July 20, 2008 01:37am pdt

1. gheist 39,205
2. TeRReF 27,160
3. mr_egyptian 7,100
4. omarfarid 5,500
5. Rance_Hall 4,500
6. danielcc 4,000
7. srgilani 3,650
8. wjester 3,100
9. ozo 2,080
10. MikeOM_DBA 2,000
10. agriesser 2,000
10. sentner 2,000
10. paradoxe... 2,000
10. p1800volvo 2,000
10. Tintin 2,000
10. Cyclops3590 2,000
10. Abs_jaipur 2,000
10. WizRd-Linux 2,000
10. JustUNIX 2,000
10. sda100 2,000

1. gheist 407,857
2. TeRReF 130,586
3. dpiniella 64,733
4. it_alche... 43,280
5. srgilani 32,639
6. jrssyste... 23,964
7. mr_egyptian 23,380
8. Nopius 15,675
9. amit_g 12,600
10. Nellios 10,380
11. beefdart 9,268
12. jdw_2004 9,100
13. omarfarid 8,650
14. ozo 7,880
15. sunnycoder 7,432

05.14.2008 at 12:24PM PDT, ID: 23402817

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.2

SMTP AUTH and IMAP with sendmail on FreeBSD 7

Zones: SendMail Email Server, FreeBSD

Tags: FreeBSD, sendmail, 8.14.2, SASL2

I'm trying to setup a FreeBSD 7 box to replace a FreeBSD 4 box. We're migrating web hosting and e-mail hosting from the old server to the new one.

Goal: use sendmail to allow users to point their email clients at mail.domain.com for in & out, with SMTP Authentication so they can use these accounts from anywhere.
Additional goal: Allow secure or insecure connections for POP3, IMAP, and SMTP (TLS over port 25)

Currently working: SMTP from localhost (telnet localhost 25), IMAPS (but not plain IMAP), POP3, POP3S.
Currently NOT working: SMTP AUTH from external hosts (no encryption or TLS, although it does attempt the communication), IMAP without SSL

Errors recieved by client (Outlook 2007):
IMAP test: "General authentication failed. none of the authentication methods supported by your IMAP server (if any) are supported on this computer"
SMTP AUTH test: "The server responded 550 5.1.1 <myemail@mydomain... (rest of message cut off by Outlook)

maillog when I start the IMAP & SMTP test in Outlook:
May 14 15:14:54 BSDPROD imapd[9065]: Unexpected client disconnect, while reading line user=??? host=MY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: NOQUEUE: connect from MY.PUBLIC.NAME [1.2.3.4]
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (clamav): init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter (spamassassin): init success to negotiate
May 14 15:14:54 BSDPROD sm-mta[9066]: m4EJEs8k009066: Milter: connect to filters
May 14 15:15:00 BSDPROD sm-mta[9066]: STARTTLS=server, relay=MY.PUBLIC.NAME [1.2.3.4], version=TLSv1/SSLv3, verify=NO, cipher=AES128-SHA, bits=128/128
May 14 15:15:00 BSDPROD sm-mta[9066]: m4EJEs8l009066: AUTH failure (DIGEST-MD5): authentication failure (-13) SASL(-13): authentication failure: realm changed: authentication aborted
May 14 15:15:00 BSDPROD sm-mta[9066]: AUTH=server, relay=MY.PUBLIC.NAME [1.2.3.4], authid=MYUSERNAME, mech=LOGIN, bits=0

Test: testsaslauthd -u MYUSER -p MYPASS
0: OK "Success."

root@BSDPROD /> telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS STARTTLS LOGINDISABLED] localhost IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:17:41 -0400 (EDT)

Output from openssl s_client localhost:993 (after all the certificate stuff):
* OK [CAPABILITY IMAP4REV1 LITERAL+ SASL-IR LOGIN-REFERRALS AUTH=PLAIN AUTH=LOGIN] MY.SERVER.FQDN.COM IMAP4rev1 2006j.389 at Wed, 14 May 2008 15:18:45 -0400 (EDT)

mc file attached.

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:

           
           
             ### freebsd.mc ###
VERSIONID(`@(#)freebsd.mc       2.3 (IXN.com) 3/21/2008') 
OSTYPE(freebsd4)dnl 
DOMAIN(generic)dnl 
 
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/central.ixn.com.crt')dnl
define(`confSERVER_KEY',`CERT_DIR/CAkey.key')dnl
 
TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl 
define(`confAUTH_MECHANISMS',`GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN')dnl 
define(`confAUTH_OPTIONS',`p,y')dnl 
define(`confMAX_RCPTS_PER_MESSAGE', 500)dnl
define(`confSMTP_LOGIN_MSG', `foobar.com - By establishing a TCP connection to this host on port 25 you authorize possible relay testing of the connecting host.  If you do not wish to be tested do not establish connections with this host; $b')dnl
 
define(`confPRIVACY_FLAGS',`needmailhelo,noexpn,noetrn,novrfy')dnl
define(`confBAD_RCPT_THROTTLE', `1')dnl
define(`confCONNECTION_RATE_THROTTLE', `50')dnl
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confLOG_LEVEL', `10')dnl
define(`confMAX_MESSAGE_SIZE', `50485760')dnl
 
define(`confTO_IDENT',`0')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_HELO', `20s')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `5m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
 
define(`MILTER', 1)dnl
FEATURE(`access_db')dnl
FEATURE(`greet_pause',6000)
FEATURE(`use_cw_file')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl 
FEATURE(`delay_checks',`friend')dnl
FEATURE(`nouucp',`nospecial')dnl
 
FEATURE(dnsbl,`psbl.surriel.com', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by psbl.surriel.com DNSBL see: http://psbl.surriel.com/listing?ip=" $&{client_addr} ""', `')dnl
FEATURE(dnsbl,`sbl-xbl.spamhaus.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by sbl-xbl.spamhaus.org DNSBL (http://www.spamhaus.org/xbl)"', `')dnl
FEATURE(dnsbl,`dnsbl.njabl.org', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server " $&{client_addr} " by njabl.org DNSBL (http://njabl.org)"', `')dnl
FEATURE(dnsbl,`list.dsbl.org',`"550 5.7.1 ACCESS DENIED to <"$&f"> from server: " $&{client_addr} " see: http://www.dsbl.org with this reference: http://www.dsbl.org/listing?" $&{client_addr} ""')dnl
FEATURE(dnsbl,`bl.spamcop.net', `"550 5.7.1 ACCESS DENIED to <"$&f"> from server: " $&{client_addr} " see: http://spamcop.net/fom-serve/cache/297.html with this reference: http://www.spamcop.net/w3m?action=blcheck&ip=" $&{client_addr} ""')dnl
 
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
 
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m')
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
 
MAILER(local)dnl 
MAILER(smtp)dnl 
 
LOCAL_CONFIG
# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd
 
 
LOCAL_RULESETS
SLocal_check_rcpt
# allow recent POP/IMAP mail clients to relay
R$*				$: $&{client_addr}
R$+				$: $(drac $1 $: ? $)
R?				$@ ?
R$+				$@ $#OK

           
         

Start your free trial to view this solution

Question Stats

Zone: OS

Question Asked By: SimplyGeeky

Solution Provided By: gheist

Participating Experts: 1

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
Automotive
New Net Users
New Users

Software
Digital Music
Gaming World
Home Security

Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Displays / Monitors
Handhelds / PDAs
Components
Peripherals
Laptops/Notebooks

Servers
Misc
Apple
Embedded Hardware
Networking Hardware

Storage
Desktops
New Users

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMware
Misc
Web Development

OS
CYGWIN
Voice Recognition
Virtualization
Message Queue
Quality Assurance
Security
Firewalls

MultiMedia Applications
Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals
Devices

Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
Web Computing
WebApplications
IDS
Vulnerabilities
Email Clients
File Sharing

Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Consulting
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMware

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel
Automation

Algorithms
Game
Signal Processing
Project Management
Open Source
Database

Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Web Services

Images
Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration

WebApplications
Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Web Computing

Broadband
Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Lounge
Business Travel
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles
Automotive

Community Support

Suggestions
New to EE
New Topics
CleanUp

Announcements
General
Feedback

Input
EE Bugs

05.16.2008 at 07:55AM PDT, ID: 21583264

Rank: Wizard

gheist:

There is some confusion in what you are telling.
1) Sendmail is not pop3 and imap server, you need extra package
2) TLS is not recommended for port 25, port 25 is SMTP port.
3) What is your IMAP server? I am absolutely sure reconfiguring sendmail will not change its workings.

Accepted Solution

05.16.2008 at 08:02AM PDT, ID: 21583340

SimplyGeeky:

1/3) uw-imap and qpopper are being used. When uw-IMAP was recompiled WITH_SSL_AND_PLAINTEXT (and cclient as well), IMAP without S worked.
2) TLS may not be recommended for port 25 (I would seriously challenge the validity of that claim) but it works and everyone does it. Outlook 2003 and 2007 assume that you want to run TLS on port 25 if you enable it for your outgoing connection.

A friend came in and looked at the sendmail config, allthough I'm not sure if he actually had to change anything or not, he was at least able to get SMTP AUTH working over TLS. SMTP is open on 25 without auth, but only for localhost, local delivery, or allowed relay addresses. While this was not the originally stated goal, we believe that we can persuade our clients to enable TLS for their outgoing email (gives them an excuse to enable it for their incoming connection as well).

05.17.2008 at 12:36AM PDT, ID: 21588293

Rank: Wizard

gheist:

2) STARTTLS is way to go. Starting SSL on connect is incompatible with anyone on internet.

Assisted Solution

05.17.2008 at 12:45AM PDT, ID: 21588313

Rank: Wizard

gheist:

Sendmail has nothing at all to do with UW-imap and qpopper.
Why not courier-imap or dovecot? They are lightweight and use Apache-compatible kaychains.

Assisted Solution

05.18.2008 at 05:28AM PDT, ID: 21592463

Vee_Mod:

SimplyGeeky,
Please respond to the comments from gheist - you are getting some great advice here.
We have no way of knowing the qualifications of the friend who is trying to help you, but gheist is one of the higher ranked Experts on EE.

Vee_Mod
Experts Exchange Moderator

05.22.2008 at 01:28PM PDT, ID: 21627260

Vee_Mod:

A request has been made in Community Support to close this question:
http://www.experts-exchange.com/Q_23410345.html

If there are no objections, a moderator will finalize this question in approximately 4 days as follows:
Split expert comments {http:#a21583264} & {http:#a21588293} & {http:#a21588313}

Please only post in this question again if you have an objection.

Vee_Mod
Experts Exchange Moderator

05.26.2008 at 04:32AM PDT, ID: 21645764

Vee_Mod:

Force accepted.
Vee_Mod
Experts Exchange Moderator

20080236-EE-VQP-29 / EE_QW_2_20070628