Thread: Sendmail TLS
View Single Post
  #1   (View Single Post)  
Old 19th February 2011
gpatrick gpatrick is offline
Spam Deminer
 
Join Date: Nov 2009
Posts: 226
Default Sendmail TLS

Running OpenBSD 4.8 and trying to setup secure Sendmail. Cyrus SASL is installed and 'sendmail -d0.1 -bv root' returns STARTTLS and SASL2. I added 'WANT_SMTPAUTH=yes" to /etc/mk.conf before doing a build. Running testsaslauthd returns OK. I reconfigured the Sendmail ports for SASL. My certs are self-signed and good.

But when I 'telnet localhost 25' I don't return 250-STARTTLS though I have 250-AUTH. Connection is refused on port 465 when I 'telnet localhost 465'.

What do I need to change to get TLS working?

Here is my .mc
Code:
VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl
OSTYPE(openbsd)dnl
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn')dnl
define(`confCW_FILE', `-o MAIL_SETTINGS_DIR`'local-host-names')dnl
define(`confCT_FILE', `-o MAIL_SETTINGS_DIR`'trusted-users')dnl
FEATURE(nouucp, `reject')dnl
FEATURE(`access_db', `hash -o -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl
FEATURE(always_add_domain)dnl
FEATURE(redirect)dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA, M=A')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=AO')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=465, Name=MTA-TLS, M=a')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Port=465, Name=MTA6-TLS, M=aO')dnl
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=AE')dnl
DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=AE')dnl
CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl
CLIENT_OPTIONS(`Family=inet6, Address=::')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`GSAPPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/CAcert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
MAILER(local)dnl
MAILER(smtp)dnl
LOCAL_RULESETS
HMessage-Id: $>CheckMessageId

SCheckMessageId
R< $+ @ $+ >		$@ OK
R$*			$#error $: 553 Header Error
Reply With Quote