From owner-freebsd-questions@FreeBSD.ORG Sat Dec 29 22:24:56 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB72316A46B for ; Sat, 29 Dec 2007 22:24:56 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by mx1.freebsd.org (Postfix) with ESMTP id 7F4B513C46E for ; Sat, 29 Dec 2007 22:24:56 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so6841385waf.3 for ; Sat, 29 Dec 2007 14:24:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=ahrM0RvPRhxK9Gr8G9sPBy+kGmvQDgOdRe02hIaPZcI=; b=KZUfpRZjFIC43zC3AdNbcQe2tDCugIjNZD5076edzyWLuK7pPaEoNZULBohOkK7ZSWI81egyF3PLySolMonPNzwqlbvZSMgflQHO/O7k0OkHoxF7+xAUI+yK8qGqEExjRpo7a6gh3mZFtHRRT4x1vNk1Tx9KBn6IP8QSMYs+OFs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=hJcL6p5on7Q4M0WHLhO8/DppIngMqrbQ+QrdCr9L0MiUa3rqU871ruUWdoV7iUm90RyfH7PD/7uxuhWb8jKdn5D2gsz3SKBrXJD1iuCwYL7PlqlLeb3a2/M6wfmjXtE1rvH1mOyY/OvBtms9E/dCOIhyzXdjU0qNcVWAmyF74Wo= Received: by 10.114.144.1 with SMTP id r1mr11300599wad.53.1198967096032; Sat, 29 Dec 2007 14:24:56 -0800 (PST) Received: from sniper ( [71.221.168.29]) by mx.google.com with ESMTPS id j38sm6939673waf.54.2007.12.29.14.24.53 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 29 Dec 2007 14:24:54 -0800 (PST) From: Andrew Falanga To: Matthew Seaman Date: Sat, 29 Dec 2007 15:24:42 -0700 User-Agent: KMail/1.9.6 References: <200712291336.58690.af300wsm@gmail.com> <4776B33A.4050105@infracaninophile.co.uk> In-Reply-To: <4776B33A.4050105@infracaninophile.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200712291524.42466.af300wsm@gmail.com> Cc: FreeBSD Questions Subject: Re: Having problems with SMTP authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Dec 2007 22:24:56 -0000 On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: > Andrew Falanga wrote: > > dnl set SASL options > > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > > > > But when I ask my e-mail client to "check what the server supports", the > > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not > > listed when it's included in this macro file? Is there anything missing > > from this section of the handbook that I've missed? > > LOGIN will only be enabled over an encrypted connection. All you need > to do to enable the stock sendmail to support STARTTLS is tell it to > use one or more SSL certs. Adding something like this to > /etc/mail/`hostname`.mc is how to do that: this seems to imply you want me to create a file named .mc. The instructions I followed in the handbook also mentioned that, "Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness." Do I have to make this new file, paste into it all the stuff in "freebsd.mc" and then add these lines too? > > dnl > dnl TLS stuff > dnl > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl > > Which means you'ld put the PEM encoded cacert, key and cert into > /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert > respectively. To generate all of those, there are some pithy > instructions here: > > http://www.sendmail.org/~ca/email/other/cagreg.html Thanks for all this. Andy > > When submitting a new message, most mail clients will automatically > do STARTTLS if it's available. > > Cheers, > > Matthew