SMTP AUTH over SSL only?
Michael W. Lucas
mwlucas at blackhelicopters.org
Sat Sep 22 10:59:09 PDT 2007
Hi folks,
I have a FreeBSD 7.0 server where I'd like to authenticate against
/etc/master.passwd when using SMTP AUTH and Sendmail. This means
using LOGIN, which can use either plain text or SSL-tunneled
connections. I'd like to allow SMTP AUTH only over SSL, and disallow
it over unencrypted connections. Any suggestions on this? Surely
there's just some switch I'm missing? The archives and search engines
are full of people trying to get SSL working, not people trying to
turn off non-SSL connections.
Here's the relevant snippets of sendmail.mc I'm using.
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`CERT_DIR', `/usr/local/etc/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/hostname-key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/hostname.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/hostname-key.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Any suggestions greatly appreciated!
Thanks,
==ml
--
Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org
http://www.BlackHelicopters.org/~mwlucas/
Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com
On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons."
More information about the freebsd-isp
mailing list