IMAP and SMTP-AUTH with sendmail on FreeBSD 7

Carl Bussema bussemac at ajboggs.com
Wed May 14 21:21:47 UTC 2008 

I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migrating web hosting and e-mail hosting from the old server to the new one.

Goal: use sendmail to allow users to point their email clients at mail.domain.com for in & out, with SMTP Authentication so they can use these accounts from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and SMTP (TLS over port 25)

Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but not plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS, although it does attempt the communication), IMAP without SSL

Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication methods supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <myemail at mydomain... (rest of message cut off by Outlook)


maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while reading line user=??? host=MY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin): init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to filters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=server, relay=MY.PUBLIC.NAME [1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=AES128-SHA, bits=128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure (DIGEST-MD5): authentication failure (-13) SASL(-13): authentication failure: realm changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=server, relay=MY.PUBLIC.NAME [1.2.3.4], authid=MYUSERNAME, mech=LOGIN, bits=0

Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."

root at BSDPROD /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGINDISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400 (EDT)


Output from openssl s_client localhost:993 (after all the certificate stuff):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:18:45 -0400 (EDT)

mc file follows:
----------------
### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc       2.3 (IXN.com) 3/21/2008')
OSTYPE(freebsd4)dnl
DOMAIN(generic)dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl

TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl
define(`confAUTH_OPTIONS',`p,y')dnl
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection to this host on port 25 you authorize possible relay testing of the connecting host.  If you do not wish to be tested do not establish connections with this host; $b')dnl

define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl

define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl

define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl

FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by psbl.surriel.com DNSBL see: http://psbl.surriel.com/listing?ip=" $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL (http://www.spamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550 5.7.1 ACCESS DENIED to <"$&f"> from server: " $&{client_addr} " see: http://www.dsbl.org with this reference: http://www.dsbl.org/listing?" $&{client_addr} ""')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server: " $&{client_addr} " see: http://spamcop.net/fom-serve/cache/297.html with this reference: http://www.spamcop.net/w3m?action=blcheck&ip=" $&{client_addr} ""')dnl

GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')

MAILER(local)dnl
MAILER(smtp)dnl

LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd


LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$*                             $: $&{client_addr}
R$+                             $: $(drac $1 $: ? $)
R?                              $@ ?
R$+                             $@ $#OK

----------------
End mc file


Thanks in advance for any help!

Carl

More information about the freebsd-questions mailing list