Re: question about SMTP-authentication (3rd )

Mon, 12 Mar 2012 08:50:01 -0700 

Dear Matthew,

Ok, I got sendmail complied. Thanks.
But seem like ...
POP3 still working in clear text usr/pwd sending to Server (but it work, I can get mail from server normal). When I chose option in ThunderBird to another mode, it doesn't work (accept "connection security: none", "authentication method: password transmitted insecurity" this is the option that TB dectected during setting mail account) 


SMTP doesn't work it declare
from Thunder Bird:
================
Send Message Error

The Kerberos/GSSAPI ticket was not accepted by the SMTP server 
mail.dmaccess.co.th Please check that you are logged in to the 
Kerberos/GSSAPI realm.
(event I change "authentication method: Kerberos/GSSAPI", it still 
inform this message)


from /var/log/maillog

Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: 
ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MSA



this is my test on server
=====================
ns1:kamolpat:/etc>telnet dmaccess.co.th 25
Trying 202.170.122.33...
Connected to dmaccess.co.th.
Escape character is '^]'.

220 ns1.dmaccess.co.th ESMTP Sendmail 8.14.4/8.14.4; Mon, 12 Mar 2012 
22:23:14 GMT

ehlo dmaccess.co.th

250-ns1.dmaccess.co.th Hello ns1.dmaccess.co.th [202.170.122.33], 
pleased to meet you

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 ns1.dmaccess.co.th closing connection
Connection closed by foreign host.


this is my /etc/mail/freebsd.mc
=============================

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=78> 
dnl Uncomment the first line to change the location of the default 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=78&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=78&up=1> 

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=79> 
dnl /etc/mail/local-host-names and comment out the second line. 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=79&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=79&up=1> 

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=80> 
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=80&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=80&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=81> 
define(`confCW_FILE', `-o /etc/mail/local-host-names') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=81&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=81&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=82>      
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=82&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=82&up=1>

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=83> 
dnl Enable for both IPv4 and IPv6 (optional) 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=83&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=83&up=1> 

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=84> 
DAEMON_OPTIONS(`Name=IPv4, Family=inet') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=84&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=84&up=1> 

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=85> 
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=85&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=85&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=86>      
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=86&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=86&up=1>

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=87> 
define(`confBIND_OPTS', `WorkAroundBrokenAAAA') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=87&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=87&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=88> 
define(`confNO_RCPT_ACTION', `add-to-undisclosed') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=88&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=88&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=89> 
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=89&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=89&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=90>      
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=90&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=90&up=1>

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=91> 
GENERICS_DOMAIN_FILE(`/etc/mail/genericdomains'); 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=91&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=91&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=92>      
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=92&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=92&up=1>

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=93> 
dnl set SASL options 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=93&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=93&up=1> 

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=94> 
TRUST_AUTH_MECH (`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=94&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=94&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=95> 
define(`confAUTH_MECHANISMS',`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=95&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=95&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=96>      
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=96&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=96&up=1>

Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=97> 
dnl SSL Options 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=97&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=97&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=98> 
define(`confCACERT_PATH',`/etc/ssl')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=98&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=98&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=99> 
define(`confCACERT',`/etc/ssl/dm_new.crt')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=99&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=99&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=100> 
define(`confSERVER_CERT',`/etc/ssl/dm_new.crt')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=100&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=100&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=101> 
define(`confSERVER_KEY',`/etc/ssl/dm_ca.key')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=101&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=101&up=1> 

*Define* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=102> 
define(`confTLS_SRV_OPTIONS',`V')dnl 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=102&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=102&up=1> 


Other <http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=103>     
        
<http://202.170.122.33:10099/sendmail/move.cgi?idx=103&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=103&up=1>

*Mailer* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=104> 
MAILER(local) 
<http://202.170.122.33:10099/sendmail/move.cgi?idx=104&down=1><http://202.170.122.33:10099/sendmail/move.cgi?idx=104&up=1> 

*Mailer* 
<http://202.170.122.33:10099/sendmail/edit_feature.cgi?idx=105> 
MAILER(smtp)



pkg_info
=========
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.25 SASL authentication server for cyrus-sasl2
.....
openssl-1.0.0_9     SSL and crypto library
qpopper-4.0.9_3     Berkeley POP 3 server (now maintained by Qualcomm)

sendmail-8.14.4_2   Reliable, highly configurable mail transfer agent 
with util


==================================
ns1:kamolpat:/etc/ssl>ll
total 32
-rw-------  1 root  wheel    455 Mar  8 22:10 dm_RSA.key
-rw-------  1 root  wheel    736 Mar  8 22:12 dm_ca.key
-rw-------  1 root  wheel   1415 Mar  8 22:13 dm_new.crt
-rw-------  1 root  wheel    887 Mar  8 22:08 dmcert.pem
-rw-------  1 root  wheel    745 Mar  8 22:08 dmreq.pem
-rw-rw----  1 root  wheel  11120 Mar  8 22:05 openssl.cnf
-rw-rw----  1 root  wheel   9472 Mar  8 21:55 openssl.cnf.original
=======================================


Installation of Open SSL according to FreeBSD Handbook->Chapter 15 
Security -> 15.8 OpenSSL on freebsd.org


What I do something wrong?

Thanks
Kamolpat

On 3/12/2012 8:57 PM, Matthew Seaman wrote:

On 12/03/2012 13:26, kamolpat wrote:

According to your recommendation ....  (as following). When I do make at
/usr/src/sur.sbin/sendmail it show as following.
ns1:kamolpat:/usr/src/usr.sbin/sendmail>make clean
rm -f sm_os.h sendmail alias.o arpadate.o bf.o collect.o conf.o
control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o
headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o
ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o
sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o
udb.o usersmtp.o util.o version.o mailq.1.gz newaliases.1.gz
aliases.5.gz sendmail.8.gz mailq.1.cat.gz newaliases.1.cat.gz
aliases.5.cat.gz sendmail.8.cat.gz
ns1:kamolpat:/usr/src/usr.sbin/sendmail>make
ln -sf
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include/sm/os/sm_os_freebsd.h
sm_os.h
cc -O2 -pipe  -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src
-I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB
-DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS
-D_FFR_TLS_1 -I/usr/local/include/sasl -DSASL=2 -std=gnu99
-fstack-protector  -c
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c
In file included from
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14:
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:135:25:
error: sasl/sasl.h: No such file or directory
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:136:29:
error: sasl/saslutil.h: No such file or directory
In file included from
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/alias.c:14:
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:607:
error: expected '=', ',', ';', 'asm' or '__attribute__' before ':' token
/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:691:
error: expected specifier-qualifier-list before 'sasl_conn_t'
*** Error code 1

Stop in /usr/src/usr.sbin/sendmail.

========================================
then I try to find where is sasl.h

ns1:kamolpat:/usr>find . -name "sasl.h"
./local/include/sasl/sasl.h
./ports/security/cyrus-sasl2/work/cyrus-sasl-2.1.25/include/sasl.h
./ports/security/cyrus-sasl2-saslauthd/work/cyrus-sasl-2.1.25/include/sasl.h


What should I do next? Shold I just copy the sasl.h to
/usr/src/contrib/sendmail/src/sendmail   ?

No.  Don't do that.  It won't help anything.

You need to follow my instructions correctly.  Specifically this line
needs to be in /etc/make.conf in order to pick up the SASL header files:

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2

Where, you will note, this does *not* say /usr/local/include/sasl, which
is what appears in your compiler output.

        Cheers,

        Matthew







E-mail message checked by Internet Security (7.0.0.508)
Database version: 6.19440
http://www.pctools.com/en/internet-security/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"






















					Reply via email to