[WBEL-users] Sendmail on WB3.0
Michiel van Es
info@pcintelligence.nl
Sun, 28 Mar 2004 11:48:22 +0200
I do not think the double 'define confAUTH_OPTIONS' is correct.
There is a problem with users authenticating theirselves on the sendmal
smtp server.
Perhaps they have secure password authentication on?
Michiel
define(`confAUTH_OPTIONS', `A')dnl
dnl # <added by Denis Croombs>
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl # </Added by Denis Croombs>
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN')dnl
Denis Croombs wrote:
>>Default sendmail.mc listens on 127.0.0.1 .. change it or remove it from
>>the sendmail.mc and do a make.
>>What is /var/log/maillog saying?
>>
>>Michiel
>
>
> I am now getting the following error:-
>
> Mar 27 19:51:38 localhost ipop3d[28324]: Logout user=denis
> host=xxx.xxx.cable.ntl.com [213.xxx.xxx.xxx] nmsgs=0 ndele=0
> Mar 27 19:52:54 localhost sendmail[28325]: i2RJqr0e028325:
> ruleset=check_rcpt, arg1=<Denis@xxxxxx.net>, relay=xxx.xxx.cable.ntl.com
> [213.xxx.xxx.xxx], reject=550 5.7.1 <Denis@xxxxxx.net>... Relaying denied.
> Proper authentication required.
>
> here is my sendmail.cf:-
>
> divert(-1)dnl
> dnl #
> dnl # This is the sendmail macro config file for m4. If you make changes to
> dnl # /etc/mail/sendmail.mc, you will need to regenerate the
> dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package
> is
> dnl # installed and then performing a
> dnl #
> dnl # make -C /etc/mail
> dnl #
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for Red Hat Linux')dnl
> OSTYPE(`linux')dnl
> dnl #
> dnl # Added by Denis Croombs 20/3/2004 for faxing system
> define(`FAX_MAILER_PATH',`/usr/bin/faxmail')dnl
> define(`FAX_MAILER_ARGS',`faxmail -d -n -p 12pt $u@$h $f')dnl
> MAILER(`fax')dnl
> dnl # / of section added by Denis Croombs
> dnl #
> dnl # Uncomment and edit the following line if your outgoing mail needs to
> dnl # be sent out through an external mail server:
> dnl #
> dnl define(`SMART_HOST',`smtp.your.provider')
> dnl #
> define(`confDEF_USER_ID',``8:12'')dnl
> dnl define(`confAUTO_REBUILD')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> dnl # define(`confPRIVACY_FLAGS',
> `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> dnl # <added by Denis Croombs>
> dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> dnl # </Added by Denis Croombs>
> dnl #
> dnl # The following allows relaying if the user authenticates, and disallows
> dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
> dnl #
> define(`confAUTH_OPTIONS', `A p')dnl
> dnl #
> dnl # PLAIN is the preferred plaintext authentication method and used by
> dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
> dnl # use LOGIN. Other mechanisms should be used if the connection is not
> dnl # guaranteed secure.
> dnl #
> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> PLAIN')dnl
> dnl #
> dnl # Rudimentary information on creating certificates for sendmail TLS:
> dnl # make -C /usr/share/ssl/certs usage
> dnl #
> dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
> dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
> dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
> dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
> dnl #
> dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
> dnl # slapd, which requires the file to be readble by group ldap
> dnl #
> dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
> dnl #
> dnl define(`confTO_QUEUEWARN', `4h')dnl
> dnl define(`confTO_QUEUERETURN', `5d')dnl
> dnl define(`confQUEUE_LA', `12')dnl
> dnl define(`confREFUSE_LA', `18')dnl
> define(`confTO_IDENT', `0')dnl
> dnl FEATURE(delay_checks)dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> dnl #
> dnl # The -t option will retry delivery if e.g. the user runs over his
> quota.
> dnl #
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`root')dnl
> dnl #
> dnl # The following causes sendmail to only listen on the IPv4 loopback
> address
> dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
> dnl # address restriction to accept email from the internet or intranet.
> dnl #
> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen to port 587 for
> dnl # mail from MUAs that authenticate. Roaming users who can't reach their
> dnl # preferred sendmail daemon due to port 25 being blocked or redirected
> find
> dnl # this useful.
> dnl #
> dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen to port 465, but
> dnl # starting immediately in TLS mode upon connecting. Port 25 or 587
> followed
> dnl # by STARTTLS is preferred, but roaming clients using Outlook Express
> can't
> dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
> dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
> dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
> dnl #
> dnl # For this to work your OpenSSL certificates must be configured.
> dnl #
> dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen on the IPv6
> loopback
> dnl # device. Remove the loopback address restriction listen to the network.
> dnl #
> dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
> dnl # a kernel patch
> dnl #
> dnl # DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
> dnl #
> dnl # We strongly recommend not accepting unresolvable domains if you want
> to
> dnl # protect yourself from spam. However, the laptop and users on computers
> dnl # that do not have 24x7 DNS do need this.
> dnl #
> FEATURE(`accept_unresolvable_domains')dnl
> dnl #
> dnl FEATURE(`relay_based_on_MX')dnl
> dnl #
> dnl # Also accept email sent to "localhost.localdomain" as local email.
> dnl #
> LOCAL_DOMAIN(`localhost.localdomain')dnl
> dnl #
> dnl # The following example makes mail from this host and any additional
> dnl # specified domains appear to be sent from mydomain.com
> dnl #
> dnl MASQUERADE_AS(`mydomain.com')dnl
> dnl #
> dnl # masquerade not just the headers, but the envelope as well
> dnl #
> dnl FEATURE(masquerade_envelope)dnl
> dnl #
> dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as
> well
> dnl #
> dnl FEATURE(masquerade_entire_domain)dnl
> dnl #
> dnl MASQUERADE_DOMAIN(localhost)dnl
> dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
> dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
> dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
>
> Any clues please.
>
>