Matthew Seaman wrote:

Ahmad Arafat Abdullah wrote:
----- Original Message -----
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: "FreeBSD Users Questions" <freebsd-questions@freebsd.org>
Subject: Sendmail on FBSD server wont connect to remote user.
Date: Sun, 17 Sep 2006 10:57:27 -1000


Aloha Questions list,

I have been trying to setup Sendmail on a server box.
FreeBSD 6.1 HP Pentium II 300 CPU 686

After many attempts I am down to this one error.

Error:
Sending of password did not succeed. Mail server mahalo.internetohana.org responded:
Password supplied for [EMAIL PROTECTED] is incorrect.


I have 2 user accounts for test on this swever. I can ping and telnet into ports 25 and 110 and I get the proper responses from these users.

The 2 user accounts are rejected as per the error when I try to connect from a mail agent (Mozilla or Thunderbird) from another box on a different inet. (Also FreeBSD 4.11 running for several years.)


The server is setup with send mail SMTP and qpopper for Pop3. There is nothing else on this box.

Do I have to create a password file other than the FreeBSD /etc/passwd and /etc/master.passwd
to get this to work.

My previous attempts with Postfix and Dovecot did not get this far.

Thanks for any help.

Al Plant - Honolulu, Hawaii

- Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- http://internetohana.org -- http://freeBSDinfo.org --
+ Supporting open source computing - FreeBSD 6.* +
I'm leaving sendmail long ago since I'm migrated to Postfix..
but however as i still remember, default sendmail installation
is just listening to localhost.

so u need to alter the *.cf file ( in /etc/mail/ )..

# SMTP client options
O ClientPortOptions=Family=inet, Address=0.0.0.0

by default this line will be commented out ( with # or dnl ) or just listen to 
localhost

previously I faced this prob with old RedHat 7.x..

anyone who know this, maybe can correct me if I'm wrong

Yep.  You are completely in the wrong ballpark there.  You are
talking about configuring where sendmail listens for *incoming*
connections, although the mists of time seem to have clouded your
memory of exactly what it is you do...  (Hint: look for DAEMON_PORT_OPTIONS
and maybe add FEATURE(no_default_msa) in the /etc/mail/$(hostname).mc
file)

What the original poster is suffering from is not lack of ability to
connect at the TCP level.  He's needing to configure authentication so
that his mail clients can relay through the server.

Unfortunately it appears he is using the stock sendmail supplied with FreeBSD
which does not have authentication support compiled into it:

250-mahalo.internetohana.org Hello happy-idiot-talk.infracaninophile.co.uk 
[81.187.76.162], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP

You should see: 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN or similar if
the authentication capabilities are enabled.

To make sendmail do authentication, do the following.

  i) Install the security/cyrus-sasl2 port.  Review the configuration file
     /usr/local/lib/sasl2/Sendmail.conf to make sure it does what you want --
     at a minimum it should contain

         pwcheck_method: auxprop

      which should let sendmail auth against the sasldb without needing the
      intercession of saslauthd.  However there are far too many possibilities
      to go into any great depth here -- Google is your friend.

 ii) Add the following to /etc/make.conf and then do a standard buildworld cycle
     to enable the authentication capabilities in the base system sendmail:

      SENDMAIL_CFLAGS+=       -I/usr/local/include -DSASL=2
      SENDMAIL_LDFLAGS+=      -L/usr/local/lib
      SENDMAIL_LDADD+=        -lsasl2

 iii) Add to /etc/mail/$(hostname).mc --

      dnl ## Set SASL options
      TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
      define(`confAUTH_REALM', `infracaninophile.co.uk')dnl
      define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
      define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
      define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

     and rebuild the sendmail configuration, restart sendmail, etc:

      # cd /etc/mail
      # make all install restart

 iv) Use the saslpasswd2 program to set up login names and passwords for all
     of the e-mail users permitted to send mail via the system.

Et voilĂ .  Well, actually there's another step the OP would be well advised to
take.  In order to secure 'LOGIN' against password snooping you should turn on
sendmail's TLS capabilities, so it has the capability to switch to using an
encrypted SMTP session.  That (in the best didactic tradition) is left as an
exercise for the student.

        Cheers,

        Matthew

Matthew, et all.....


Thanks for the info,

Mathew seems to be on target for the problem with my attempted installs alright. Did I miss something in the FreeBSD How to in the hand book? It seems to me authentication wasn't mentioned as not in the stock Sendmail. I think I see now why the telnet worked to see the install, but the clients needed authentication mechanism which wasnt there.

When I get back from town today  I will try your HowTo.

Your help is very much appreciated.. I've been using Free BSD since 2. (something) but this is the first time I have had to build a mail server.


Al Plant - Honolulu, Hawaii

- Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- http://internetohana.org -- http://freeBSDinfo.org --
+ Supporting open source computing - FreeBSD 6.* +


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to