Date: Sat, 29 Dec 2007 20:51:06 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Andrew Falanga <af300wsm@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Having problems with SMTP authentication Message-ID: <4776B33A.4050105@infracaninophile.co.uk> In-Reply-To: <200712291336.58690.af300wsm@gmail.com> References: <200712291336.58690.af300wsm@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrew Falanga wrote: > dnl set SASL options > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > But when I ask my e-mail client to "check what the server supports", the > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > listed when it's included in this macro file? Is there anything missing from > this section of the handbook that I've missed? LOGIN will only be enabled over an encrypted connection. All you need to do to enable the stock sendmail to support STARTTLS is tell it to use one or more SSL certs. Adding something like this to /etc/mail/`hostname`.mc is how to do that: dnl dnl TLS stuff dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Which means you'ld put the PEM encoded cacert, key and cert into /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert respectively. To generate all of those, there are some pithy instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html When submitting a new message, most mail clients will automatically do STARTTLS if it's available. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdrM68Mjk52CukIwRCHdTAJ9oUv7PNaV41xopL9/uw1UMcx1gDACghT4Z orlyowTjs5ZXPsv+7B/nebg= =LWRP -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4776B33A.4050105>