I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migrating
web hosting and e-mail hosting from the old server to the new one.
Goal: use sendmail to allow users to point their email clients at
mail.domain.com for in & out, with SMTP Authentication so they can use these
accounts from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and SMTP
(TLS over port 25)
Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but not
plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS,
although it does attempt the communication), IMAP without SSL
Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication methods
supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <[EMAIL PROTECTED] (rest of
message cut off by Outlook)
maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while
reading line user=??? host=MY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME
[1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init
success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin):
init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to filters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=server, relay=MY.PUBLIC.NAME
[1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=AES128-SHA, bits=128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure
(DIGEST-MD5): authentication failure (-13) SASL(-13): authentication failure:
realm changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=server, relay=MY.PUBLIC.NAME
[1.2.3.4], authid=MYUSERNAME, mech=LOGIN, bits=0
Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."
[EMAIL PROTECTED] /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS
LOGINDISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400
(EDT)
Output from openssl s_client localhost:993 (after all the certificate stuff):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=PLAIN
AUTH=LOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:18:45
-0400 (EDT)
mc file follows:
### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc 2.3 (IXN.com) 3/21/2008')
OSTYPE(freebsd4)dnl
DOMAIN(generic)dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl
TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_OPTIONS',`p,y')dnl
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection to
this host on port 25 you authorize possible relay testing of the connecting
host. If you do not wish to be tested do not establish connections with this
host; $b')dnl
define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl
define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl
FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from
server " $&{client_addr} " by psbl.surriel.com DNSBL see:
http://psbl.surriel.com/listing?ip="; $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from
server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL
(http://www.spamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from
server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550