On Wed, 23 Jul 2003, Ronald W. Heiby wrote:
> Wednesday, July 23, 2003, 7:29:37 PM, Rodolfo wrote:
>
> > What happens if you "telnet mailserver 25" and issue a "ehlo localhost"?
>
> "ehlo localhost" gives an error about it being an invalid domain name.
> Getting past that, after the "pleased to meet you" message, I get:
>
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH LOGIN PLAIN
> 250-DELIVERBY
> 250 HELP
>
> This would also seem to indicate that I should be able to use PLAIN
> authentication to tell sendmail that I'm an OK person.
Yes, I believe that is correct. You can enable DIGEST-MD5 and CRAM-MD5 by
enabling SASL. You can do that by using the saslpasswd command. I'm not
familar with The Bat! but pine will automatically use the best
authentication available.
Also, when you're at your client are you sure you can get through their
firewall? Perhaps you have to use their server. I don't think I can send
mail directly to my server from where I work.
> > Check to make sure that The Bat! is not trying to use encrypted
> > authentication (which right now will not work, you need to do more stuff to
> > set it up with SASL). Right now you have PLAIN and LOGIN authentication
> > available, that is, unencrypted.
>
> It is not set up to attempt encryption. I've looked at setting up the
> encryption stuff a couple of times, but have always been stymied by
> how to merge such configuration with The Bat! configuration. I have
> the option to do RFC 2554 authentication (which I have checked).
> Within that, I get to specify a login name and password (which I
> have), as well as the option to use Secure MD5 Authentication (which I
> have NOT checked). That is all in the "Authentication" config menu.
> Within the superior "Transport" config menu, I have my choice of
> connections / ports: Regular; Secure to regular port (STARTTLS); and
> Secure to dedicated port (TLS). Unfortunately, The Bat! documentation
> does not seem to help me match these up with how one might configure
> Sendmail to match. As I recall, when I last tried going down the path
> to encryption based authentication, I was stuck trying to figure out
> how to come up with a common key format that would be acceptable both
> on the Linux side and on the The Bat! side. sigh.
STARTTLS is just SSL. You can turn that on with sendmail by removing the
dnl's at the front of the four SSL lines in sendmail.mc (if you're using
the sendmail that shipped with either RH 8 or 9) and going into the
/usr/share/ssl/certs directory and entering "make sendmail.pem". Answer
the questions and it will create new SSL certificates for you. Of course
you have to do a "make -C /etc/mail" in /etc/mail to rebuild sendmail.cf
and then restart sendmail ("service sendmail restart").
The first time you try and connect with SSL turned on in your mail client
you will likely see a warning about an untrusted certificate (since you
signed it). Ignore it and move on. In pine I had to add a
novalidate-cert to stop the complaining!
If you're not using the version of sendmail that shipped with RH 7.3 or
earlier this won't work since STARTTLS wasn't compiled in. You'll have to
build sendmail from scratch to include TLS support. To check that SSL
support is available do a "telnet localhost 25" and then "ehlo localhost".
If SSL support is available you will see STARTTLS as part of the list.
BTW, in /usr/share/ssl/certs there are dummy certs for ipop3d and imapd.
You should remove those or rebuild them since everyone has those.
--
Gerry
"The lyfe so short, the craft so long to learne" Chaucer
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
