SMTP AUTH over SSL only?

---

• From: "Michael W. Lucas" <mwlucas@xxxxxxxxxxxxxxxxxxxx>
• Date: Sat, 22 Sep 2007 13:44:25 -0400

---

Hi folks,

I have a FreeBSD 7.0 server where I'd like to authenticate against
/etc/master.passwd when using SMTP AUTH and Sendmail. This means
using LOGIN, which can use either plain text or SSL-tunneled
connections. I'd like to allow SMTP AUTH only over SSL, and disallow
it over unencrypted connections. Any suggestions on this? Surely
there's just some switch I'm missing? The archives and search engines
are full of people trying to get SSL working, not people trying to
turn off non-SSL connections.

Here's the relevant snippets of sendmail.mc I'm using.

TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`CERT_DIR', `/usr/local/etc/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/hostname.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/hostname-key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/hostname.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/hostname-key.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Any suggestions greatly appreciated!

Thanks,
==ml

--
Michael W. Lucas mwlucas@xxxxxxxxxxxxxxxxxxxx, mwlucas@xxxxxxxxxxx
http://www.BlackHelicopters.org/~mwlucas/
Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com
On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons."
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: SMTP AUTH over SSL only?
    • From: Matthew Seaman

• Prev by Date: I've added you as a friend on Facebook...
• Next by Date: Re: SMTP AUTH over SSL only?
• Previous by thread: I've added you as a friend on Facebook...
• Next by thread: Re: SMTP AUTH over SSL only?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: sendmail user name and password authentication ... SMTP AUTH then you won't put any host/net in the access_db. ... else there is no SASL support for PLAIN and LOGIN. ... Fedora GNU/Linux Core 2 kernel 2.6.6-1.435.2.3.ad.umlsmp ... (Fedora) Re: SMTP AUTH over SSL only? ... I have a FreeBSD 7.0 server where I'd like to authenticate against ... I'd like to allow SMTP AUTH only over SSL, ... it over unencrypted connections. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... (freebsd-isp) Re: STMP Auth Failure ... >LOGIN unless the session is encrypted. ... allowing PLAIN and LOGIN SMTP AUTH is no greater risk ... (Fedora) postfix smtp auth TLS , cyrus sasl SSL/TLS ... Trying to get cyrus with SSL/TLS, as well as postfix with smtp auth ... I can login to imap accounts using SSL or TLS, and CRAM-MD5, etc. ... now that I am trying to get postfix smtp auth working through sasl, ... (freebsd-questions) Re: Yahoo SMTP ... Peter L Hansen wrote: ... SMTP AUTH with Python works using the login() method of the SMTP object. ... It supports the methods CRAM-MD5, ... (comp.lang.python)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > isp  > 2007-09