From: "Kirk Davis" <[EMAIL PROTECTED]>
To: "Greg Groth" <[EMAIL PROTECTED]>
CC: <freebsd-questions@freebsd.org>
Subject: RE: Sendmail - IMAP-UW - Cyrus-SASL2 - SMTPAUTH problems
Date: Mon, 13 Feb 2006 14:25:04 -0700
Hi Greg,
> I'm trying to set up a FreeBSD 6.0 box as a mail server, and while
> everything seems to be working OK for the most part, I have
> run into two
> issues that I cannot resolve (I'm new to BSD, please bear
> with me). Install
> went as follows: Installed via FTP last night along with
> "src - Sources for
> everything",
>
> IMAP-UW was compiled via ports with WITH_SSL_AND_PLAINTEXT
> enabled (same for
> cclient), OpenSSL, Cyrus-SASL2 & Cyrus-SASL2-saslauthd were
> compiled via
> ports with no flags.
>
> Sendmail was installed with the base install and recompiled
> (after SASL2 was
> up and running) with the following options added to make.conf:
>
> # SASL (cyrus-sasl v2) sendmail build flags...
> SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
> SENDMAIL_LDFLAGS=-L/usr/local/lib
> SENDMAIL_LDADD=-lsasl2
> # Adding to enable alternate port (smtps) for sendmail...
> SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
>
> I followed the instructions I found at
> http://www.bsdconspiracy.net/howto/sendmail.html, and had no
> problems with
> the install except for Sendmail. After recompiling sendmail,
> I added the
> following lines to the mail.server.mc file:
>
> define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
> TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
> define(`CERT_DIR', `/etc/mail/certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/mycert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
This is your problem. The above line sets up the Sendmail daemon to
listen on port 25 but the standard mc file distributed with FreeBSD also
sets up a DAEMON port (it's at the end of the MC file).
Here is what my DAEMON_OPTIONS lines look like. These should be the
only DAEMON_OPTIONS lines in the mc file.
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
That is what I was guessing, however I couldn't find a Sendmail for Dummies
book that could explain The DAEMON_OPTIONS in language I understand. It's
very easy to get lost in the online docs and the O'Reilly book, for me
anyway.
> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
>
> After running (in /etc/mail) "make clean", "make cf", "make
> install", "make
> restart", SMTP no longer works, and I find the following in
> maillog and
> messages
>
> Feb 12 20:25:55 mail sm-mta[1213]: daemon IPv4: problem
> creating SMTP socket
> Feb 12 20:26:00 mail sm-mta[1213]: NOQUEUE: SYSERR(root):
> opendaemonsocket:
> daemon IPv4: cannot bind: Address already in use
>
> When I try and stop sendmail, I get a message that the pid
> for Sendmail
> cannot be found. I end up killing the missing Sendmail daemon using
> KSysGuard
>
> If I remove this line - "DAEMON_OPTIONS(`Port=smtp,
> Name=MTA')dnl" from the
> mail.server.mc file, make cf, make install, make restart,
> sendmail starts
> normally. When trying to access from another machine on my
> network, I can
> only connect on port 25 without a secure connection (I'm
> using Thunderbird
> for this), although SMTP-AUTH is working correctly.
Have you tried to setup your mail client to connect to port 465? This
is the smtps (SMTP SSL) port.
Yes I have. The above mentioned How-To states to have MS products connect
on port 25, which didn't make a whole lot of sense to me, so I tried both 25
and 465 using Thunderbird. Thunderbird returned with a message that the
SMTP server was not accepting connections. Now that I know what's wrong
with my MC file, I'm guessing I havge to take a stronger look at my
certificates and make sure that they're working correctly. I might have a
path screwed up somewhere. Seems that if it's listening on 465, everything
should be OK with Sendmail, but there might be a problem with SSL.
> Any ideas on what I might need to do to get SSL / SMTP-AUTH
> working on SMTP?
> I took a look at the instructions in the handbook, but they
> were written
> for SASL1. Running netstat shows smtps listening on 465, but
> when I try to
> telnet to that port, the server drops the connection.
Hmm... It should connect but you will not see anything since it is
expecting an SSL connection.
> My second problem is rather simple, after I create an IMAP
> folder, I am
> unable to delete it using a remote client. Thunderbird
> responds with "The
> mail server responded: RENAME failed: Can't create mailbox node
> /home/User/Trash/: File exists. Nothing shows up in any of
> the server logs
> though.
I have not seen this problem although I have it setup for an office of
Outlook users. I would check the permissions on the folders in the user
home directory. This is where the IMAP user forlders are by default. I
usually setup the clients to use the base imap if Mail and then create a
Mail directory in the user home directory. That way the mail folders
don't get messed up with the user stuff.
I'm going to have to play around with this a bit more. After thinking about
it, I have not tested deleting a directory through an IMAP connection, only
an IMAPS connection. It's possible that I'm experiencing some kind of
problem there as well. I will also take a look at the permissions, which I
have not done yet since I assumed that if I could create it, I should be
able to delete it, but we all know what happens when we assume things.
>
> Hopefully this is the right list for these questions, if not,
> could someone
> please direct me to the correct one? Any advice anyone can
> give me on
> either of these problems would be greatly appreciated.
>
---- Kirk
Kirk Davis
Senior Network Analyst, ITS
Edmonton Public Schools
1-780-429-8308
Many, many thanks on clearing up the Sendmail issue.
Greg Groth
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
