SMTP AUTH over SSL only?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sat Sep 22 11:26:57 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Michael W. Lucas wrote:
> Hi folks,
>
> I have a FreeBSD 7.0 server where I'd like to authenticate against
> /etc/master.passwd when using SMTP AUTH and Sendmail. This means
> using LOGIN, which can use either plain text or SSL-tunneled
> connections. I'd like to allow SMTP AUTH only over SSL, and disallow
> it over unencrypted connections. Any suggestions on this? Surely
> there's just some switch I'm missing? The archives and search engines
> are full of people trying to get SSL working, not people trying to
> turn off non-SSL connections.
>
> Here's the relevant snippets of sendmail.mc I'm using.
>
> TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`CERT_DIR', `/usr/local/etc/certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/hostname.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/hostname.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/hostname-key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/hostname.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/hostname-key.pem')dnl
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> Any suggestions greatly appreciated!
Add this to your /etc/mail/`hostname`.mc:
define(`confAUTH_OPTIONS', `p,y')dnl
See /usr/share/doc/smm/08.sendmailop/paper.ascii.gz for details
- -- search for the section on AuthOptions..
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG9V5k8Mjk52CukIwRCJzNAJ9t/LFlY9x+NCpBJMoSk2FcDwXgbQCdERcm
SlUoyTu7YKZCn3L8gl/LorI=
=6ZUO
-----END PGP SIGNATURE-----
More information about the freebsd-isp
mailing list