Ahmad Arafat Abdullah wrote:
>> ----- Original Message -----
>> From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>> To: "FreeBSD Users Questions" <freebsd-questions@freebsd.org>
>> Subject: Sendmail on FBSD server wont connect to remote user.
>> Date: Sun, 17 Sep 2006 10:57:27 -1000
>>
>>
>> Aloha Questions list,
>>
>> I have been trying to setup Sendmail on a server box.
>> FreeBSD 6.1 HP Pentium II 300 CPU 686
>>
>> After many attempts I am down to this one error.
>>
>> Error:
>> Sending of password did not succeed. Mail server 
>> mahalo.internetohana.org responded:
>> Password supplied for [EMAIL PROTECTED] is incorrect.
>>
>>
>> I have 2 user accounts for test on this swever. I can ping and 
>> telnet into ports 25 and 110 and I get the proper responses from 
>> these users.
>>
>> The 2 user accounts are rejected as per the error when I try to 
>> connect from a mail agent (Mozilla or Thunderbird) from another box 
>> on a different inet. (Also FreeBSD 4.11 running for several years.)
>>
>>
>> The server is setup with send mail SMTP and qpopper for Pop3. There 
>> is nothing else on this box.
>>
>> Do I have to create a password file other than the FreeBSD  
>> /etc/passwd and /etc/master.passwd
>> to get this to work.
>>
>> My previous attempts with Postfix and Dovecot did not get this far.
>>
>> Thanks for any help.
>>
>> Al Plant - Honolulu, Hawaii
>>
>> - Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- 
>> http://internetohana.org -- http://freeBSDinfo.org --
>> + Supporting open source computing - FreeBSD 6.* +
> 
> 
> I'm leaving sendmail long ago since I'm migrated to Postfix..
> but however as i still remember, default sendmail installation
> is just listening to localhost.
> 
> so u need to alter the *.cf file ( in /etc/mail/ )..
> 
> # SMTP client options
> O ClientPortOptions=Family=inet, Address=0.0.0.0
> 
> by default this line will be commented out ( with # or dnl ) or just listen 
> to localhost
> 
> previously I faced this prob with old RedHat 7.x..
> 
> anyone who know this, maybe can correct me if I'm wrong

Yep.  You are completely in the wrong ballpark there.  You are
talking about configuring where sendmail listens for *incoming*
connections, although the mists of time seem to have clouded your
memory of exactly what it is you do...  (Hint: look for DAEMON_PORT_OPTIONS
and maybe add FEATURE(no_default_msa) in the /etc/mail/$(hostname).mc
file)

What the original poster is suffering from is not lack of ability to
connect at the TCP level.  He's needing to configure authentication so
that his mail clients can relay through the server.

Unfortunately it appears he is using the stock sendmail supplied with FreeBSD
which does not have authentication support compiled into it:

250-mahalo.internetohana.org Hello happy-idiot-talk.infracaninophile.co.uk 
[81.187.76.162], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP

You should see: 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN or similar if
the authentication capabilities are enabled.

To make sendmail do authentication, do the following.

   i) Install the security/cyrus-sasl2 port.  Review the configuration file
      /usr/local/lib/sasl2/Sendmail.conf to make sure it does what you want --
      at a minimum it should contain

          pwcheck_method: auxprop

       which should let sendmail auth against the sasldb without needing the
       intercession of saslauthd.  However there are far too many possibilities
       to go into any great depth here -- Google is your friend.

  ii) Add the following to /etc/make.conf and then do a standard buildworld 
cycle
      to enable the authentication capabilities in the base system sendmail:

       SENDMAIL_CFLAGS+=       -I/usr/local/include -DSASL=2
       SENDMAIL_LDFLAGS+=      -L/usr/local/lib
       SENDMAIL_LDADD+=        -lsasl2

  iii) Add to /etc/mail/$(hostname).mc --

       dnl ## Set SASL options
       TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
       define(`confAUTH_REALM', `infracaninophile.co.uk')dnl
       define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
       define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
       define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

      and rebuild the sendmail configuration, restart sendmail, etc:

       # cd /etc/mail
       # make all install restart

  iv) Use the saslpasswd2 program to set up login names and passwords for all
      of the e-mail users permitted to send mail via the system.

Et voilĂ .  Well, actually there's another step the OP would be well advised to
take.  In order to secure 'LOGIN' against password snooping you should turn on
sendmail's TLS capabilities, so it has the capability to switch to using an
encrypted SMTP session.  That (in the best didactic tradition) is left as an
exercise for the student.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to