Sendmail on FBSD server wont connect to remote user.

admin at hdk5.com admin at hdk5.com
Mon Sep 18 12:22:04 PDT 2006 

Matthew Seaman wrote:

>Ahmad Arafat Abdullah wrote:
>  
>
>>>----- Original Message -----
>>>From: "admin at hdk5.com" <admin at hdk5.com>
>>>To: "FreeBSD Users Questions" <freebsd-questions at freebsd.org>
>>>Subject: Sendmail on FBSD server wont connect to remote user.
>>>Date: Sun, 17 Sep 2006 10:57:27 -1000
>>>
>>>
>>>Aloha Questions list,
>>>
>>>I have been trying to setup Sendmail on a server box.
>>>FreeBSD 6.1 HP Pentium II 300 CPU 686
>>>
>>>After many attempts I am down to this one error.
>>>
>>>Error:
>>>Sending of password did not succeed. Mail server 
>>>mahalo.internetohana.org responded:
>>>Password supplied for admin at internetohana.org is incorrect.
>>>
>>>
>>>I have 2 user accounts for test on this swever. I can ping and 
>>>telnet into ports 25 and 110 and I get the proper responses from 
>>>these users.
>>>
>>>The 2 user accounts are rejected as per the error when I try to 
>>>connect from a mail agent (Mozilla or Thunderbird) from another box 
>>>on a different inet. (Also FreeBSD 4.11 running for several years.)
>>>
>>>
>>>The server is setup with send mail SMTP and qpopper for Pop3. There 
>>>is nothing else on this box.
>>>
>>>Do I have to create a password file other than the FreeBSD  
>>>/etc/passwd and /etc/master.passwd
>>>to get this to work.
>>>
>>>My previous attempts with Postfix and Dovecot did not get this far.
>>>
>>>Thanks for any help.
>>>
>>>Al Plant - Honolulu, Hawaii
>>>
>>>- Admin -- http://hawaiidakine.com -- http://hdk5.com -- -- 
>>>http://internetohana.org -- http://freeBSDinfo.org --
>>>+ Supporting open source computing - FreeBSD 6.* +
>>>      
>>>
>>I'm leaving sendmail long ago since I'm migrated to Postfix..
>>but however as i still remember, default sendmail installation
>>is just listening to localhost.
>>
>>so u need to alter the *.cf file ( in /etc/mail/ )..
>>
>># SMTP client options
>>O ClientPortOptions=Family=inet, Address=0.0.0.0
>>
>>by default this line will be commented out ( with # or dnl ) or just listen to localhost
>>
>>previously I faced this prob with old RedHat 7.x..
>>
>>anyone who know this, maybe can correct me if I'm wrong
>>    
>>
>
>Yep.  You are completely in the wrong ballpark there.  You are
>talking about configuring where sendmail listens for *incoming*
>connections, although the mists of time seem to have clouded your
>memory of exactly what it is you do...  (Hint: look for DAEMON_PORT_OPTIONS
>and maybe add FEATURE(no_default_msa) in the /etc/mail/$(hostname).mc
>file)
>
>What the original poster is suffering from is not lack of ability to
>connect at the TCP level.  He's needing to configure authentication so
>that his mail clients can relay through the server.
>
>Unfortunately it appears he is using the stock sendmail supplied with FreeBSD
>which does not have authentication support compiled into it:
>
>250-mahalo.internetohana.org Hello happy-idiot-talk.infracaninophile.co.uk [81.187.76.162], pleased to meet you
>250-ENHANCEDSTATUSCODES
>250-PIPELINING
>250-8BITMIME
>250-SIZE
>250-DSN
>250-ETRN
>250-DELIVERBY
>250 HELP
>
>You should see: 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN or similar if
>the authentication capabilities are enabled.
>
>To make sendmail do authentication, do the following.
>
>   i) Install the security/cyrus-sasl2 port.  Review the configuration file
>      /usr/local/lib/sasl2/Sendmail.conf to make sure it does what you want --
>      at a minimum it should contain
>
>          pwcheck_method: auxprop
>
>       which should let sendmail auth against the sasldb without needing the
>       intercession of saslauthd.  However there are far too many possibilities
>       to go into any great depth here -- Google is your friend.
>
>  ii) Add the following to /etc/make.conf and then do a standard buildworld cycle
>      to enable the authentication capabilities in the base system sendmail:
>
>       SENDMAIL_CFLAGS+=       -I/usr/local/include -DSASL=2
>       SENDMAIL_LDFLAGS+=      -L/usr/local/lib
>       SENDMAIL_LDADD+=        -lsasl2
>
>  iii) Add to /etc/mail/$(hostname).mc --
>
>       dnl ## Set SASL options
>       TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
>       define(`confAUTH_REALM', `infracaninophile.co.uk')dnl
>       define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
>       define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
>       define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
>
>      and rebuild the sendmail configuration, restart sendmail, etc:
>
>       # cd /etc/mail
>       # make all install restart
>
>  iv) Use the saslpasswd2 program to set up login names and passwords for all
>      of the e-mail users permitted to send mail via the system.
>
>Et voilà.  Well, actually there's another step the OP would be well advised to
>take.  In order to secure 'LOGIN' against password snooping you should turn on
>sendmail's TLS capabilities, so it has the capability to switch to using an
>encrypted SMTP session.  That (in the best didactic tradition) is left as an
>exercise for the student.
>
>	Cheers,
>
>	Matthew
>
>  
>
Matthew, et all.....


Thanks for the info,

Mathew seems to be on target for  the problem with my attempted installs 
alright.
Did I miss something in the FreeBSD How to in the hand book?  It  seems 
to me authentication  wasn't mentioned as not in the  stock Sendmail. 
I think I see now why the telnet worked to see the install, but the 
clients needed authentication mechanism  which wasnt there.

When I get back from town today  I will try your HowTo.

Your help is very much appreciated.. I've been using Free BSD since 2. 
(something) but this is the first time I have had to build a mail server.

 
Al Plant - Honolulu, Hawaii

- Admin -- http://hawaiidakine.com -- http://hdk5.com -- 
-- http://internetohana.org -- http://freeBSDinfo.org --
 + Supporting open source computing - FreeBSD 6.* +

More information about the freebsd-questions mailing list