Date: Wed, 14 May 2008 17:11:20 -0400 From: Carl Bussema <bussemac@ajboggs.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: IMAP and SMTP-AUTH with sendmail on FreeBSD 7 Message-ID: <6EC20B642833CC4DA01B66D0064CF84B5A76543DBE@exchange1.ixn.com>
next in thread | raw e-mail | index | archive | help
I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migra=
ting web hosting and e-mail hosting from the old server to the new one.
Goal: use sendmail to allow users to point their email clients at mail.doma=
in.com for in & out, with SMTP Authentication so they can use these account=
s from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and S=
MTP (TLS over port 25)
Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but no=
t plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS,=
although it does attempt the communication), IMAP without SSL
Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication metho=
ds supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <myemail@mydomain... (rest =
of message cut off by Outlook)
maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while re=
ading line user=3D??? host=3DMY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME =
[1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init=
success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin)=
: init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to fi=
lters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=3Dserver, relay=3DMY.PUBLIC.=
NAME [1.2.3.4], version=3DTLSv1/SSLv3, verify=3DNO, cipher=3DAES128-SHA, bi=
ts=3D128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure (DIGEST-=
MD5): authentication failure (-13) SASL(-13): authentication failure: realm=
changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=3Dserver, relay=3DMY.PUBLIC.NAME=
[1.2.3.4], authid=3DMYUSERNAME, mech=3DLOGIN, bits=3D0
Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."
root@BSDPROD /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGIND=
ISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400 (=
EDT)
Output from openssl s_client localhost:993 (after all the certificate stuff=
):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=3DPLAIN AU=
TH=3DLOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:1=
8:45 -0400 (EDT)
mc file follows:
----------------
### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc 2.3 (IXN.com) 3/21/2008')
OSTYPE(freebsd4)dnl
DOMAIN(generic)dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl
TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_OPTIONS',`p,y')dnl
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection=
to this host on port 25 you authorize possible relay testing of the connec=
ting host. If you do not wish to be tested do not establish connections wi=
th this host; $b')dnl
define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl
define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl
FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from=
server " $&{client_addr} " by psbl.surriel.com DNSBL see: http://psbl.surr=
iel.com/listing?ip=3D" $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> =
from server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL (http://www.s=
pamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from =
server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550 5.7.1 ACCESS DENIED to <"$&f"> from ser=
ver: " $&{client_addr} " see: http://www.dsbl.org with this reference: http=
://www.dsbl.org/listing?" $&{client_addr} ""')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"550 5.7.1 ACCESS DENIED to <"$&f"> from s=
erver: " $&{client_addr} " see: http://spamcop.net/fom-serve/cache/297.html=
with this reference: http://www.spamcop.net/w3m?action=3Dblcheck&ip=3D" $&=
{client_addr} ""')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`clamav', `S=3Dlocal:/var/run/clamav/clmilter.sock, F=3DT=
, T=3DS:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=3Dlocal:/var/run/spamass-milter.sock, =
F=3D, T=3DC:15m;S:4m;R:4m;E:10m')
MAILER(local)dnl
MAILER(smtp)dnl
LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd
LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$* $: $&{client_addr}
R$+ $: $(drac $1 $: ? $)
R? $@ ?
R$+ $@ $#OK
----------------
End mc file
Thanks in advance for any help!
Carl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6EC20B642833CC4DA01B66D0064CF84B5A76543DBE>