From owner-freebsd-questions@FreeBSD.ORG Mon Sep 18 19:22:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5971116A4B3; Mon, 18 Sep 2006 19:22:04 +0000 (UTC) (envelope-from admin@hdk5.com) Received: from mail.alohahosting.net (mail.alohahosting.net [64.75.245.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6A5543D45; Mon, 18 Sep 2006 19:20:39 +0000 (GMT) (envelope-from admin@hdk5.com) Received: from [192.168.1.35] by alohahosting.net (MDaemon.PRO.v8.0.2.R) with ESMTP id md50000284754.msg; Mon, 18 Sep 2006 09:34:35 -1000 Message-ID: <450EF160.3020708@hdk5.com> Date: Mon, 18 Sep 2006 09:20:00 -1000 From: "admin@hdk5.com" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050108 X-Accept-Language: en-us, en MIME-Version: 1.0 To: owner-freebsd-questions@freebsd.org References: <20060918021548.59DB41BF287@ws1-1.us4.outblaze.com> <450E3534.6080403@infracaninophile.co.uk> In-Reply-To: <450E3534.6080403@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit X-Authenticated-Sender: admin@hdk5.com X-Spam-Processed: mail.alohahosting.net, Mon, 18 Sep 2006 09:34:35 -1000 (not processed: message from valid local sender) X-MDRemoteIP: 66.180.149.18 X-Return-Path: admin@hdk5.com X-MDAV-Processed: mail.alohahosting.net, Mon, 18 Sep 2006 09:34:36 -1000 Cc: FreeBSD Users Questions , Ahmad Arafat Abdullah Subject: Re: Sendmail on FBSD server wont connect to remote user. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: admin@hdk5.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 19:22:04 -0000 Matthew Seaman wrote: >Ahmad Arafat Abdullah wrote: > > >>>----- Original Message ----- >>>From: "admin@hdk5.com" >>>To: "FreeBSD Users Questions" >>>Subject: Sendmail on FBSD server wont connect to remote user. >>>Date: Sun, 17 Sep 2006 10:57:27 -1000 >>> >>> >>>Aloha Questions list, >>> >>>I have been trying to setup Sendmail on a server box. >>>FreeBSD 6.1 HP Pentium II 300 CPU 686 >>> >>>After many attempts I am down to this one error. >>> >>>Error: >>>Sending of password did not succeed. Mail server >>>mahalo.internetohana.org responded: >>>Password supplied for admin@internetohana.org is incorrect. >>> >>> >>>I have 2 user accounts for test on this swever. I can ping and >>>telnet into ports 25 and 110 and I get the proper responses from >>>these users. >>> >>>The 2 user accounts are rejected as per the error when I try to >>>connect from a mail agent (Mozilla or Thunderbird) from another box >>>on a different inet. (Also FreeBSD 4.11 running for several years.) >>> >>> >>>The server is setup with send mail SMTP and qpopper for Pop3. There >>>is nothing else on this box. >>> >>>Do I have to create a password file other than the FreeBSD >>>/etc/passwd and /etc/master.passwd >>>to get this to work. >>> >>>My previous attempts with Postfix and Dovecot did not get this far. >>> >>>Thanks for any help. >>> >>>Al Plant - Honolulu, Hawaii >>> >>>- Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- >>>http://internetohana.org -- http://freeBSDinfo.org -- >>>+ Supporting open source computing - FreeBSD 6.* + >>> >>> >>I'm leaving sendmail long ago since I'm migrated to Postfix.. >>but however as i still remember, default sendmail installation >>is just listening to localhost. >> >>so u need to alter the *.cf file ( in /etc/mail/ ).. >> >># SMTP client options >>O ClientPortOptions=Family=inet, Address=0.0.0.0 >> >>by default this line will be commented out ( with # or dnl ) or just listen to localhost >> >>previously I faced this prob with old RedHat 7.x.. >> >>anyone who know this, maybe can correct me if I'm wrong >> >> > >Yep. You are completely in the wrong ballpark there. You are >talking about configuring where sendmail listens for *incoming* >connections, although the mists of time seem to have clouded your >memory of exactly what it is you do... (Hint: look for DAEMON_PORT_OPTIONS >and maybe add FEATURE(no_default_msa) in the /etc/mail/$(hostname).mc >file) > >What the original poster is suffering from is not lack of ability to >connect at the TCP level. He's needing to configure authentication so >that his mail clients can relay through the server. > >Unfortunately it appears he is using the stock sendmail supplied with FreeBSD >which does not have authentication support compiled into it: > >250-mahalo.internetohana.org Hello happy-idiot-talk.infracaninophile.co.uk [81.187.76.162], pleased to meet you >250-ENHANCEDSTATUSCODES >250-PIPELINING >250-8BITMIME >250-SIZE >250-DSN >250-ETRN >250-DELIVERBY >250 HELP > >You should see: 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN or similar if >the authentication capabilities are enabled. > >To make sendmail do authentication, do the following. > > i) Install the security/cyrus-sasl2 port. Review the configuration file > /usr/local/lib/sasl2/Sendmail.conf to make sure it does what you want -- > at a minimum it should contain > > pwcheck_method: auxprop > > which should let sendmail auth against the sasldb without needing the > intercession of saslauthd. However there are far too many possibilities > to go into any great depth here -- Google is your friend. > > ii) Add the following to /etc/make.conf and then do a standard buildworld cycle > to enable the authentication capabilities in the base system sendmail: > > SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 > SENDMAIL_LDFLAGS+= -L/usr/local/lib > SENDMAIL_LDADD+= -lsasl2 > > iii) Add to /etc/mail/$(hostname).mc -- > > dnl ## Set SASL options > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confAUTH_REALM', `infracaninophile.co.uk')dnl > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl > define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl > > and rebuild the sendmail configuration, restart sendmail, etc: > > # cd /etc/mail > # make all install restart > > iv) Use the saslpasswd2 program to set up login names and passwords for all > of the e-mail users permitted to send mail via the system. > >Et voilą. Well, actually there's another step the OP would be well advised to >take. In order to secure 'LOGIN' against password snooping you should turn on >sendmail's TLS capabilities, so it has the capability to switch to using an >encrypted SMTP session. That (in the best didactic tradition) is left as an >exercise for the student. > > Cheers, > > Matthew > > > Matthew, et all..... Thanks for the info, Mathew seems to be on target for the problem with my attempted installs alright. Did I miss something in the FreeBSD How to in the hand book? It seems to me authentication wasn't mentioned as not in the stock Sendmail. I think I see now why the telnet worked to see the install, but the clients needed authentication mechanism which wasnt there. When I get back from town today I will try your HowTo. Your help is very much appreciated.. I've been using Free BSD since 2. (something) but this is the first time I have had to build a mail server. Al Plant - Honolulu, Hawaii - Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- http://internetohana.org -- http://freeBSDinfo.org -- + Supporting open source computing - FreeBSD 6.* +