Target: Enable STARTTLS with Sendmail 8.14.7 on freebsd FreeBSD 10.0.
Sendmail is compiled from thefreebsd-base FreeBSD base with TLS but it doenst doesn't work. The port security/cyrus-sasl2-saslauthd is also installed. Any idea what could be wrong? I got
When I connect to localhost I get:
freebsd.mc file:
Regards, Mike
Sendmail is compiled from the
Code:
sendmail -d0.1
Version 8.14.7
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = host
(canonical domain name) $j = host.domain.com81.82.83.84
(subdomain name) $m = domain.com81.82.83.84
(node name) $k = grendl
========================================================
When I connect to localhost I get:
Code:
telnet localhost 25Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 host.domain.com81.82.83.84 ESMTP Sendmail 8.14.7/8.14.7; Thu, 10 Apr 2014 23:01:22 +0200 (CEST)
ehlo localhost
250-host.domain.com81.82.83.84 Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
freebsd.mc file:
Code:
divert(0)
VERSIONID(`$FreeBSD: release/10.0.0/etc/sendmail/freebsd.mc 256982 2013-10-23 16:55:20Z jmg $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Enable STARTTLS for receiving email.
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl
define(`confSERVER_KEY', `CERT_DIR/host.key')dnl
define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl
define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
dnl set SASL options
#TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
#define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`GSSAPI LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI LOGIN STARTTLS PLAIN')dnl
dnl SSL Options
define(`confCACERT_PATH',`/etc/mail/CA')dnl
define(`confCACERT',`/etc/mail/CA/cacert.pem')dnl
define(`confSERVER_CERT',`/etc/mail/CA/server.crt')dnl
define(`confSERVER_KEY',`/etc/mail/CA/server.key')dnl
define(`confTLS_SRV_OPTIONS', `V')dnl
define(`tls_version', `TLSv1')dnl
dnl define(`tls_version`,`TLSv1`)dnl
dnl greylisting option
dnl j,{if_addr},{cert_subject},i,{auth_authen} are already enabled by default
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')
define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, {greylist}'')
INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=R:30s')
Regards, Mike