From owner-freebsd-questions@FreeBSD.ORG Mon Sep 18 05:57:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CABD16A4B3 for ; Mon, 18 Sep 2006 05:57:43 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.187.76.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 077F243D5E for ; Mon, 18 Sep 2006 05:57:41 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from [IPv6:::1] (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.13.8/8.13.8) with ESMTP id k8I5vEqe099783; Mon, 18 Sep 2006 06:57:14 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=softfail; spf=softfail X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk k8I5vEqe099783 Message-ID: <450E3534.6080403@infracaninophile.co.uk> Date: Mon, 18 Sep 2006 06:57:08 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 1.5.0.7 (X11/20060915) MIME-Version: 1.0 To: Ahmad Arafat Abdullah References: <20060918021548.59DB41BF287@ws1-1.us4.outblaze.com> In-Reply-To: <20060918021548.59DB41BF287@ws1-1.us4.outblaze.com> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigF1C9A0CDFD6AD236DDFA1C80" X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (smtp.infracaninophile.co.uk [IPv6:::1]); Mon, 18 Sep 2006 06:57:35 +0100 (BST) X-Virus-Scanned: ClamAV 0.88.4/1891/Sun Sep 17 22:16:53 2006 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_POLICY_TESTING, NO_RELAYS autolearn=ham version=3.1.5 X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on happy-idiot-talk.infracaninophile.co.uk Cc: admin@hdk5.com, FreeBSD Users Questions Subject: Re: Sendmail on FBSD server wont connect to remote user. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Sep 2006 05:57:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigF1C9A0CDFD6AD236DDFA1C80 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Ahmad Arafat Abdullah wrote: >> ----- Original Message ----- >> From: "admin@hdk5.com" >> To: "FreeBSD Users Questions" >> Subject: Sendmail on FBSD server wont connect to remote user. >> Date: Sun, 17 Sep 2006 10:57:27 -1000 >> >> >> Aloha Questions list, >> >> I have been trying to setup Sendmail on a server box. >> FreeBSD 6.1 HP Pentium II 300 CPU 686 >> >> After many attempts I am down to this one error. >> >> Error: >> Sending of password did not succeed. Mail server=20 >> mahalo.internetohana.org responded: >> Password supplied for admin@internetohana.org is incorrect. >> >> >> I have 2 user accounts for test on this swever. I can ping and=20 >> telnet into ports 25 and 110 and I get the proper responses from=20 >> these users. >> >> The 2 user accounts are rejected as per the error when I try to=20 >> connect from a mail agent (Mozilla or Thunderbird) from another box=20 >> on a different inet. (Also FreeBSD 4.11 running for several years.) >> >> >> The server is setup with send mail SMTP and qpopper for Pop3. There=20 >> is nothing else on this box. >> >> Do I have to create a password file other than the FreeBSD =20 >> /etc/passwd and /etc/master.passwd >> to get this to work. >> >> My previous attempts with Postfix and Dovecot did not get this far. >> >> Thanks for any help. >> >> Al Plant - Honolulu, Hawaii >> >> - Admin -- http://hawaiidakine.com -- http://hdk5.com -- --=20 >> http://internetohana.org -- http://freeBSDinfo.org -- >> + Supporting open source computing - FreeBSD 6.* + >=20 >=20 > I'm leaving sendmail long ago since I'm migrated to Postfix.. > but however as i still remember, default sendmail installation > is just listening to localhost. >=20 > so u need to alter the *.cf file ( in /etc/mail/ ).. >=20 > # SMTP client options > O ClientPortOptions=3DFamily=3Dinet, Address=3D0.0.0.0 >=20 > by default this line will be commented out ( with # or dnl ) or just li= sten to localhost >=20 > previously I faced this prob with old RedHat 7.x.. >=20 > anyone who know this, maybe can correct me if I'm wrong Yep. You are completely in the wrong ballpark there. You are talking about configuring where sendmail listens for *incoming* connections, although the mists of time seem to have clouded your memory of exactly what it is you do... (Hint: look for DAEMON_PORT_OPTIO= NS and maybe add FEATURE(no_default_msa) in the /etc/mail/$(hostname).mc file) What the original poster is suffering from is not lack of ability to connect at the TCP level. He's needing to configure authentication so that his mail clients can relay through the server. Unfortunately it appears he is using the stock sendmail supplied with Fre= eBSD which does not have authentication support compiled into it: 250-mahalo.internetohana.org Hello happy-idiot-talk.infracaninophile.co.u= k [81.187.76.162], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP You should see: 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN or similar if the authentication capabilities are enabled. To make sendmail do authentication, do the following. i) Install the security/cyrus-sasl2 port. Review the configuration fi= le /usr/local/lib/sasl2/Sendmail.conf to make sure it does what you wa= nt -- at a minimum it should contain pwcheck_method: auxprop which should let sendmail auth against the sasldb without needing = the intercession of saslauthd. However there are far too many possibi= lities to go into any great depth here -- Google is your friend. ii) Add the following to /etc/make.conf and then do a standard buildwor= ld cycle to enable the authentication capabilities in the base system sendma= il: SENDMAIL_CFLAGS+=3D -I/usr/local/include -DSASL=3D2 SENDMAIL_LDFLAGS+=3D -L/usr/local/lib SENDMAIL_LDADD+=3D -lsasl2 iii) Add to /etc/mail/$(hostname).mc -- dnl ## Set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_REALM', `infracaninophile.co.uk')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')d= nl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl and rebuild the sendmail configuration, restart sendmail, etc: # cd /etc/mail # make all install restart iv) Use the saslpasswd2 program to set up login names and passwords for= all of the e-mail users permitted to send mail via the system. Et voil=E0. Well, actually there's another step the OP would be well adv= ised to take. In order to secure 'LOGIN' against password snooping you should tu= rn on sendmail's TLS capabilities, so it has the capability to switch to using = an encrypted SMTP session. That (in the best didactic tradition) is left as= an exercise for the student. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigF1C9A0CDFD6AD236DDFA1C80 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFDjU58Mjk52CukIwRCLzNAJ4x1u83bsixkNM6AnlzVDk7FWXifACfRhjQ 2f6FnL9riTOAZWm7G6VVnDk= =d+sx -----END PGP SIGNATURE----- --------------enigF1C9A0CDFD6AD236DDFA1C80--