Re: [Hampshire] Sendmail authentication and ssl

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMHugo Mills at <-
MMGraeme Hilton at ->

Reply to this message
Author: Vic
Date:  
To: hampshire
Subject: Re: [Hampshire] Sendmail authentication and ssl
> I run sendmail on my home server. It's not internet facing ... However,
> I would like it to accept connections from external mail clients

You need to have a bit of a think about what you really want to do; do you
want to run an internet-facing MTA? a MSA port only?

> such as my mobile
> phone. Preferably this would be over an encrypted link. I already run
> IMAPS for retreiving mail.

IMAP is entirely separate from SMTP.

> My problem is deciphering the sendmail configuration. I have no idea
> what the guy who wrote it was thinking, but it's just a horrendous mess
> of crap!!!

Well, it's certainly not friendly to the newcomer. But after a while, it
does start to make sense. Compared to the exim4 setup, for example, it's
yer bestest ever mate...

> Can someone just confirm that I've not set up an open
> relay, and that things look ok with this setup?

http://www.abuse.net/relay.html is perhaps the most important link you'll
ever get. See what it says...

> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> DAEMON_OPTIONS(`Port=smtp,Addr=192.168.0.102, Name=MTA')dnl

Is this the right address for your MTA? Do you really need to restrict the
IP address?

The line in my config file is simply

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

I'm not sure (and I'm too lazy to look up) what effect two such lines will
have; I expect the result to be the union of the two option lines, but I
don't know for sure.

> dnl # The following causes sendmail to additionally listen to port 587 for
> dnl # mail from MUAs that authenticate. Roaming users who can't reach
> their
> dnl # preferred sendmail daemon due to port 25 being blocked or
> redirected find
> dnl # this useful.

This is the bit I would expect you to use for external clients

> dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

...but that leading "dnl" is a stub-out; you're not opening MSA.

> DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

That's port 465; it can work, but is deprecated. I'd check your client
very carefully to see if this is the port you want.

Other than that, your config doesn't look dreadful - just perhaps a bit
sparse. My advice would be to write down (in words) exactly what you're
trying to achieve, then find a way to implement it...

Vic.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] mod_perl, PerlSetVar and startup scripts[Hampshire] smbfs->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)