Having problems with SMTP authentication

[Andrew Falanga]

On Saturday 29 December 2007 13:51:06 Matthew Seaman wrote:
> Andrew Falanga wrote:
> > dnl set SASL options
> > TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> >
> > But when I ask my e-mail client to "check what the server supports", the
> > returned list is only, GSSAPI, DIGEST-MD5 and CRAM-MD5.  Why is LOGIN not
> > listed when it's included in this macro file?  Is there anything missing
> > from this section of the handbook that I've missed?
>
> LOGIN will only be enabled over an encrypted connection.  All you need
> to do to enable the stock sendmail to support STARTTLS is tell it to
> use one or more SSL certs.  Adding something like this to
> /etc/mail/`hostname`.mc is how to do that:

this seems to imply you want me to create a file named <hostname>.mc.  The 
instructions I followed in the handbook also mentioned that, "Many 
administrators choose to use the output from hostname(1) as the .mc file for 
uniqueness."  Do I have to make this new file, paste into it all the stuff 
in "freebsd.mc" and then add these lines too?

>
> dnl
> dnl TLS stuff
> dnl
> define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
>
> Which means you'ld put the PEM encoded cacert, key and cert into
> /etc/mail/cacert.pem, /etc/mail/key.pem and /etc/mail/key.cert
> respectively.  To generate all of those, there are some pithy
> instructions here:
>
> http://www.sendmail.org/~ca/email/other/cagreg.html

Thanks for all this.

Andy

>
> When submitting a new message, most mail clients will automatically
> do STARTTLS if it's available.
>
> 	Cheers,
>
> 	Matthew