Having problems with SMTP authentication
HI, I've followed the instructions @ http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html, but am still having problems with the authentication process. If I set my client to use either CRAM-MD5 or DIGEST-MD5, I get an error return of authentication failure, most likely the password is wrong. Now, to make sure that I'm understanding this correctly, this program (saslauthd) takes the username and passwords given it and attempts to verify them against what the system knows to be it's users, correct? Working under this assumption, it would seem that the user vmail (a user I created on the system) would be the user that I would want to use in the e-mail client. Well, I've done this and verified that the password is, in fact, correct; I'm unable to authenticate to the SMTP server. Another point of interest, I added these lines (from the handbook) to my freebsd.mc file (as per instructions): dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl But when I ask my e-mail client to check what the server supports, the returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not listed when it's included in this macro file? Is there anything missing from this section of the handbook that I've missed? Andy ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having problems with SMTP authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew Falanga wrote: dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl But when I ask my e-mail client to check what the server supports, the returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not listed when it's included in this macro file? Is there anything missing from this section of the handbook that I've missed? LOGIN will only be enabled over an encrypted connection. All you need to do to enable the stock sendmail to support STARTTLS is tell it to use one or more SSL certs. Adding something like this to /etc/mail/`hostname`.mc is how to do that: dnl dnl TLS stuff dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Which means you'ld put the PEM encoded cacert, key and cert into /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert respectively. To generate all of those, there are some pithy instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html When submitting a new message, most mail clients will automatically do STARTTLS if it's available. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdrM68Mjk52CukIwRCHdTAJ9oUv7PNaV41xopL9/uw1UMcx1gDACghT4Z orlyowTjs5ZXPsv+7B/nebg= =LWRP -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having problems with SMTP authentication
On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: Andrew Falanga wrote: dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl But when I ask my e-mail client to check what the server supports, the returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not listed when it's included in this macro file? Is there anything missing from this section of the handbook that I've missed? LOGIN will only be enabled over an encrypted connection. All you need to do to enable the stock sendmail to support STARTTLS is tell it to use one or more SSL certs. Adding something like this to /etc/mail/`hostname`.mc is how to do that: this seems to imply you want me to create a file named hostname.mc. The instructions I followed in the handbook also mentioned that, Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness. Do I have to make this new file, paste into it all the stuff in freebsd.mc and then add these lines too? dnl dnl TLS stuff dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Which means you'ld put the PEM encoded cacert, key and cert into /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert respectively. To generate all of those, there are some pithy instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html Thanks for all this. Andy When submitting a new message, most mail clients will automatically do STARTTLS if it's available. Cheers, Matthew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Having problems with SMTP authentication
On Sat, 29 Dec 2007 15:24:42 -0700 Andrew Falanga [EMAIL PROTECTED] wrote: [snip] this seems to imply you want me to create a file named hostname.mc. The instructions I followed in the handbook also mentioned that, Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness. Do I have to make this new file, paste into it all the stuff in freebsd.mc and then add these lines too? It has been ages since I worked with Sendmail; however, I believe all you have to do, after configuring the /etc/mail/*.mc files, is run: make all install restart in the /etc/mail directory. Be sure to read the documentation in each of the *.mc files. If you have not all ready done so, check out the aliases file and modify as required. Be sure to run 'newaliases' when finished. If I remember correctly, the new *.cf files will be in the form of hostname.cf. You could always use Postfix. It is a lot easier. -- Gerard [EMAIL PROTECTED] O give me a home, Where the buffalo roam, Where the deer and the antelope play, Where seldom is heard A discouraging word, 'Cause what can an antelope say? signature.asc Description: PGP signature
Re: Having problems with SMTP authentication
On Sat, Dec 29, 2007 at 03:24:42PM -0700, Andrew Falanga wrote: On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote: Andrew Falanga wrote: dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl But when I ask my e-mail client to check what the server supports, the returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not listed when it's included in this macro file? Is there anything missing from this section of the handbook that I've missed? LOGIN will only be enabled over an encrypted connection. All you need to do to enable the stock sendmail to support STARTTLS is tell it to use one or more SSL certs. Adding something like this to /etc/mail/`hostname`.mc is how to do that: this seems to imply you want me to create a file named hostname.mc. The instructions I followed in the handbook also mentioned that, Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness. Do I have to make this new file, paste into it all the stuff in freebsd.mc and then add these lines too? Just run `make` in /etc/mail, it will create `hostname`.mc for you, edit it, and run `make all install restart` (targets are described in /etc/mail/Makefile). dnl dnl TLS stuff dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Which means you'ld put the PEM encoded cacert, key and cert into /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert respectively. To generate all of those, there are some pithy instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html Thanks for all this. Andy When submitting a new message, most mail clients will automatically do STARTTLS if it's available. Cheers, Matthew HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
