 |
 |
 |
 |
| Servers The place to discuss any Fedora server problems you may have. |
2004-08-08, 05:11 PM CDT
|
|
Registered User
|
|
Join Date: May 2004
Posts: 8
|
|
|
Sendmail + SMTP + SSL
I'm working on a Fedora Core 2 box and I'm trying to get my sendmail configured for my SMTP relay. I would like the SMTP relay to only allow SMTP connections over SSL and would like sendmail to accept authenticated SMTP SSL logins. I have dovecot up and running for my IMAP dameon and I have successfully setup the SSL certs with dovecot and now once I get this issue with sendmail resolved, my email system will be intact.
Please anyone out there have any suggestions?
Note: I've googled for hours and have followed what most people have done already but my sendmail is still allowing non secure + non auth connections from both inside and outside the lan. I want it to only accept secure + auth connections, which it currently does. However, I want it to reject non secure +/- no auth connections.
|
2004-08-08, 05:35 PM CDT
|
 |
Registered User
|
|
Join Date: Feb 2004
Age: 41
Posts: 8,250
|
|
did you try www.linuxquestions.org ??
i really have little experience with server and network but you may find a thread there that could help you or just wait for one of the moderators to respond you in a better way.....i believe crackers has experience in servers... 
Last edited by imdeemvp; 2004-08-08 at 05:38 PM CDT.
|
2004-08-08, 05:38 PM CDT
|
|
Registered User
|
|
Join Date: May 2004
Posts: 8
|
|
|
I've tried everywhere! I'm making progress now, I have it requiring atleast 128 bit encryption and it is validating the SMTP user/pass against the box passwd/shadow which is fine, however the SMTP is still allowing anonymous relay even though it's over a SSL.
|
2004-08-08, 05:39 PM CDT
|
|
Registered User
|
|
Join Date: Feb 2004
Age: 41
Posts: 8,250
|
|
well thats' good 
|
2004-08-08, 06:18 PM CDT
|
|
Registered User
|
|
Join Date: May 2004
Posts: 8
|
|
Okay this is what I have based off of what I've seen from other sites running sendmail
/etc/mail/sendmail.mc:
Code:
...
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
...
define(`confCACERT_PATH',`/etc/mail/certs')dnl
define(`confCACERT',`/etc/mail/certs/ca-bundle.crt')dnl
define(`localCERT', `/etc/mail/certs/our-cert.pem')dnl
define(`confCLIENT_CERT',`localCERT')dnl
define(`confCLIENT_KEY',`localCERT')dnl
define(`confSERVER_CERT',`localCERT')dnl
define(`confSERVER_KEY',`localCERT')dnl
...
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
/etc/mail/access
Code:
...
mydomain.com RELAY
TLS_Clt:mydomain.com ENCR:128
TLS_Srv:mydomain.com ENCR:128
TLS_Rcpt:mydomain.com ENCR:128
Note:
-If I add VERIFY to ENCR, whenever I try my username/password (from the UNIX system) it denies me giving me error 403 not authenticated even though I'm sending the correct username/password.
-If I add PERM to ENCR, it has no affect compared to leaving it out.
/usr/lib/sasl2/Sendmail.conf
Code:
pwcheck_method:saslauthd
My SMTP connection is forcing the 128-bit enc properly however it is not forcing the user to authenticate. It will still allow anonymous access which I want to prevent but I do want authorized users to be able to access the sendmail smtp server from outside the network if they have the proper privelages (aka username in /etc/passwd and password in /etc/shadow). PLEASE HELP 
Last edited by xyklopz; 2004-08-08 at 06:32 PM CDT.
|
2004-08-09, 02:38 PM CDT
|
|
Registered User
|
|
Join Date: May 2004
Posts: 8
|
|
Problem Solved.
After researching more and talking to a local guru I discovered my problem. My /etc/mail/access file was incorrect and was allowing mydomain.com relay without AUTH. Therefore, removing that along with all the localhost entries and making my access file to strictly enforce ENC and let salsauthd to do the AUTH.
Thus my resulting access file:
Code:
TLS_Clt: ENCR:128
TLS_Srv: ENCR:128
TLS_Rcpt: ENCR:128
and also note the following sendmail.mc change:
Code:
define(`confAUTH_OPTIONS', `A p y')dnl
Hope this helps someone! This made me server require AUTH for every SMTP connection and it forces atleast 128-bit encryption. :-)
|
2004-09-03, 12:13 AM CDT
|
|
Registered User
|
|
Join Date: Jan 2004
Posts: 4
|
|
|
with that magic u did, can you relay from yer server (where sendmail is running, 127.0.0.1)? I mean, without autenticating yerself?
Also, can you relay mail to yahoo and alike? Do the comon web mail servers like yahoo, hotmail, etc, allow encrypted connections? on self signed certs?
Last edited by pejcao; 2004-09-03 at 01:17 PM CDT.
|
2004-11-19, 11:32 AM CST
|
|
Registered User
|
|
Join Date: Nov 2004
Posts: 64
|
|
|
Hi to all,my problem is this,I have a hotmail e-mail account and I can access it with Windows XP Professional O.S.I have Fedora Core 3 dual booting with it.I have been trying to access my hotmail account via Kmail and Sendmail.The servers I have been using after a search on the web are smtp.email.msn.com and pop3.email.msn.com .But when I use Kmail to access my e-mals,a dialouge box comes up and says that it could not connect to pop3.email.msn.com.
can anybody help me with this one?
Steve
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Automatic Translations (Powered by  ):
All times are GMT -7. The time now is 02:54 AM CST.
|
|
 |
 |
 |
 |
|
|
