Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 3 Oct 2004 20:46:00 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Mike Jeays <Mike.Jeays@rogers.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: SMTP Authentication
Message-ID:  <20041003194600.GA10737@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <1096815728.30508.37.camel@chaucer>
References:  <1096815728.30508.37.camel@chaucer>

next in thread | previous in thread | raw e-mail | index | archive | help

--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 03, 2004 at 11:02:08AM -0400, Mike Jeays wrote:
> How do I tell sendmail to provide an authentication string when I ask it
> to send messages to my ISP (a cable provider)?  They use PLAIN
> authentication, and I did not have too much trouble getting the base 64
> string by snooping with Ethereal when I sent mail from Evolution, and
> can send out emails "by hand" or from an Expect script.
>=20
> The relevant part of my sendmail config file is:
>=20
> define(`SMART_HOST', `smtp.broadband.rogers.com')
>=20
> set SASL options
> TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl

That's fine as it goes, but that's mostly to do with the server side
of SMTP AUTH.
=20
> There doesn't seem any way to tell it what my userid and password for
> the ISP should be.
>=20
> I have tried reading various documentation, but haven't been able to
> find what is required.

This is what the /etc/mail/authinfo file is for.  This is the page
you need to read -- specifically the second half:

    http://www.sendmail.org/m4/smtp_auth.html

(or see the section "Providing SMTP AUTH Data when sendmail acts as
Client" in /usr/share/sendmail/cf/README, which is basically the same
text.)

The define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl stuff is
actually deprecated, but it still works for the time being.  However,
to be completely up to date and for maximum future proofing, instead
of that line, you should use:

    FEATURE(`authinfo', `hash -o /etc/mail/authinfo')dnl

Then edit the file /etc/mail/authinfo adding text as shown in the
documentation:

    AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST=
-MD5"
    AuthInfo:more.dom "U:user" "P=3Dc2VjcmV0"

Then process that file into the db hash type read by Sendmail:

    # makemap hash authinfo.db < authinfo

and make sure that the authinfo data is properly secured:

    # chown root:wheel authinfo*
    # chmod 600 authinfo*

Then restart sendmail and try a few tests.

Note that if you're using PLAIN authentication you should also use
privacy options 'goaway' to help prevent the password being trivially
disclosed:

    define(`confPRIVACY_FLAGS', `authwarnings,goaway')dnl

You can use this method (with certain small modifications) to
authenticate your MSP sendmail instance to your MTA sendmail -- search
for 'msp-authinfo' in /usr/share/sendmail/cf/README.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBYFb4iD657aJF7eIRAgLjAKCWmkGzfZwCrWncqSzNQj8SYNbWHACeJGyT
jclp1/yTwnI064fN1ee/wwU=
=2Acp
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041003194600.GA10737>