From owner-freebsd-questions@FreeBSD.ORG  Wed Jun 30 00:56:28 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E762616A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Jun 2004 00:56:28 +0000 (GMT)
Received: from grog.secure-computing.net (front-door.secure-computing.net
	[63.228.14.246])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 698D443D1F
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Jun 2004 00:56:28 +0000 (GMT)
	(envelope-from ecrist@secure-computing.net)
Received: from Nomad (nat-server.secure-computing.net [63.228.14.245])
	i5U0uADK005033;	Tue, 29 Jun 2004 19:56:11 -0500 (CDT)
	(envelope-from ecrist@secure-computing.net)
From: "Eric Crist" <ecrist@secure-computing.net>
To: "'Richard Stevenson'" <richard@endace.com>
Date: Tue, 29 Jun 2004 19:53:54 -0500
Message-ID: <000001c45e3c$ba63fc20$6501a8c0@Nomad>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: Normal
In-Reply-To: <Pine.LNX.4.60.0406301242590.6941@zhba.rg.raqnpr.pbz>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
cc: freebsd-questions@freebsd.org
Subject: RE: SASL and Sendmail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2004 00:56:29 -0000

How, more specifically, do I enable TLS/SSL in sendmail, and where does
the 'p' go?

Thanks for your help.

Eric F Crist
President
AdTech Integrated Systems, Inc
(612) 998-3588



> -----Original Message-----
> From: Richard Stevenson [mailto:richard@endace.com]
> Sent: Tuesday, June 29, 2004 7:48 PM
> To: Eric Crist
> Subject: RE: SASL and Sendmail
>
>
> Hi
>
> On Tue, 29 Jun 2004, Eric Crist wrote:
>
> > Here is output at loglevel 20 on a denied mail:
>
> This is your problem:
>
> > Jun 29 19:09:50 grog sm-mta[4868]: AUTH: available mech=LOGIN PLAIN
> > ANONYMOUS, allowed mech=EXTERNAL GSSAPI KERBEROS_V4
> DIGEST-MD5 CRAM-MD5
>
> The intersection of (available mech) and (allowed mech) is null.  You
> should probably add PLAIN and LOGIN to the TRUST_AUTH_MECH in
> your .mc
> file, regenerate the .cf and restart Sendmail.  Those two
> mechanisms are
> susceptible to sniffing, so it's probably a good idea to
> enable STARTTLS
> in Sendmail as well, and add 'p' to the AuthOptions in your
> .cf as well.
>
> I hope this helps.
>
> Cheers
>
> Richard
>
> --
> Richard Stevenson
>