[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sendmail POP ssl sasl
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: sendmail POP ssl sasl
- From: Erik <ethorsson_(_at_)_neoprimitive_(_dot_)_net>
- Date: Fri, 15 Apr 2005 20:01:27 -0500
OK. Thanks to all who wrote me offlist to offer assistance.
To begin (again), I'm trying to make this work with the stock OpenBSD sendmail and popa3d. Is it even possible with popa3d? Everyone seems to recommend installing dovecot or cyrus-imapd.
So, based on all the helpful suggestions from fellow listmembers, and these docs...
...I've generated certificates, recompiled sendmail with SASL support, copied the config file(s) to /etc/mail/, restarted sendmail, set up users with saslpasswd2, and started saslauthd (# /usr/local/sbin/saslauthd -a getpwent).
Something (looks like TLS) is working now as evidenced by /var/log/maillog...
Apr 15 17:35:27 mailserver sm-mta: STARTTLS=server, relay=something.cable.mindspring.com [x.x.x.x], version=TLSv1/SSLv3, verify=NO, cipher=DHE-DSS-AES256-SHA, bits=256/256
Apr 15 17:35:28 mailserver sm-mta: AUTH=server, relay=user-0cceg0m.cable.mindspring.com [x.x.x.x], authid=ethorsson, mech=CRAM-MD5, bits=0
Apr 15 17:35:28 mailserver sm-mta: j3FMZROg027976: from=<ethorsson_(_at_)_neoprimitive_(_dot_)_net>, size=1979, class=0, nrcpts=1, msgid=<42603388_(_dot_)_5010606_(_at_)_neoprimitive_(_dot_)_net>, proto=ESMTP, daemon=MTA, relay=something.cable.mindspring.com [x.x.x.x]
Apr 15 17:35:36 mailserver sm-mta: j3FMZROg027976: to=<myfriend_(_at_)_gmail_(_dot_)_com>, ctladdr=<ethorsson_(_at_)_neoprimitive_(_dot_)_net> (1000/10), delay=00:00:08, xdelay=00:00:08, mailer=esmtp, pri=31979, relay=gsmtp171.google.com. [22.214.171.124], dsn=2.0.0, stat=Sent (OK 1113600897)
I'm using Mozilla Thunderbird as a mail client. In Tools | Accounts | Outgoing Server (SMTP), I now have "TLS" selected. And am able to relay (send mail) from my remote client. The first time I connected this way, I was prompted to accept the certificate from the server. I see "mech=CRAM-MD5" in the above. Does this mean the password/mail transaction is being encrypted?
But when I set my Tools | Accounts | Server Settings to "Use secure authentication" and I try to retrieve my mail, I get "Mail server does not support secure authentication."
Additionally, here's this...
# telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 something.something.net ESMTP Sendmail 8.13.0/8.13.0; Fri, 15 Apr 2005 17:52:33 -0500 (EST)
250-something.something.net Hello root_(_at_)_localhost_(_dot_)_something_(_dot_)_net [IPv6:::1], pleased to meet you
250-AUTH CRAM-MD5 DIGEST-MD5
Any additional advice or comments would be greatly appreciated!
If anyone would like, I can forward my step-by-step notes of what I did.
Thanks, all. Sorry to cruft up the list with this, but all the how-tos stop after you get to this point, so I don't know exactly how to test my configuration, or set up clients.
Visit your host, monkey.org