Date: Thu, 20 Dec 2001 09:44:53 -0500 From: Leo Bicknell <bicknell@ufp.org> To: "Louis A. Mamakos" <louie@TransSys.COM>, Dominic Mitchell <dom@semantico.com> Cc: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org>, freebsd-hackers@FreeBSD.ORG, Yung-Sheng Tang <freebsd@hoolan.org> Subject: Re: sendmail + auth + ssl + freebsd Message-ID: <20011220144453.GA93793@ussenterprise.ufp.org> In-Reply-To: <scvheqmyov6.fsf@cassia.rp.lan> <200112200443.fBK4h4791394@whizzo.transsys.com> References: <Pine.BSF.4.05.10112202131370.2916-100000@hoolan.org> <scvheqmyov6.fsf@cassia.rp.lan> <20011220022654.GA78232@ussenterprise.ufp.org> <3C215040.9080404@rambo.simx.org> <200112200443.fBK4h4791394@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In a message written on Wed, Dec 19, 2001 at 11:43:04PM -0500, Louis A. Mamakos wrote:
> You have to generate a public key certificate and have the private
> key available to the sendmail daemon before it will do the STARTTLS
> thing.
>
> I've got a shell script around there that signs a certificate with a
> bogus CA which enable the use of STARTTLS. You can't validate the
> other end of the connection, but at least it negotiates an encrypted
> session.
This all seems to make sense, and mirrors the SSL web stuff fairly
closely in steps, which only makes sense.
From another suggestion, on a FreeBSD-stable box:
%sendmail -bv -d0.13 postmaster
Version 8.11.6
Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND
NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SCANF SMTP STARTTLS
TCPWRAPPERS USERDB XDEBUG
So the STARTTLS is compiled into the base binary, add to that:
%strings /usr/libexec/sendmail/sendmail | grep SSL | wc -l
56
And it would seem all the SSL bits are there, I think I will play
with that.
In a message written on Thu, Dec 20, 2001 at 01:58:53PM +0000, Dominic Mitchell wrote:
> There are also details given in /etc/defaults/make.conf on my
> 4.4-STABLE system, although that file appears to have gone from
> current...
>
> # Setting the following variables modifies the build environment for
> # sendmail and its related utilities. For example, SASL support can be
> # added with settings such as:
> #
> # SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
> # SENDMAIL_LDFLAGS=-L/usr/local/lib
> # SENDMAIL_LDADD=-lsasl
It appears that this would enable SMTP AUTH with SASL. Are there
any plans to make SASL be part of the base distribution so this
could be made the default?
I, for one, think it would be really cool if saying "sendmail="YES""
in /etc/rc.conf gave you a sendmail that could authenticate against
the password file, and if you gave it a certificate do SSL. I think
that would get a lot more people interested in both options.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011220144453.GA93793>