Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 May 2008 17:11:20 -0400
From:      Carl Bussema <bussemac@ajboggs.com>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   IMAP and SMTP-AUTH with sendmail on FreeBSD 7
Message-ID:  <6EC20B642833CC4DA01B66D0064CF84B5A76543DBE@exchange1.ixn.com>

next in thread | raw e-mail | index | archive | help
I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migra=
ting web hosting and e-mail hosting from the old server to the new one.

Goal: use sendmail to allow users to point their email clients at mail.doma=
in.com for in & out, with SMTP Authentication so they can use these account=
s from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and S=
MTP (TLS over port 25)

Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but no=
t plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS,=
 although it does attempt the communication), IMAP without SSL

Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication metho=
ds supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <myemail@mydomain... (rest =
of message cut off by Outlook)


maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while re=
ading line user=3D??? host=3DMY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME =
[1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init=
 success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin)=
: init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to fi=
lters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=3Dserver, relay=3DMY.PUBLIC.=
NAME [1.2.3.4], version=3DTLSv1/SSLv3, verify=3DNO, cipher=3DAES128-SHA, bi=
ts=3D128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure (DIGEST-=
MD5): authentication failure (-13) SASL(-13): authentication failure: realm=
 changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=3Dserver, relay=3DMY.PUBLIC.NAME=
 [1.2.3.4], authid=3DMYUSERNAME, mech=3DLOGIN, bits=3D0

Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."

root@BSDPROD /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGIND=
ISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400 (=
EDT)


Output from openssl s_client localhost:993 (after all the certificate stuff=
):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=3DPLAIN AU=
TH=3DLOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:1=
8:45 -0400 (EDT)

mc file follows:
----------------
### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc       2.3 (IXN.com) 3/21/2008')
OSTYPE(freebsd4)dnl
DOMAIN(generic)dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl

TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_OPTIONS',`p,y')dnl
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection=
 to this host on port 25 you authorize possible relay testing of the connec=
ting host.  If you do not wish to be tested do not establish connections wi=
th this host; $b')dnl

define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl

define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl

define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl

FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from=
 server " $&{client_addr} " by psbl.surriel.com DNSBL see: http://psbl.surr=
iel.com/listing?ip=3D" $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> =
from server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL (http://www.s=
pamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from =
server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550 5.7.1 ACCESS DENIED to <"$&f"> from ser=
ver: " $&{client_addr} " see: http://www.dsbl.org with this reference: http=
://www.dsbl.org/listing?" $&{client_addr} ""')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"550 5.7.1 ACCESS DENIED to <"$&f"> from s=
erver: " $&{client_addr} " see: http://spamcop.net/fom-serve/cache/297.html=
 with this reference: http://www.spamcop.net/w3m?action=3Dblcheck&ip=3D" $&=
{client_addr} ""')dnl

GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`clamav', `S=3Dlocal:/var/run/clamav/clmilter.sock, F=3DT=
, T=3DS:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=3Dlocal:/var/run/spamass-milter.sock, =
F=3D, T=3DC:15m;S:4m;R:4m;E:10m')

MAILER(local)dnl
MAILER(smtp)dnl

LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd


LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$*                             $: $&{client_addr}
R$+                             $: $(drac $1 $: ? $)
R?                              $@ ?
R$+                             $@ $#OK

----------------
End mc file


Thanks in advance for any help!

Carl



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6EC20B642833CC4DA01B66D0064CF84B5A76543DBE>