Date: Sat, 29 Dec 2007 15:24:42 -0700 From: Andrew Falanga <af300wsm@gmail.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Having problems with SMTP authentication Message-ID: <200712291524.42466.af300wsm@gmail.com> In-Reply-To: <4776B33A.4050105@infracaninophile.co.uk> References: <200712291336.58690.af300wsm@gmail.com> <4776B33A.4050105@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: > Andrew Falanga wrote: > > dnl set SASL options > > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > > But when I ask my e-mail client to "check what the server supports", the > > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > > listed when it's included in this macro file? Is there anything missing > > from this section of the handbook that I've missed? > > LOGIN will only be enabled over an encrypted connection. All you need > to do to enable the stock sendmail to support STARTTLS is tell it to > use one or more SSL certs. Adding something like this to > /etc/mail/`hostname`.mc is how to do that: this seems to imply you want me to create a file named <hostname>.mc. The instructions I followed in the handbook also mentioned that, "Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness." Do I have to make this new file, paste into it all the stuff in "freebsd.mc" and then add these lines too? > > dnl > dnl TLS stuff > dnl > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl > > Which means you'ld put the PEM encoded cacert, key and cert into > /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert > respectively. To generate all of those, there are some pithy > instructions here: > > http://www.sendmail.org/~ca/email/other/cagreg.html Thanks for all this. Andy > > When submitting a new message, most mail clients will automatically > do STARTTLS if it's available. > > Cheers, > > Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712291524.42466.af300wsm>