From owner-freebsd-questions@FreeBSD.ORG  Wed May 14 21:21:46 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DB78D1065679
	for <freebsd-questions@freebsd.org>;
	Wed, 14 May 2008 21:21:46 +0000 (UTC)
	(envelope-from bussemac@ajboggs.com)
Received: from exsrv1.ixn.com (exsrv1.ixn.com [205.145.131.58])
	by mx1.freebsd.org (Postfix) with ESMTP id 9B97B8FC16
	for <freebsd-questions@freebsd.org>;
	Wed, 14 May 2008 21:21:46 +0000 (UTC)
	(envelope-from bussemac@ajboggs.com)
Received: from exchange1.ixn.com (10.0.2.2) by exsrv1.ixn.com (10.0.2.3) with
	Microsoft SMTP Server (TLS) id 8.1.263.0;
	Wed, 14 May 2008 17:11:39 -0400
Received: from exchange1.ixn.com ([10.0.2.2]) by exchange1.ixn.com
	([10.0.2.2]) with mapi; Wed, 14 May 2008 17:09:11 -0400
From: Carl Bussema <bussemac@ajboggs.com>
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Date: Wed, 14 May 2008 17:11:20 -0400
Thread-Topic: IMAP and SMTP-AUTH with sendmail on FreeBSD 7
Thread-Index: Aci2Bw7OyFvSog1RTSiTWF5yxXxtLQ==
Message-ID: <6EC20B642833CC4DA01B66D0064CF84B5A76543DBE@exchange1.ixn.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-cr-hashedpuzzle: AbE1 AqSG BHlc BRBm CVlC DN+2 DVDb Dmeq EAa1 FGbk F7/9
	IsEc LRbL LS8R LaJ9 LcsQ; 1;
	ZgByAGUAZQBiAHMAZAAtAHEAdQBlAHMAdABpAG8AbgBzAEAAZgByAGUAZQBiAHMAZAAuAG8AcgBnAA==;
	Sosha1_v1; 7; {F2B6F539-C5E1-40E3-A429-0B3D07A36092};
	YgB1AHMAcwBlAG0AYQBjAEAAYQBqAGIAbwBnAGcAcwAuAGMAbwBtAA==; Wed,
	14 May 2008 21:11:20 GMT;
	SQBNAEEAUAAgAGEAbgBkACAAUwBNAFQAUAAtAEEAVQBUAEgAIAB3AGkAdABoACAAcwBlAG4AZABtAGEAaQBsACAAbwBuACAARgByAGUAZQBCAFMARAAgADcA
x-cr-puzzleid: {F2B6F539-C5E1-40E3-A429-0B3D07A36092}
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: IMAP and SMTP-AUTH with sendmail on FreeBSD 7
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2008 21:21:47 -0000

I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migra=
ting web hosting and e-mail hosting from the old server to the new one.

Goal: use sendmail to allow users to point their email clients at mail.doma=
in.com for in & out, with SMTP Authentication so they can use these account=
s from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and S=
MTP (TLS over port 25)

Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but no=
t plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS,=
 although it does attempt the communication), IMAP without SSL

Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication metho=
ds supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <myemail@mydomain... (rest =
of message cut off by Outlook)


maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while re=
ading line user=3D??? host=3DMY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME =
[1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init=
 success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin)=
: init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to fi=
lters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=3Dserver, relay=3DMY.PUBLIC.=
NAME [1.2.3.4], version=3DTLSv1/SSLv3, verify=3DNO, cipher=3DAES128-SHA, bi=
ts=3D128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure (DIGEST-=
MD5): authentication failure (-13) SASL(-13): authentication failure: realm=
 changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=3Dserver, relay=3DMY.PUBLIC.NAME=
 [1.2.3.4], authid=3DMYUSERNAME, mech=3DLOGIN, bits=3D0

Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."

root@BSDPROD /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGIND=
ISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400 (=
EDT)


Output from openssl s_client localhost:993 (after all the certificate stuff=
):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=3DPLAIN AU=
TH=3DLOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:1=
8:45 -0400 (EDT)

mc file follows:
----------------
### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc       2.3 (IXN.com) 3/21/2008')
OSTYPE(freebsd4)dnl
DOMAIN(generic)dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl

TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_OPTIONS',`p,y')dnl
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection=
 to this host on port 25 you authorize possible relay testing of the connec=
ting host.  If you do not wish to be tested do not establish connections wi=
th this host; $b')dnl

define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl

define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl

define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl

FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from=
 server " $&{client_addr} " by psbl.surriel.com DNSBL see: http://psbl.surr=
iel.com/listing?ip=3D" $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> =
from server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL (http://www.s=
pamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from =
server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550 5.7.1 ACCESS DENIED to <"$&f"> from ser=
ver: " $&{client_addr} " see: http://www.dsbl.org with this reference: http=
://www.dsbl.org/listing?" $&{client_addr} ""')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"550 5.7.1 ACCESS DENIED to <"$&f"> from s=
erver: " $&{client_addr} " see: http://spamcop.net/fom-serve/cache/297.html=
 with this reference: http://www.spamcop.net/w3m?action=3Dblcheck&ip=3D" $&=
{client_addr} ""')dnl

GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`clamav', `S=3Dlocal:/var/run/clamav/clmilter.sock, F=3DT=
, T=3DS:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=3Dlocal:/var/run/spamass-milter.sock, =
F=3D, T=3DC:15m;S:4m;R:4m;E:10m')

MAILER(local)dnl
MAILER(smtp)dnl

LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd


LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$*                             $: $&{client_addr}
R$+                             $: $(drac $1 $: ? $)
R?                              $@ ?
R$+                             $@ $#OK

----------------
End mc file


Thanks in advance for any help!

Carl