RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
First, thank you for your reply. Second, I have figured out the problem of not being able to delete IMAP folders in Thunderbird. Apparently this is a client-side issue, not a server one. The answer is to unsubscribe the trash folder in Thunderbird. After unsubscribing, it still appears and operates normally, and you are then able to delete folders. I found the answer in forums regarding older versions of Mozilla Mail, which is why nothing turned up on a search for Thunderbird. Not sure of the exact cause, or if this indeed a bug or just something I missed in the documentation, but it works now. From: Ted Mittelstaedt [EMAIL PROTECTED] To: Greg Groth [EMAIL PROTECTED], [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Fri, 17 Feb 2006 04:11:15 -0800 Hi Greg, It is true there's a lot of software available but I have found over the years that a lot of the packages are good, and will work equally well on the back end. Most of the older ones have matured to the point that a rather common selection criteria is I chose that because that's what all my friends are running You really won't know what works the best unless you try all of the packages, and nobody has the time for that. So what you have to do is just pick one based on whatever sketchy research you turn up and spend some time on it, after a few months you will know if it's going to work for you or not. Most times it will work OK for you so your choice becomes one of which is better: knowing a few packages well, or a lot of packages not very well. A hobbiest/amateur is better off knowing a lot of packages not very well, because their fun is in trying out new things and learning how different things are done. But a manager of a production system is in the other boat, they need to know a few packages very, very well. You need to be aware of which kind of person your taking advice from. IMHO RedHat isn't much good unless you go the full meal deal and buy a support contract from RedHat. If you are upgrading from old 7/9 RH and you want to keep the RH universe, and you don't want to buy into support, then go to CentOS. RedHat was becoming a pain to deal with. It seemed to me, and this is just my opinion and worth the paper this email is printed on, that a lot of the software had been tweaked to where common solutions to common problems didn't work, and solutions had to be found for the specific version of RedHat I was using. Not that there's anything morally wrong with RedHat doing this, I just found it a pain when looking for answers to problems. Frankly I feel that one of the big problems with Linux right now is they are missing the boat on SATA RAID big time, and I mean really, really big time. Most server-quality motherboards these days come with RAID0/1 SATA chipsets, and disk drives are so cheap now that even people putting together little crummy servers are going mirrored SATA disks. But Linux has ignored this, claiming it's the responsibility of the manufacturers to write drivers, and most of them haven't. The Linux people all seem to think it's perfectly OK to go buy an Intel motherboard with onboard ICH7R RAID and disable that and drop $200 into a 3ware RAID card and plug that into the motherboard if you have the nerve to run RAID on anything other than a Real SCSI RAID array. Fine, let them delude themselves, it just puts Linux further and further away from the server arena. Most Linux distros have terrible or nonexistent support for Promise RAID cards as well, once again, really short-sighted. I don't know much on this subject I'm afraid, but I'm about to get into this because KnoppMyth apparently has issues running a SATA drive as a primary boot device. (Off the subject, but I tried getting MythTV running on RedHat FC4, and ran into too many issues getting it running to continue on that route). Anyway, getting back to your situation. We run SSL imap and pop3, with uw-imap. I recommend this route since it allows people to hit their maibox with both pop3 and imap and not get a lot of funny messages about popping down the placeholder message. uw-imap used to have a problem with really big e-mails years ago, it would swap itself to death building the tempfiles, this was fixed years ago. I did solve my SSL problem by recompiling UW-IMAP and Sendmail without SSL, and installing stunnel. Everything is working the way I want it configured. Hopefully there won't be any scalability issues, but I don't expect any in our tiny environment. We run SMTP AUTH but we don't run SSL SMTP. Why? Because way too many customers out there still run elderly versions of e-mail clients that can't handle SSL SMTP. If I was doing up a mailserver for a corporation I might consider SSL SMTP, but frankly, I think the idea that someone's going to sniff your password is highly overrated. Most people set their e-mail
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
the saved password from outlooks ini files, it's not like Microsoft encrypts it or anything. The worm leaves a back door and you scan the internet looking for the back doors. You will find plenty to keep yourself busy. We see customers that have had this done to them almost every day. By contrast I've never once seen a customer with an employee who wasn't a network administrator that knew what a packet sniffer was and how to use it. As far as WEP is concerned the trade rags constantly claim how insecure it is and how easy it is to brute force crack and obtain keys - once again, this is laboratory stuff, it's not visible in the real world. In the real world there are so many unsecured wireless networks in the average city that a cracker that turns on a wireless promiscious sniffer is going to see 3-4 networks, 3/4 of which are wide open, no matter where they go. What incentive is there to crack? And that's just the people dumb enough to leave SSID broadcasting turned on. Anyway, one last note for you. No matter what you use, just about all the instructions out there tell you to create a self-signed certificate for imap/ssl smtp/etc. do not do this! The Microsoft e-mail clients can't handle this. What you want to do is create a root certificate, then create certificates for all your https servers, your secure imap and pop servers, your ssl smtp, you name it. Sign all of them with the root CA. Then, insert the root CA into the list of trusted root CA's in the Microsoft browser on the client, and from that point on the Microsoft clients don't think you are running self-signed certificates anymore and do not whine, bitch and complain and you don't have to fumble around inserting a bunch of self-signed certificates for every little service you run into all your clients. That is for example how you get Outlook to speak SSL without paying Verisign. A lot of people fooling with self-signed certs have discovered to their dismay that only outlook express can have a self-signed cert installed, regular outlook from ms office cannot. Ted -Original Message- From: Greg Groth [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 14, 2006 8:14 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. On Feb 13, 2006, at 4:25 PM, Kirk Davis wrote: Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
From: Kirk Davis [EMAIL PROTECTED] To: Greg Groth [EMAIL PROTECTED] CC: freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Mon, 13 Feb 2006 14:25:04 -0700 Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl That is what I was guessing, however I couldn't find a Sendmail for Dummies book that could explain The DAEMON_OPTIONS in language I understand. It's very easy to get lost in the online docs and the O'Reilly book, for me anyway. DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Yes I have. The above mentioned How-To states to have MS products connect on port 25, which didn't make a whole lot of sense to me, so I tried both 25 and 465 using Thunderbird. Thunderbird returned with a message that the SMTP server was not accepting connections. Now that I know what's wrong with my MC file, I'm guessing I havge to take a stronger look at my certificates and make sure that they're working correctly. I might have a path screwed up somewhere. Seems that if it's listening on 465, everything should be OK with Sendmail, but there might be a problem with SSL. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much forced my hand, and my goal was to replicate what we had in place ASAP. Because of my (limited) knowledge of Sendmail, I went that route as I know nothing of the alternatives. I went with IMAP-UW because not because of anything I had read, but because I was attempting to get the POP-Before-SMTP port to work (which it didn't - long story), and IMAP-UW seemed a good alternative as it is a POP and IMAP server and was easily configured in POP-Before-SMTP. Since I could not find a POP-Before-SMTP solution that I could get to operate (I had problems with POP-Before-SMTP, and DRAC before throwing in the towel), I decided to switch to SMTP-AUTH. So here's my situation, we have about 25 users on the server. I need POP and IMAP that will operate with and without SSL, and SMTP that can handle SMTP-AUTH with and without SSL. Out of the 25 users, I have 3 that are email packrats, and have between 2-4 gigs of email apiece. They are currently using POP on Outlook Express, but will be switching over to IMAP on Thunderbird in the near future (I also have 5 users that I'm not sure what client they are using, we're hosting their domain - long story). Our office peronnel will be migrating to IMAP, using SSL when out of the office, and plain text when in. The five users in which we are hosting their email will remain on POP, and although SSL would be nice, I want the ability to offer plain text in case I run into client issues. Similar circumstances for SMTP, I can relay by domain for users on our network, and would like to use SMTP-AUTH for off-ste users. SSL preferred, but offer plain text in case of client issues. Last issue would be something that will play nice with SquirrelMail. Although I'm very familiar with administering Sendmail (starting, stopping, backing up, running makemaps), configuring is another story. While SMTP is pretty much running as stable as it ever has, I still have issues from time to time. For instance I am sending this from Hotmail as this list is currently bouncing email from my server because of some error I have not investigated yet. At this moment I am pretty much open to anything, but I don't have a good way of evaluating different options other than trial and error (and I'm kind of short on time). I know that a lot of times it comes
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Sorry for the double submission, I totally screwed up. I have added my response this time... From: Ted Mittelstaedt [EMAIL PROTECTED] To: Joe Auty [EMAIL PROTECTED], Kirk Davis [EMAIL PROTECTED] CC: Greg Groth [EMAIL PROTECTED], freebsd-questions@freebsd.org Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Date: Tue, 14 Feb 2006 00:34:28 -0800 I'm sure glad that this message didn't pass through my work mailserver so that it's didn't see it, since my work e-mail inbox has 16383 messages in it (the limit that Outlook can display in IMAP mode) and is 412 megabytes in size, and performance is perfectly fine both with Outlook and Horde/IMP. I wouldn't want my mailserver reading it and thinking that it's OK to slack off. And yes I know I need to delete some messages, speak to the hand if your going to make that crack. This is imap-uw/sendmail. Perhaps you might consider that since you haven't run imap-uw in a while that your no longer qualified to make claims about it? Or perhaps you never had it setup properly? Or perhaps your hardware was slow? Nothing is wrong with Postfix / Courier-IMAP but nothing is wrong either with sendmail / uw-imap. Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joe Auty Sent: Monday, February 13, 2006 1:53 PM To: Kirk Davis Cc: Greg Groth; freebsd-questions@freebsd.org Subject: Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. I appreciate both of your comments, as I have stated I am new to BSD. Part of my problem is the huge amount of software available, and no good way to determine what will work better for my situation. Perhaps if I explain my situation, it would help some. We've been running Sendmail and a POP-Before-SMTP script for the last 6 years on a Redhat box. I think it started out on 5.2, and was up to 7.3 when it crashed 3 weeks ago. I had been planning to upgrade the server, and had a new box ready to go, but I had stalled on the OS. I didn't want to go down the Redhat route because of strictly personal issues that are more opinions than fact, and a friend suggest FreeBSD. The server crash pretty much forced my hand, and my goal was to replicate what we had in place ASAP. Because of my (limited) knowledge of Sendmail, I went that route as I know nothing of the alternatives. I went with IMAP-UW because not because of anything I had read, but because I was attempting to get the POP-Before-SMTP port to work (which it didn't - long story), and IMAP-UW seemed a good alternative as it is a POP and IMAP server and was easily configured in POP-Before-SMTP. Since I could not find a POP-Before-SMTP solution that I could get to operate (I had problems with POP-Before-SMTP, and DRAC before throwing in the towel), I decided to switch to SMTP-AUTH. So here's my situation, we have about 25 users on the server. I need POP and IMAP that will operate with and without SSL, and SMTP that can handle SMTP-AUTH with and without SSL. Out of the 25 users, I have 3 that are email packrats, and have between 2-4 gigs of email apiece. They are currently using POP on Outlook Express, but will be switching over to IMAP on Thunderbird in the near future (I also have 5 users that I'm not sure what client they are using, we're hosting their domain - long story). Our office peronnel will be migrating to IMAP, using SSL when out of the office, and plain text when in. The five users in which we are hosting their email will remain on POP, and although SSL would be nice, I want the ability to offer plain text in case I run into client issues. Similar circumstances for SMTP, I can relay by domain for users on our network, and would like to use SMTP-AUTH for off-ste users. SSL preferred, but offer plain text in case of client issues. Last issue would be something that will play nice with SquirrelMail. Although I'm very familiar with administering Sendmail (starting, stopping, backing up, running makemaps), configuring is another story. While SMTP is pretty much running as stable as it ever has, I still have issues from time to time. For instance I am sending this from Hotmail as this list is currently bouncing email from my server because of some error I have not investigated yet. At this moment I am pretty much open to anything, but I don't have a good way of evaluating different options other
RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders in the user home directory. This is where the IMAP user forlders are by default. I usually setup the clients to use the base imap if Mail and then create a Mail directory in the user home directory. That way the mail folders don't get messed up with the user stuff. Hopefully this is the right list for these questions, if not, could someone please direct me to the correct one? Any advice anyone can give me on either of these problems would be greatly appreciated. Kirk Kirk Davis Senior Network Analyst, ITS Edmonton Public Schools 1-780-429-8308 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Hey Greg, Sorry if this completely throws a monkey wrench into your plans, but I feel inspired to interject since I once had a nearly identical setup as you... I switched to Postfix and Courier-IMAP since I found that performance of large mailboxes in IMAP-UW was pretty poor, especially over web- based email where messages are not cached. I switched to Postfix because it is so much more simple and straight forward than Sendmail. You should have no problems switching to Postfix, since it is basically Sendmail with a nicer wrapper/configuration. Just food for thought. On Feb 13, 2006, at 4:25 PM, Kirk Davis wrote: Hi Greg, I'm trying to set up a FreeBSD 6.0 box as a mail server, and while everything seems to be working OK for the most part, I have run into two issues that I cannot resolve (I'm new to BSD, please bear with me). Install went as follows: Installed via FTP last night along with src - Sources for everything, IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT enabled (same for cclient), OpenSSL, Cyrus-SASL2 Cyrus-SASL2-saslauthd were compiled via ports with no flags. Sendmail was installed with the base install and recompiled (after SASL2 was up and running) with the following options added to make.conf: # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL I followed the instructions I found at http://www.bsdconspiracy.net/howto/sendmail.html, and had no problems with the install except for Sendmail. After recompiling sendmail, I added the following lines to the mail.server.mc file: define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl This is your problem. The above line sets up the Sendmail daemon to listen on port 25 but the standard mc file distributed with FreeBSD also sets up a DAEMON port (it's at the end of the MC file). Here is what my DAEMON_OPTIONS lines look like. These should be the only DAEMON_OPTIONS lines in the mc file. dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl After running (in /etc/mail) make clean, make cf, make install, make restart, SMTP no longer works, and I find the following in maillog and messages Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem creating SMTP socket Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use When I try and stop sendmail, I get a message that the pid for Sendmail cannot be found. I end up killing the missing Sendmail daemon using KSysGuard If I remove this line - DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl from the mail.server.mc file, make cf, make install, make restart, sendmail starts normally. When trying to access from another machine on my network, I can only connect on port 25 without a secure connection (I'm using Thunderbird for this), although SMTP-AUTH is working correctly. Have you tried to setup your mail client to connect to port 465? This is the smtps (SMTP SSL) port. Any ideas on what I might need to do to get SSL / SMTP-AUTH working on SMTP? I took a look at the instructions in the handbook, but they were written for SASL1. Running netstat shows smtps listening on 465, but when I try to telnet to that port, the server drops the connection. Hmm... It should connect but you will not see anything since it is expecting an SSL connection. My second problem is rather simple, after I create an IMAP folder, I am unable to delete it using a remote client. Thunderbird responds with The mail server responded: RENAME failed: Can't create mailbox node /home/User/Trash/: File exists. Nothing shows up in any of the server logs though. I have not seen this problem although I have it setup for an office of Outlook users. I would check the permissions on the folders in the user home directory. This is where the IMAP user forlders are by default. I usually setup the clients to use the base imap if Mail and then create a Mail directory in the user home directory. That way the mail folders don't get messed up with the user stuff. Hopefully this is the right list for these questions, if not, could someone please direct me to the correct one? Any advice anyone can give me on either of these problems would be
