Having problems with SMTP authentication
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sat Dec 29 12:51:13 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Andrew Falanga wrote:
> dnl set SASL options
> TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
>
> But when I ask my e-mail client to "check what the server supports", the
> returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5. Why is LOGIN not
> listed when it's included in this macro file? Is there anything missing from
> this section of the handbook that I've missed?
LOGIN will only be enabled over an encrypted connection. All you need
to do to enable the stock sendmail to support STARTTLS is tell it to
use one or more SSL certs. Adding something like this to
/etc/mail/`hostname`.mc is how to do that:
dnl
dnl TLS stuff
dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
Which means you'ld put the PEM encoded cacert, key and cert into
/etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert
respectively. To generate all of those, there are some pithy
instructions here:
http://www.sendmail.org/~ca/email/other/cagreg.html
When submitting a new message, most mail clients will automatically
do STARTTLS if it's available.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHdrM68Mjk52CukIwRCHdTAJ9oUv7PNaV41xopL9/uw1UMcx1gDACghT4Z
orlyowTjs5ZXPsv+7B/nebg=
=LWRP
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list