >> 250 HELP >> >> I compiled sendmail with the following options: >> >> root@Fstaals$ cat /etc/make.conf >> # SASL (cyrus-sasl v2) sendmail build flags... >> SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 >> SENDMAIL_LDFLAGS=-L/usr/local/lib >> SENDMAIL_LDADD=-lsasl2 >> # Adding to enable alternate port (smtps) for sendmail... >> SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL >> # added by use.perl 2006-03-02 22:35:07 >> PERL_VER=5.8.8 >> PERL_VERSION=5.8.8 >> >> What should I do fix this ? Appart from those lines in /etc/make.conf >> I didn't change anything regarding to the build of sendmail >> >> Regards, >> > > Need more info. How did you recompile Sendmail? For instance, I did > a minimal install, updated my ports, installed cvsup-without-gui & > fastest-cvsup, cvsupped my sources, ran a buildworld to get the base > system up to date, then added the following to make.conf: > > <snip> <Example> > > In the instances I had a screwup in which I could not resolve, I've > made the following bonehead moves: > > 1. Ran make installworld without dropping to single-user mode > 2. cvsupped to the wrong source tree due to my ignorance of the tags > in the cvsup file. > > My latest misadventures with getting PLAIN LOGIN working were on > systems where I did everything correctly, but installed a number of > ports prior to messing with the MTA. This included Apache, PHP, > MySQL, Squirrelmail, XOrg, KDE-lite, and whatever dependencies were > needed. The same issue occured with trying to get PLAIN AUTH working > with Postfix, and on a second box with Sendmail. I ended up > reinstalling, and focused on getting the MTA and SASL2 working > immediately after getting the system up to date, and had no issues. > > IMHO, worry about getting PLAIN LOGIN working before messing with > compiling SSL support into Sendmail. In my experience, configuring > SSL can be a pain, making sure everything is where it's supposed to be. > > Best regards, > Greg Groth > > Basically it would be the following: Installed FreeBSD 5.3-RELEASE, minimal install ; manually added the extra stuff I wanted. Installed a lot of the usual stuff: Apache, php, smnmpd. Then some time ago I decided I also wanted to run a mailserver so Installed imap-uw and cyrus-sasl2-saslauthd. Added: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL to /etc/make.conf rebuild world and updated to 5.4-STABLE, manually rebuild sendmail : cd /usr/src/usr.sbin/sendmail make clean make depend make make install Made SSL certificates: mkdir /etc/mail/certs cd /etc/mail/certs openssl dsaparam 1024 -out dsa1024.pem openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem rm dsa1024.pem chmod -R 600 /etc/mail/certs/* Checked if 'pwcheck_method: saslauthd' was in my /usr/local/lib/sasl2/Sendmail.conf then: cd /etc/mail/ make all added the following to HOSTNAME.mc : define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl ran a : make all install restart Then basically my mailserver thingy stopped for a while ( not enough time etc ) without realy finishing it up. When I continued last week I tested what worked; I found out I could send mail as root ( with mail <e-mail-address ) but not as user. I decided I also wanted spamassasin and that it would probably be best if I did that immediately so I Installed spamassasin ( spamass-milter ) and made sure both spamassasin and spamd started at boot. Manually started both daemons. Then added the following to /etc/mail/HOSTNAME.mc INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') define(`confINPUT_MAIL_FILTERS', `spamassassin') I also fixed a syntax error in my HOSTNAME.mc file ( something went wrong with the ` ) then ran a make all install restart /etc/rc.d/sendmail restart tested if sasl was working ( which worked fine ) : testsaslauthd -u <user> -p <password> At this point I was able to send mail from localhost ( by using mail <mail-address> ) but still I wans't able to send e-mail from a remote host; so I googled and added the 'mech_list: login plain' to /usr/local/lib/sasl2/Sendmail.conf . Now I was able to send e-mail from a remote box to a user on my server but not to other people. That would be my situation. Last: these are the references I used during my install: http://www.puresimplicity.net/~hemi/freebsd/sendmail.html << For the part I did a long time ago http://dfwlpiki.dfwlp.org/index.php/Deploying_a_FreeBSD_Server#Configuring_Mail_Services << Mainly for the Spamassasin thing, the basic sendmail install and config was the same as on the first guide I used to install sendmail I'm not sure what would be best; maybe I should completely reinstall sendmail, but if other daemons like apache etc. cause sendmail not to work correctly I would have to reinstall my intire server, what I would dislike. Anyway, thanks for your help so far allready :) Regards, -- -Frank Staals
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44D84A4D.4050801>
