Re: question about SMTP-authentication (3rd )

[Paul Macdonald]

On 12/03/2012 15:47, kamolpat wrote:

Dear Matthew,

Ok, I got sendmail complied. Thanks.
But seem like ...
POP3 still working in clear text usr/pwd sending to Server (but it 
work, I can get mail from server normal). When I chose option in 
ThunderBird to another mode, it doesn't work (accept "connection 
security: none", "authentication method: password transmitted 
insecurity" this is the option that TB dectected during setting mail 
account)



SMTP doesn't work it declare
from Thunder Bird:

Send Message Error
The Kerberos/GSSAPI ticket was not accepted by the SMTP server 
mail.dmaccess.co.th Please check that you are logged in to the 
Kerberos/GSSAPI realm.
(event I change "authentication method: Kerberos/GSSAPI", it still 
inform this message)


from /var/log/maillog
Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: 
ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MSA




what are you using as the authentication method for sasl?

there are multiple authentication mechansims available for sasl(2), 
simplest is probably saslauthd


*In /etc/rc.conf
*saslauthd_enable=yes

In /usr/local/lib/sasl2/Sendmail.conf have:

pwcheck_method: saslauthd

make sure its running
/usr/local/etc/rc.d/saslauthd start

add a user with saslpasswd2

Test your u/p locally with testsaslauthd
testsaslauthd -u  -p 

(if thats not working it won't work over the network either)

have TB set to conn security to STARTTLS and password security set to 
"normal password", (for non encrypted password obv)


Paul.



--
-
Paul Macdonald
IFDNRG Ltd
Web and video hosting
-
t: 0131 5548070
m: 07970339546

Re: question about SMTP-authentication (3rd )

[kamolpat]

Dear Matthew,

Ok, I got sendmail complied. Thanks.
But seem like ...
POP3 still working in clear text usr/pwd sending to Server (but it work, 
I can get mail from server normal). When I chose option in ThunderBird 
to another mode, it doesn't work (accept "connection security: none", 
"authentication method: password transmitted insecurity" this is the 
option that TB dectected during setting mail account)



SMTP doesn't work it declare
from Thunder Bird:

Send Message Error
The Kerberos/GSSAPI ticket was not accepted by the SMTP server 
mail.dmaccess.co.th Please check that you are logged in to the 
Kerberos/GSSAPI realm.
(event I change "authentication method: Kerberos/GSSAPI", it still 
inform this message)


from /var/log/maillog
Mar 12 22:38:04 ns1 sendmail[93331]: q2CMc4jF093331: 
ppp-58-8-130-33.revip2.asianet.co.th [58.8.130.33] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to MSA



this is my test on server
=
ns1:kamolpat:/etc>telnet dmaccess.co.th 25
Trying 202.170.122.33...
Connected to dmaccess.co.th.
Escape character is '^]'.
220 ns1.dmaccess.co.th ESMTP Sendmail 8.14.4/8.14.4; Mon, 12 Mar 2012 
22:23:14 GMT

ehlo dmaccess.co.th
250-ns1.dmaccess.co.th Hello ns1.dmaccess.co.th [202.170.122.33], 
pleased to meet you

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 ns1.dmaccess.co.th closing connection
Connection closed by foreign host.


this is my /etc/mail/freebsd.mc
=
Other  
dnl Uncomment the first line to change the location of the default 
 

Other  
dnl /etc/mail/local-host-names and comment out the second line. 
 

Other  
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') 
 

*Define* 
 
define(`confCW_FILE', `-o /etc/mail/local-host-names') 
 


Other   


Other  
dnl Enable for both IPv4 and IPv6 (optional) 
 

Other  
DAEMON_OPTIONS(`Name=IPv4, Family=inet') 
 

Other  
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') 
 


Other   


*Define* 
 
define(`confBIND_OPTS', `WorkAroundBroken') 
 

*Define* 
 
define(`confNO_RCPT_ACTION', `add-to-undisclosed') 
 

*Define* 
 
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') 
 


Other   


Other  
GENERICS_DOMAIN_FILE(`/etc/mail/genericdomains'); 
 


Other