On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote:
> Andrew Falanga wrote:
> > dnl set SASL options
> > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> > But when I ask my e-mail client to "check what the server supports", the
> > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not
> > listed when it's included in this macro file? Is there anything missing
> > from this section of the handbook that I've missed?
> LOGIN will only be enabled over an encrypted connection. All you need
> to do to enable the stock sendmail to support STARTTLS is tell it to
> use one or more SSL certs. Adding something like this to
> /etc/mail/`hostname`.mc is how to do that:
this seems to imply you want me to create a file named <hostname>.mc. The
instructions I followed in the handbook also mentioned that, "Many
administrators choose to use the output from hostname(1) as the .mc file for
uniqueness." Do I have to make this new file, paste into it all the stuff
in "freebsd.mc" and then add these lines too?
> dnl TLS stuff
> define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
> Which means you'ld put the PEM encoded cacert, key and cert into
> /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert
> respectively. To generate all of those, there are some pithy
> instructions here:
Thanks for all this.
> When submitting a new message, most mail clients will automatically
> do STARTTLS if it's available.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"