Re: question about SMTP-authentication (2nd )
Dear Matthew, According to your recommendation (as following). When I do make at /usr/src/sur.sbin/sendmail it show as following. ns1:kamolpat:/usr/src/usr.sbin/sendmailmake clean rm -f sm_os.h sendmail alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz aliases.5.cat.gz sendmail.8.cat.gz ns1:kamolpat:/usr/src/usr.sbin/sendmailmake ln -sf /usr/src/usr.sbin/sendmail/../../contrib/sendmail/include/sm/os/sm_os_freebsd.h sm_os.h cc -O2 -pipe -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/sasl -DSASL=2 -std=gnu99 -fstack-protector -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c In file included from /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:135:25: error: sasl/sasl.h: No such file or directory /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:136:29: error: sasl/saslutil.h: No such file or directory In file included from /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14: /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:607: error: expected '=', ',', ';', 'asm' or '__attribute__' before ':' token /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:691: error: expected specifier-qualifier-list before 'sasl_conn_t' *** Error code 1 Stop in /usr/src/usr.sbin/sendmail. then I try to find where is sasl.h ns1:kamolpat:/usrfind . -name sasl.h ./local/include/sasl/sasl.h ./ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.25/include/sasl.h ./ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.25/include/sasl.h What should I do next? Shold I just copy the sasl.h to /usr/src/contrib/sendmail/src/sendmail ? Thanks Kamolpat On 3/9/2012 12:34 AM, Matthew Seaman wrote: On 08/03/2012 15:55, kamolpat wrote: Setup Reference == 1. I read the how to setup from FreeBSD Handbook (online)- Chapter 29 Electronic Mail - 29.10 SMTP Authentication from freebsd.org 2. setup for cyrus-sasl2 was fine (setup via usr/ports/security/cyrus-sasl2) 3. setup for openssl was 90% fine (setup via port) reference to FreeBSD Handbook (online)-Chapter 15 Security - 15.8 OpenSSL accept the STARTTLS line doesn't appear as mention on the last part of article. Did you rebuild sendmail with the right flags so that it would enable all the SASL bits? Apart from that you seem to have done all the right stuff that I can see. You need to add this to /etc/make.conf: SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 and then rebuild sendmail -- assuming you have system sources installed: # cd /usr/src/usr.sbin/sendmail # make clean # make # make install If you haven't got the system sources installed, then you can get them easily enough with csup(1) or freebsd-update(8) or several other ways. Or you could just install sendmail from ports -- obviously, make sure to choose the option to enable SASL in the config dialogue. If you use the ports sendmail, so long as you set up mailer.conf(5) to point to the ports version -- like so: lucid-nonsense:/etc/mail:% cat mailer.conf # $FreeBSD: stable/8/etc/mail/mailer.conf 93858 2002-04-05 04:25:14Z gshapiro $ # # Execute the real sendmail program, named /usr/local/sbin/sendmail # sendmail/usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail hoststat/usr/local/sbin/sendmail purgestat /usr/local/sbin/sendmail and put the following in /etc/make.conf so it uses the latest configuration file bits: SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf MAKEMAP=/usr/local/sbin/makemap then the ports sendmail is pretty much a drop-in replacement for the system one, and you can use all the config bits in /etc/mail in exactly the same way as normal. Cheers, Matthew E-mail message checked by Internet Security (7.0.0.508) Database version: 6.19440 http://www.pctools.com/en/internet-security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: question about SMTP-authentication (3rd )
Dear Matthew, Ok, I got sendmail complied. Thanks. But seem like ... POP3 still working in clear text usr/pwd sending to Server (but it work, I can get mail from server normal). When I chose option in ThunderBird to another mode, it doesn't work (accept connection security: none, authentication method: password transmitted insecurity this is the option that TB dectected during setting mail account) SMTP doesn't work it declare from Thunder Bird: Send Message Error The Kerberos/GSSAPI ticket was not accepted by the SMTP server mail.dmaccess.co.th Please check that you are logged in to the Kerberos/GSSAPI realm. (event I change authentication method: Kerberos/GSSAPI, it still inform this message) from /var/log/maillog Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA this is my test on server = ns1:kamolpat:/etctelnet dmaccess.co.th 25 Trying 202.170.122.33... Connected to dmaccess.co.th. Escape character is '^]'. 220 ns1.dmaccess.co.th ESMTP Sendmail 8.14.4/8.14.4; Mon, 12 Mar 2012 22:23:14 GMT ehlo dmaccess.co.th 250-ns1.dmaccess.co.th Hello ns1.dmaccess.co.th [202.170.122.33], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP quit 221 2.0.0 ns1.dmaccess.co.th closing connection Connection closed by foreign host. this is my /etc/mail/freebsd.mc = Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=78 dnl Uncomment the first line to change the location of the default http://202.170.122.33:10099/sendmail/move.cgi?idx=78down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=78up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=79 dnl /etc/mail/local-host-names and comment out the second line. http://202.170.122.33:10099/sendmail/move.cgi?idx=79down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=79up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=80 dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') http://202.170.122.33:10099/sendmail/move.cgi?idx=80down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=80up=1 *Define* http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=81 define(`confCW_FILE', `-o /etc/mail/local-host-names') http://202.170.122.33:10099/sendmail/move.cgi?idx=81down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=81up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=82 http://202.170.122.33:10099/sendmail/move.cgi?idx=82down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=82up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=83 dnl Enable for both IPv4 and IPv6 (optional) http://202.170.122.33:10099/sendmail/move.cgi?idx=83down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=83up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=84 DAEMON_OPTIONS(`Name=IPv4, Family=inet') http://202.170.122.33:10099/sendmail/move.cgi?idx=84down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=84up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=85 DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') http://202.170.122.33:10099/sendmail/move.cgi?idx=85down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=85up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=86 http://202.170.122.33:10099/sendmail/move.cgi?idx=86down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=86up=1 *Define* http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=87 define(`confBIND_OPTS', `WorkAroundBroken') http://202.170.122.33:10099/sendmail/move.cgi?idx=87down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=87up=1 *Define* http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=88 define(`confNO_RCPT_ACTION', `add-to-undisclosed') http://202.170.122.33:10099/sendmail/move.cgi?idx=88down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=88up=1 *Define* http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=89 define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') http://202.170.122.33:10099/sendmail/move.cgi?idx=89down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=89up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=90 http://202.170.122.33:10099/sendmail/move.cgi?idx=90down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=90up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=91 GENERICS_DOMAIN_FILE(`/etc/mail/genericdomains'); http://202.170.122.33:10099/sendmail/move.cgi?idx=91down=1http://202.170.122.33:10099/sendmail/move.cgi?idx=91up=1 Other http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=92 http://202.170.122.33:10099/sendmail/move.cgi?idx=92down=1http://202.170.122.33:10099
question about SMTP-authentication
To whom it may concern: Hello, may I need your help about SMTP authentication? Problems: = SMTP-authen doesn't functioning, when I use ThunderBird I try to set authentication method as Kerberos/GSSAPI or Encrypted password, it doesn't work. Background: === I'm intermediate FreeBSD sysadmin. I used to run only normal mail service in my company, which use POP3 on myserver and SMTP from ISP. Now my ISP always get problem, so I prefer to set SMTP service on my server and provide to staffs in company. However to set pure SMTP is not safe, then I prefer to use SMTP-authenicate. Setup Reference == 1. I read the how to setup from FreeBSD Handbook (online)- Chapter 29 Electronic Mail - 29.10 SMTP Authentication from freebsd.org 2. setup for cyrus-sasl2 was fine (setup via usr/ports/security/cyrus-sasl2) 3. setup for openssl was 90% fine (setup via port) reference to FreeBSD Handbook (online)-Chapter 15 Security - 15.8 OpenSSL accept the STARTTLS line doesn't appear as mention on the last part of article. Raw info for considers from /var/log/maillog --- revip2.asianet.co.th is my provider , the dmaccess.co.th is my server Mar 8 22:35:35 ns1 sendmail[18640]: q28MZZ4l018640: ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 8 22:37:29 ns1 sendmail[18644]: q28MbSv3018644: ruleset=check_rcpt, arg1=kamol...@dmaccess.net, relay=ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248], reject=550 5.7.1 kamolpa Mar 8 22:37:34 ns1 sendmail[18644]: q28MbSv3018644: from=smtpt...@dmaccess.co.th, size=778, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=ppp-58-8-163-248.revip2.asianet.co.th [58. Mar 8 22:38:31 ns1 sendmail[18646]: q28McVl2018646: ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 8 22:39:55 ns1 sendmail[18650]: q28MdsOC018650: ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 8 22:40:57 ns1 sendmail[18688]: q28MevLw018688: ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 Mar 8 22:42:05 ns1 sendmail[18689]: q28Mffbd018689: ppp-58-8-163-248.revip2.asianet.co.th [58.8.163.248] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 from /etc/mail/freebsd.mc -- dnl set SASL options TRUST_AUTH_MECH (`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl dnl SSL Options define(`confCACERT_PATH',`/etc/ssl')dnl define(`confCACERT',`/etc/ssl/dm_new.crt')dnl define(`confSERVER_CERT',`/etc/ssl/dm_new.crt')dnl define(`confSERVER_KEY',`/etc/ssl/dm_ca.key')dnl define(`confTLS_SRV_OPTIONS',`V')dnl MAILER(local) MAILER(smtp) Thanks in advance Kamolpat E-mail message checked by Internet Security (7.0.0.508) Database version: 6.19420 http://www.pctools.com/en/internet-security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org