Date: Tue, 05 Nov 2013 09:51:31 -0500 From: "R. Scott Evans" <freebsd-questions@rsle.net> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-questions@freebsd.org Subject: Re: [Half OT] Mavericks' Mail and SSL Message-ID: <527905F3.6020501@rsle.net> In-Reply-To: <527554CE.1040605@netfence.it> References: <52718078.8080702@netfence.it> <5272C747.8030805@rsle.net> <5273EF3F.8040307@netfence.it> <5273FD23.7090207@rsle.net> <527554CE.1040605@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/02/13 15:38, Andrea Venturoli wrote:
> On 11/01/13 20:12, R. Scott Evans wrote:
>
>> I offer both SSL/TLS (465) and STARTTLS (587) to my users. In the Mac
>> Mail I don't see an option for differentiating the connection security
>> between SSL/TLS and STARTTLS other than specifying the port manually.
>> There is a checkbox to Use SSL regardless of what port option is used
>> (which I obviously have checked).
>>
>> Anyhow, I changed the port on my Mac to 465 and it still worked for me.
>> Then again, I also just tried switching it back to the "default (25,
>> 465, 587)" option for the port and it now works with that also, so I'm
>> not sure what is going on?
>
> Thanks again.
> Would you mind sending me your .cf file, your FreeBSD, Sendmail, and
> OpenSSL version?
> Any other useful config file?
>
> Are you using a self-signed certificate?
>
> bye & Thanks
> av.
I'm using a CA signed certificate. It's worth mentioning I also do SMTP
Auth so will show the sasl version as well. I don't recall previously
having any problems with Apple Mac's and iDevices when using self signed
certs but I have had problems with Android devices. I've not tested
this since I started using CA signed certs a few years ago though.
I only edit the .mc and let sendmail generate the .cf from that so I've
included the relevant portions of the .mc instead (below).
-scott
--------
# uname -rsim
FreeBSD 9.2-STABLE amd64 GENERIC
#
# sendmail -d0.1
Version 8.14.7
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS
PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
#
# openssl version
OpenSSL 0.9.8y 5 Feb 2013
#
# pkg_info -Ix cyrus
cyrus-sasl-2.1.26_2 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.26 SASL authentication server for cyrus-sasl2
#
--------- my sendmail .mc file (edited)
define(`confPRIVACY_FLAGS',``authwarnings,needexpnhelo,needmailhelo,needvrfyhelo,noexpn,novrfy,goaway'')
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Name=IPv4, Family=inet, M=A')
DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')
dnl ### set SASL option ################################
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS',`LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5')dnl
dnl ### SSL #############################################
define(`confCACERT_PATH', `/etc/mail/SSL/')dnl
define(`confCACERT', `/etc/mail/SSL/sf_bundle-g2.crt')dnl
define(`confSERVER_CERT', `/etc/mail/SSL/mydomain.pem')dnl
define(`confSERVER_KEY', `/etc/mail/SSL/mydomain.key')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl ### Enable IPv6 ######################################
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
DAEMON_OPTIONS(`Name=MSA, Family=inet6, Port=587, M=Ea, Modifiers=O')
dnl ######################################################
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?527905F3.6020501>