SMTP AUTH & TLS

Georgios Kossionis kossionis at yahoo.com
Sun Sep 10 16:02:29 EEST 2000


Kalispera linux-greek-users,

Kata ta tin prospatheia na stiso to sendmail-8.11 me
SMTP
Authentication kai STARTTLS support xreisimopoihsa to
parakato
configuration gia to SENDMAIL-8.11/devtools/OS/Linux:

define(`confCC', `egcs')
define(`confDEPEND_TYPE', `CC-M')
define(`confEBINDIR', `/usr/sbin')

define(`confENVDEF', `-DTLS -DSASL
-DPICKY_QF_NAME_CHECK -DXDEBUG=0')

define(`confHFDIR', `/etc/mail/help')
define(`confHFFILE', `smtp-cmds')
define(`confLD', `ld')
define(`confLDOPTS', `-s')
define(`confLDOPTS_SO', `-shared') 
define(`confLN', `ln')
define(`confLIBS', `-lnsl')
define(`confMANROOT', `/usr/man/man')
define(`confMANOWN', `root')
define(`confMANGRP', `root')
define(`confMANMODE', `444')
define(`confMAN1SRC', `1')
define(`confMAN5SRC', `5')
define(`confMAN8SRC', `8')
define(`confMAPDEF', `-DNEWDB')    
define(`confMBINDIR', `/usr/sbin')
define(`confRANLIB', `echo')
define(`confSBINDIR', `/usr/sbin')   
define(`confSBINGRP', `root')
define(`confSBINMODE', `6755')
define(`confUBINOWN', `root')
define(`confSHELL', `/bin/sh')
define(`confSTDIR', `/etc/mail')
define(`confSTFILE', `mail-stats')
define(`confSTRIP', `/usr/bin/strip')
define(`confSTRIPOPTS', `--strip-all')
define(`confUBINDIR', `/usr/bin')
define(`confUBINOWN', `root')
define(`confUBINGRP', `root')
define(`confUBINMODE', `555') 
define(`confOPTIMIZE', `-O9 -funroll-loops
-mcpu=pentiumpro -march=pentiumpro
-fomit-frame-pointer -fno-exceptions')

define(`conf_sendmail_LIBS', `-lsasl')
define(`confLIBDIRS', `-L/usr/lib/sasl')
define(`confINCDIRS', `-I/usr/include')

Opos kai to parakato MC configuration gia na ftiaxo to
/etc/mail/sendmail.cf:

define(`confDEF_USER_ID',``8:12'')dnl
OSTYPE(`linux')dnl
DOMAIN(`generic')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`LOCAL_MAILER_FLAGS',`ShPfn')dnl
define(`LOCAL_MAILER_ARGS',`procmail -a $h -d $u')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
define(`HELP_FILE',`/etc/mail/help/smtp-cmds')dnl
define(`QUEUE_DIR',`/var/spool/mqueue')dnl
define(`STATUS_FILE',`/etc/mail/mailstats')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5
CRAM-MD5')dnl
define(`confDEF_AUTH_INFO',
`/etc/mail/auth/auth-info')dnl
define(`confCACERT_PATH', `/etc/CA')dnl
define(`confCACERT', `/etc/CA/cacert.pem')dnl
define(`confSERVER_CERT',
`/etc/CA/signed-server-certi.pem')dnl
define(`confSERVER_KEY',
`/etc/CA/server-certi.pem')dnl
define(`confCLIENT_CERT',
`/etc/CA/signed-client-certi.pem')dnl
define(`confCLIENT_KEY',
`/etc/CA/client-certi.pem')dnl
FEATURE(`no_default_msa')dnl 
FEATURE(`genericstable')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable')dnl
FEATURE(`domaintable')dnl
FEATURE(`virtusertable',`hash -o
/etc/mail/virtusertable')dnl
FEATURE(`redirect')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`local_procmail')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl   
FEATURE(`dnsbl')dnl
FEATURE(`accept_unresolvable_domains')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl
MAILER(`procmail')dnl

Episis eftiaksa kai ta katalila aliases,
local-host-names kai access,
virtualtables, mailertables, domaintables mazi me ta
maps tous. Akoma opos
kai to  define(`confDEF_AUTH_INFO',
`/etc/mail/auth/auth-info')dnl tou MC
configuration orizei to ekana populate me ta ekseis
oste na kanei
authenticate o server ston eauto tou:

root
root
PASSWORD-PHRASE
domain.sec.net

Episis katebasa ta SASL libraries opou ekanan install
me epitixia gia
support oso anafora to SMTP AUTH. (PAM, rc4, CRAM-MD5,
DIGEST-MD5 are
enabled)

To problima exei os ekseis:

Me to na balo sto:

define(`confENVDEF', `-DTLS -DSASL
-DPICKY_QF_NAME_CHECK -DXDEBUG=0') 

to -DTLS den mou kanei compile to sendmail me TLS
support kai etsi perno
to parakato output kanontas ta ekseis:

[root at gate cf]# sendmail -O LogLevel=14 -bs
Warning: Option: CACERTPath requires TLS support
Warning: Option: CACERTFile requires TLS support
Warning: Option: ServerCertFile requires TLS support
Warning: Option: Serverkeyfile requires TLS support
Warning: Option: ClientCertFile requires TLS support
Warning: Option: Clientkeyfile requires TLS support
220 gate.sec.net ESMTP Sendmail 8.11.0/8.11.0; Sat, 9
Sep 2000 11:00:28
-0400
ehlo sec.net250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN

Meta apo auta to syslog edikse ta parakato:

Sep  9 11:04:56 gate sendmail[26643]: NOQUEUE: connect
from root at localhost
Sep  9 11:04:56 gate sendmail[26643]: SASL: available
mech=PLAIN
ANONYMOUS, allowed mech=DIGEST-MD5 CRAM-MD5

Opos blepete tp 250 AUTH h 250 STARTTLS den
emfanizontai kai ta warnings
ipodilonoun oti to TLS den einai built in yet.

Oso anafora to TLS ola ta certificates gia to server
einai ready opos kai
exoun ginei signed me mia internal CA xreisimopoiontas
to OPENSSL. 

H parametros -DSALS sto parapano confENVDEF definition
kanei support gia
SMTP AUTH alla opos blepoume to 250 AUTH den
emfanizetai otan sindeomai
sto 25. Kamoia idea gia auto?

Kamoia idea gia na kano enable to TLS efoson to -DTLS
den paizei?


Sas euxaristo kai elpizo na min kourasa poli!

Georgios C. Kossionis
250-gate.sec.net Hello root at localhost, pleased to meet
you
250-ENHANCEDSTATUSCODES


__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

--
linux-greek-users mailing list -- http://lists.hellug.gr




More information about the Linux-greek-users mailing list