From owner-freebsd-questions@FreeBSD.ORG Sun Oct 3 19:46:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1949616A4CE for ; Sun, 3 Oct 2004 19:46:06 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC22543D46 for ; Sun, 3 Oct 2004 19:46:04 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i93Jk1DB011112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 3 Oct 2004 20:46:01 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i93Jk0uN011111; Sun, 3 Oct 2004 20:46:00 +0100 (BST) (envelope-from matthew) Date: Sun, 3 Oct 2004 20:46:00 +0100 From: Matthew Seaman To: Mike Jeays Message-ID: <20041003194600.GA10737@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Mike Jeays , freebsd-questions@freebsd.org References: <1096815728.30508.37.camel@chaucer> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="mP3DRpeJDSE+ciuQ" Content-Disposition: inline In-Reply-To: <1096815728.30508.37.camel@chaucer> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Sun, 03 Oct 2004 20:46:01 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version 0.75l on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: SMTP Authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Oct 2004 19:46:06 -0000 --mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 03, 2004 at 11:02:08AM -0400, Mike Jeays wrote: > How do I tell sendmail to provide an authentication string when I ask it > to send messages to my ISP (a cable provider)? They use PLAIN > authentication, and I did not have too much trouble getting the base 64 > string by snooping with Ethereal when I sent mail from Evolution, and > can send out emails "by hand" or from an Expect script. >=20 > The relevant part of my sendmail config file is: >=20 > define(`SMART_HOST', `smtp.broadband.rogers.com') >=20 > set SASL options > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl > define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl That's fine as it goes, but that's mostly to do with the server side of SMTP AUTH. =20 > There doesn't seem any way to tell it what my userid and password for > the ISP should be. >=20 > I have tried reading various documentation, but haven't been able to > find what is required. This is what the /etc/mail/authinfo file is for. This is the page you need to read -- specifically the second half: http://www.sendmail.org/m4/smtp_auth.html (or see the section "Providing SMTP AUTH Data when sendmail acts as Client" in /usr/share/sendmail/cf/README, which is basically the same text.) The define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl stuff is actually deprecated, but it still works for the time being. However, to be completely up to date and for maximum future proofing, instead of that line, you should use: FEATURE(`authinfo', `hash -o /etc/mail/authinfo')dnl Then edit the file /etc/mail/authinfo adding text as shown in the documentation: AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST= -MD5" AuthInfo:more.dom "U:user" "P=3Dc2VjcmV0" Then process that file into the db hash type read by Sendmail: # makemap hash authinfo.db < authinfo and make sure that the authinfo data is properly secured: # chown root:wheel authinfo* # chmod 600 authinfo* Then restart sendmail and try a few tests. Note that if you're using PLAIN authentication you should also use privacy options 'goaway' to help prevent the password being trivially disclosed: define(`confPRIVACY_FLAGS', `authwarnings,goaway')dnl You can use this method (with certain small modifications) to authenticate your MSP sendmail instance to your MTA sendmail -- search for 'msp-authinfo' in /usr/share/sendmail/cf/README. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBYFb4iD657aJF7eIRAgLjAKCWmkGzfZwCrWncqSzNQj8SYNbWHACeJGyT jclp1/yTwnI064fN1ee/wwU= =2Acp -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ--