Date: Tue, 14 Feb 2006 08:29:18 -0600 From: "Greg Groth" <ggroth99@hotmail.com> To: Kirk.Davis@epsb.ca Cc: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Message-ID: <BAY14-F24C59FA27921C62EDABC92CE060@phx.gbl> In-Reply-To: <04C71268DFDAA8499EC1A248A44B6A2B019E50B6@Exchange21.EDU.epsb.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: "Kirk Davis" <Kirk.Davis@epsb.ca> >To: "Greg Groth" <ggroth99@hotmail.com> >CC: <freebsd-questions@freebsd.org> >Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems >Date: Mon, 13 Feb 2006 14:25:04 -0700 > >Hi Greg, > > > I'm trying to set up a FreeBSD 6.0 box as a mail server, and while > > everything seems to be working OK for the most part, I have > > run into two > > issues that I cannot resolve (I'm new to BSD, please bear > > with me). Install > > went as follows: Installed via FTP last night along with > > "src - Sources for > > everything", > > > > IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT > > enabled (same for > > cclient), OpenSSL, Cyrus-SASL2 & Cyrus-SASL2-saslauthd were > > compiled via > > ports with no flags. > > > > Sendmail was installed with the base install and recompiled > > (after SASL2 was > > up and running) with the following options added to make.conf: > > > > # SASL (cyrus-sasl v2) sendmail build flags... > > SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 > > SENDMAIL_LDFLAGS=-L/usr/local/lib > > SENDMAIL_LDADD=-lsasl2 > > # Adding to enable alternate port (smtps) for sendmail... > > SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL > > > > I followed the instructions I found at > > http://www.bsdconspiracy.net/howto/sendmail.html, and had no > > problems with > > the install except for Sendmail. After recompiling sendmail, > > I added the > > following lines to the mail.server.mc file: > > > > define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl > > TRUST_AUTH_MECH(`PLAIN LOGIN')dnl > > define(`CERT_DIR', `/etc/mail/certs')dnl > > define(`confCACERT_PATH', `CERT_DIR')dnl > > define(`confCACERT', `CERT_DIR/mycert.pem')dnl > > define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl > > define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl > > define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl > > define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > >This is your problem. The above line sets up the Sendmail daemon to >listen on port 25 but the standard mc file distributed with FreeBSD also >sets up a DAEMON port (it's at the end of the MC file). > >Here is what my DAEMON_OPTIONS lines look like. These should be the >only DAEMON_OPTIONS lines in the mc file. >dnl Enable for both IPv4 and IPv6 (optional) >DAEMON_OPTIONS(`Name=IPv4, Family=inet') >DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') >DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl That is what I was guessing, however I couldn't find a Sendmail for Dummies book that could explain The DAEMON_OPTIONS in language I understand. It's very easy to get lost in the online docs and the O'Reilly book, for me anyway. > > > > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > > > After running (in /etc/mail) "make clean", "make cf", "make > > install", "make > > restart", SMTP no longer works, and I find the following in > > maillog and > > messages > > > > Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem > > creating SMTP socket > > Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): > > opendaemonsocket: > > daemon IPv4: cannot bind: Address already in use > > > > When I try and stop sendmail, I get a message that the pid > > for Sendmail > > cannot be found. I end up killing the missing Sendmail daemon using > > KSysGuard > > > > If I remove this line - "DAEMON_OPTIONS(`Port=smtp, > > Name=MTA')dnl" from the > > mail.server.mc file, make cf, make install, make restart, > > sendmail starts > > normally. When trying to access from another machine on my > > network, I can > > only connect on port 25 without a secure connection (I'm > > using Thunderbird > > for this), although SMTP-AUTH is working correctly. > >Have you tried to setup your mail client to connect to port 465? This >is the smtps (SMTP SSL) port. Yes I have. The above mentioned How-To states to have MS products connect on port 25, which didn't make a whole lot of sense to me, so I tried both 25 and 465 using Thunderbird. Thunderbird returned with a message that the SMTP server was not accepting connections. Now that I know what's wrong with my MC file, I'm guessing I havge to take a stronger look at my certificates and make sure that they're working correctly. I might have a path screwed up somewhere. Seems that if it's listening on 465, everything should be OK with Sendmail, but there might be a problem with SSL. > > > > Any ideas on what I might need to do to get SSL / SMTP-AUTH > > working on SMTP? > > I took a look at the instructions in the handbook, but they > > were written > > for SASL1. Running netstat shows smtps listening on 465, but > > when I try to > > telnet to that port, the server drops the connection. > >Hmm... It should connect but you will not see anything since it is >expecting an SSL connection. > > > My second problem is rather simple, after I create an IMAP > > folder, I am > > unable to delete it using a remote client. Thunderbird > > responds with "The > > mail server responded: RENAME failed: Can't create mailbox node > > /home/User/Trash/: File exists. Nothing shows up in any of > > the server logs > > though. > >I have not seen this problem although I have it setup for an office of >Outlook users. I would check the permissions on the folders in the user >home directory. This is where the IMAP user forlders are by default. I >usually setup the clients to use the base imap if Mail and then create a >Mail directory in the user home directory. That way the mail folders >don't get messed up with the user stuff. I'm going to have to play around with this a bit more. After thinking about it, I have not tested deleting a directory through an IMAP connection, only an IMAPS connection. It's possible that I'm experiencing some kind of problem there as well. I will also take a look at the permissions, which I have not done yet since I assumed that if I could create it, I should be able to delete it, but we all know what happens when we assume things. > > > > > Hopefully this is the right list for these questions, if not, > > could someone > > please direct me to the correct one? Any advice anyone can > > give me on > > either of these problems would be greatly appreciated. > > > >---- Kirk >Kirk Davis >Senior Network Analyst, ITS >Edmonton Public Schools >1-780-429-8308 Many, many thanks on clearing up the Sendmail issue. Greg Groth _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY14-F24C59FA27921C62EDABC92CE060>