Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Hello, I'm trying to set-up a node with sendmail(8). In order to not be blocked, eventually, by some firewall rule on port 25, I'm relaying mail to a smart host, listening on port 587 for STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. For relaying, forwarding to port 587 and starting TLS with sendmail, no problem after adding the needed options for the compilation of the package. But whatever I'm trying to do, having added a /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, sendmail, without dialoguing with the server (for this; STARTTLS is OK) always answers: no worthy mechs found So the blocking comes from sendmail. I have verified by telnet, that doing authenfication by hand works. >From a search on the Web, when this kind of message is issued with Postfix, on Linux based distribution, the problem is solved whether by adding sasl modules or by specifying a configuration variable for Postfix allowing plaintext authenfications (that is not allowed by default). But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd are sufficient and there is no such thing as this sasl-security conf variable for sendmail. FWIW, here is the relevant part of my .mc file: define(`SMART_HOST',`mail.example.com')dnl dnl # Do I really need this since I'm not doing local authentification? define(`TRUST_AUTH_MECH', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A p')dnl FEATURE(`authinfo')dnl FEATURE(`no_default_msa')dnl turn off default entry for MSA DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl If someone has any clue, I would be very grateful! TIA, -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ http://www.sbfa.fr/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: GOP and using monitor
Hello Again, I did these changes in the configuration and compiled the kernel, installed it and restarted. Here is the configuration that I changed. # genfb* at pci? dev ? function ? genfb0 at pci1 dev 0 function 0 genfb1 at pci0 dev 1 function 0 It looks like it changed the framebuffer to use the pci1 device, but did not get anything on the monitor. It is still using the laptop monitor. Here is the dmesg output. First I thought that it did not do anything. But it changed the framebuffer to use genfb1. But I am not sure how to reason about this. genfb is now using the framebuffer, and it has the correct resolution. [Tue Oct 5 18:26:58 UTC 2021] genfb0 at pci0 dev 1 function 0: vendor 1002 product 1309 (rev. 0x00) [Tue Oct 5 18:26:58 UTC 2021] genfb0: framebuffer at 0xe000, size 1366x768, depth 32, stride 5632 [Tue Oct 5 18:26:58 UTC 2021] genfb0: shadow framebuffer enabled, size 4224 KB [Tue Oct 5 18:26:58 UTC 2021] wsdisplay0 at genfb0 kbdmux 1: console (default, vt100 emulation), using wskbd0 [Tue Oct 5 18:26:58 UTC 2021] drm at genfb0 not configured [Tue Oct 5 18:26:58 UTC 2021] genfb1 at pci1 dev 0 function 0: vendor 1002 product 6604 (rev. 0x00) [Tue Oct 5 18:26:58 UTC 2021] genfb1 at pci0 dev 1 function 0: vendor 1002 product 1309 (rev. 0x00) [Tue Oct 5 18:26:58 UTC 2021] genfb1: framebuffer at 0xe000, size 1366x768, depth 32, stride 5632 [Tue Oct 5 18:26:58 UTC 2021] genfb1: shadow framebuffer enabled, size 4224 KB [Tue Oct 5 18:26:58 UTC 2021] wsdisplay0 at genfb1 kbdmux 1: console (default, vt100 emulation), using wskbd0 [Tue Oct 5 18:26:58 UTC 2021] drm at genfb1 not configured [Tue Oct 5 18:26:58 UTC 2021] genfb0 at pci1 dev 0 function 0: vendor 1002 product 6604 (rev. 0x00) Regards, Riza On Mon, Oct 4, 2021 at 4:19 AM Riza Dindir wrote: > > Hello RVP, > > On Mon, Oct 4, 2021 at 12:14 AM RVP wrote: > > > > On Sun, 3 Oct 2021, Riza Dindir wrote: > > > > > On Sun, Oct 3, 2021 at 3:46 PM RVP wrote: > > >> > > >> Or, see if this works. In the GENERIC config: > > >> > > >> # genfb* at pci? dev ? function ? > > >> genfb0 at pci1 dev 0 function 0 > > >> genfb1 at pci0 dev 1 function 0 > > > > > > Are you saying that gop will always use genfb0, > > > > > > > On NetBSD, at present, only genfb0 will be used and it will mirror > > output on all displays connected to the underlying graphics card. > > The other framebuffers (genfb1, ...) on any other cards won't be > > active. > > > > GOP is just a command to make the EFI firmware switch resolutions. > > It's needed because genfb doesn't switch resolutions on its own--it > > just uses whatever modes have been setup for it. The DRM framebuffers > > (intelfb*, radeondrmkmsfb*, nouveaufb*, ...) OTOH do pick the highest > > resolution possible on a card. > > > > > and that connecting genfb0, in the kernel, to the other radeon > > > device/output (on pci1, dev 0 fn 0) would make the monitor show > > > all the output, disabling the laptop LCD? > > > > > > > That is what we're trying to achieve, yes. > > Will do that. I will get back on the result. Thank you again. > > > > > -RVP > > Regards, > Riza
Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com wrote: > Hello, > > I'm trying to set-up a node with sendmail(8). > > In order to not be blocked, eventually, by some firewall rule on port > 25, I'm relaying mail to a smart host, listening on port 587 for > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. > > For relaying, forwarding to port 587 and starting TLS with sendmail, no > problem after adding the needed options for the compilation of the > package. > > But whatever I'm trying to do, having added a > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, > sendmail, without dialoguing with the server (for this; STARTTLS > is OK) always answers: > > no worthy mechs found > > So the blocking comes from sendmail. I have verified by telnet, that > doing authenfication by hand works. > > >From a search on the Web, when this kind of message is issued with > Postfix, on Linux based distribution, the problem is solved whether > by adding sasl modules or by specifying a configuration variable > for Postfix allowing plaintext authenfications (that is not allowed > by default). > > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd > are sufficient and there is no such thing as this sasl-security > conf variable for sendmail. For sasl suport (as a server, not as a client though) I have to build sendmail with PKG_OPTIONS.sendmail+=sasl tls -- Manuel Bouyer NetBSD: 26 ans d'experience feront toujours la difference --
Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
On 10/5/21 12:12 PM, Manuel Bouyer wrote: On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com wrote: Hello, I'm trying to set-up a node with sendmail(8). In order to not be blocked, eventually, by some firewall rule on port 25, I'm relaying mail to a smart host, listening on port 587 for STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. For relaying, forwarding to port 587 and starting TLS with sendmail, no problem after adding the needed options for the compilation of the package. But whatever I'm trying to do, having added a /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, sendmail, without dialoguing with the server (for this; STARTTLS is OK) always answers: no worthy mechs found So the blocking comes from sendmail. I have verified by telnet, that doing authenfication by hand works. >From a search on the Web, when this kind of message is issued with Postfix, on Linux based distribution, the problem is solved whether by adding sasl modules or by specifying a configuration variable for Postfix allowing plaintext authenfications (that is not allowed by default). But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd are sufficient and there is no such thing as this sasl-security conf variable for sendmail. For sasl suport (as a server, not as a client though) I have to build sendmail with PKG_OPTIONS.sendmail+=sasl tls It doesn't look like you installed the cy2_login and cy2_plain packages. I don't quite understand how it all fits together, but you need to install the cy2_ package for whatever mech you want to support. I guess these are where the modules live on NetBSD? HTH, Jason M.
Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Le Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com a écrit : > Hello, > > I'm trying to set-up a node with sendmail(8). > > In order to not be blocked, eventually, by some firewall rule on port > 25, I'm relaying mail to a smart host, listening on port 587 for > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. > > For relaying, forwarding to port 587 and starting TLS with sendmail, no > problem after adding the needed options for the compilation of the > package. > > But whatever I'm trying to do, having added a > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, > sendmail, without dialoguing with the server (for this; STARTTLS > is OK) always answers: > > no worthy mechs found > > So the blocking comes from sendmail. I have verified by telnet, that > doing authenfication by hand works. > > >From a search on the Web, when this kind of message is issued with > Postfix, on Linux based distribution, the problem is solved whether > by adding sasl modules or by specifying a configuration variable > for Postfix allowing plaintext authenfications (that is not allowed > by default). > > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd > are sufficient and there is no such thing as this sasl-security > conf variable for sendmail. > > FWIW, here is the relevant part of my .mc file: > > define(`SMART_HOST',`mail.example.com')dnl > dnl # Do I really need this since I'm not doing local authentification? > define(`TRUST_AUTH_MECH', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > define(`confAUTH_OPTIONS', `A p')dnl > FEATURE(`authinfo')dnl > FEATURE(`no_default_msa')dnl turn off default entry for MSA > DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl > > If someone has any clue, I would be very grateful! The solution was given by Jason Mitchell: one needs to add the sasl modules, i.e., for pkgsrc, the security/cy2-* packages corresponding to the mechanisms to use. Once installed, it works. Thank you to Jason for the helpful answer! -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ http://www.sbfa.fr/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Le Tue, Oct 05, 2021 at 06:12:18PM +0200, Manuel Bouyer a écrit : > On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com wrote: > > Hello, > > > > I'm trying to set-up a node with sendmail(8). > > > > In order to not be blocked, eventually, by some firewall rule on port > > 25, I'm relaying mail to a smart host, listening on port 587 for > > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. > > > > For relaying, forwarding to port 587 and starting TLS with sendmail, no > > problem after adding the needed options for the compilation of the > > package. > > > > But whatever I'm trying to do, having added a > > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed > > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, > > sendmail, without dialoguing with the server (for this; STARTTLS > > is OK) always answers: > > > > no worthy mechs found > > > > So the blocking comes from sendmail. I have verified by telnet, that > > doing authenfication by hand works. > > > > >From a search on the Web, when this kind of message is issued with > > Postfix, on Linux based distribution, the problem is solved whether > > by adding sasl modules or by specifying a configuration variable > > for Postfix allowing plaintext authenfications (that is not allowed > > by default). > > > > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd > > are sufficient and there is no such thing as this sasl-security > > conf variable for sendmail. > > For sasl suport (as a server, not as a client though) I have to build sendmail > with > PKG_OPTIONS.sendmail+=sasl tls > This was done and testing sendmail the support is here. But I think that Jason Mitchell has answered: I need to add the support for the mechanisms with cyrus modules but I grep'ed for "cyrus*" and the modules are prefixed "cy2*"... -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ http://www.sbfa.fr/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Hello, Le Tue, Oct 05, 2021 at 12:26:30PM -0400, Jason Mitchell a écrit : > On 10/5/21 12:12 PM, Manuel Bouyer wrote: > > On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaro...@polynum.com wrote: > > > Hello, > > > > > > I'm trying to set-up a node with sendmail(8). > > > > > > In order to not be blocked, eventually, by some firewall rule on port > > > 25, I'm relaying mail to a smart host, listening on port 587 for > > > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme. > > > > > > For relaying, forwarding to port 587 and starting TLS with sendmail, no > > > problem after adding the needed options for the compilation of the > > > package. > > > > > > But whatever I'm trying to do, having added a > > > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed > > > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon, > > > sendmail, without dialoguing with the server (for this; STARTTLS > > > is OK) always answers: > > > > > > no worthy mechs found > > > > > > So the blocking comes from sendmail. I have verified by telnet, that > > > doing authenfication by hand works. > > > > > > >From a search on the Web, when this kind of message is issued with > > > Postfix, on Linux based distribution, the problem is solved whether > > > by adding sasl modules or by specifying a configuration variable > > > for Postfix allowing plaintext authenfications (that is not allowed > > > by default). > > > > > > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd > > > are sufficient and there is no such thing as this sasl-security > > > conf variable for sendmail. > > For sasl suport (as a server, not as a client though) I have to build > > sendmail > > with > > PKG_OPTIONS.sendmail+=sasl tls > > > It doesn't look like you installed the cy2_login and cy2_plain packages. I > don't quite understand how it all fits together, but you need to install the > cy2_ package for whatever mech you want to support. I guess these are where > the modules live on NetBSD? You are very probably right since this matches what other installations (postfix on linuces) require: the modules. It's a bit unfortunate that in pkgsrc the library and the saslauthd are prefixed "cyrus" while the modules are prefixed "cy2". I brutally grep'ed for "cyrus*" and found nothing more. I will send a message for archive for other users if this is indeed the solution, but it seems very likely---I gather that saslauthd is for dialoguing with a user trying to connect to the sendmail server on the node, but that sendmail, as a client, uses with authinfo the library and hence the mechanisms provided and, at the moment, there is indeed none... Thanks a lot! -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ http://www.sbfa.fr/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: Editing PDFs
On 04.10.21 17:11, Todd Gruhn wrote: Is there a nice way to edit a PDF, and delete the blank page(s) at the beginning of the document? Xournal is another great app to edit a PDF. From its description, Xournal can be used to annotate PDF files (highlight, underline etc.), and either save the annotations in a separate file, or export the annotated document as a new PDF file. I use xournal to add signature (transparent png) to a pdf.
wdm rc script
/usr/pkgsrc/x11/wdm/MESSAGE states: --snip-- In case you don't have PKG_RCD_SCRIPTS set in your /etc/mk.conf, copy ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/wdm to /etc/rc.d/wdm and add the following line into your /etc/rc.conf wdm=YES --snip-- If you'll pardon the expression, in an ordinary (default) NetBSD installation, what will be expressed by: ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/wdm? I can't seem to find the rc script in question. Thank you. -- What's going on with Bob? https://zeus.jtan.com/~wingnut
Re: wdm rc script
On Tue, Oct 05, 2021 at 10:14:19PM -0400, Bob Bernstein wrote: > If you'll pardon the expression, in an ordinary (default) > NetBSD installation, what will be expressed by: > > ${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}/wdm? > > I can't seem to find the rc script in question. PREFIX = /usr/pkg RCD_SCRIPTS_EXAMPLEDIR = share/examples/rc.d You should find it at /usr/pkg/share/examples/rc.d/wdm Martin
Re: wdm rc script
On Wed, 6 Oct 2021, Martin Husemann wrote: You should find it at /usr/pkg/share/examples/rc.d/wdm Here's what I see: $ ls /usr/pkg/share/examples/wdm/ GiveConsole Xservers Xsetup_0 TakeConsole Xservers.fs wdm-config Xaccess Xservers.ws wdm-config.in Xclients Xsession wdmReconfig Xclients.in Xsession.XFree86 Xresources Xsession.orig This appears at first glance to be in keeping with PLIST for /x11/wdm. I'm working with a too-old git clone of pkgsrc, but for idiosyncratic reasons I am shying away from refreshing it at this juncture. I can easily put implementing wdm on hold. Thank you. -- "No matter how big the problem is, you can always run away from it." Dom Irrera
Re: wdm rc script
On Wed, 6 Oct 2021, Martin Husemann wrote: You should find it at /usr/pkg/share/examples/rc.d/wdm And, of course there it is. If only I had looked in the location you suggested, rather than one I seem to have conjured out of pure cranial vapor lock, I would have found it. Imagine my embarassment. Thank you. -- What can be asserted without evidence can be dismissed without evidence. Hitchens' Razor