I'm working on a Fedora Core 2 box and I'm trying to get my sendmail configured for my SMTP relay. I would like the SMTP relay to only allow SMTP connections over SSL and would like sendmail to accept authenticated SMTP SSL logins. I have dovecot up and running for my IMAP dameon and I have successfully setup the SSL certs with dovecot and now once I get this issue with sendmail resolved, my email system will be intact.

Please anyone out there have any suggestions?

Note: I've googled for hours and have followed what most people have done already but my sendmail is still allowing non secure + non auth connections from both inside and outside the lan. I want it to only accept secure + auth connections, which it currently does. However, I want it to reject non secure +/- no auth connections.

did you try www.linuxquestions.org ??

i really have little experience with server and network but you may find a thread there that could help you or just wait for one of the moderators to respond you in a better way.....i believe crackers has experience in servers... :rolleyes:

I've tried everywhere! I'm making progress now, I have it requiring atleast 128 bit encryption and it is validating the SMTP user/pass against the box passwd/shadow which is fine, however the SMTP is still allowing anonymous relay even though it's over a SSL.

well thats' good :D

Okay this is what I have based off of what I've seen from other sites running sendmail

/etc/mail/sendmail.mc:
...
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
...
define(`confCACERT_PATH',`/etc/mail/certs')dnl
define(`confCACERT',`/etc/mail/certs/ca-bundle.crt')dnl
define(`localCERT', `/etc/mail/certs/our-cert.pem')dnl
define(`confCLIENT_CERT',`localCERT')dnl
define(`confCLIENT_KEY',`localCERT')dnl
define(`confSERVER_CERT',`localCERT')dnl
define(`confSERVER_KEY',`localCERT')dnl
...
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl


/etc/mail/access
...
mydomain.com RELAY
TLS_Clt:mydomain.com ENCR:128
TLS_Srv:mydomain.com ENCR:128
TLS_Rcpt:mydomain.com ENCR:128

Note:
-If I add VERIFY to ENCR, whenever I try my username/password (from the UNIX system) it denies me giving me error 403 not authenticated even though I'm sending the correct username/password.
-If I add PERM to ENCR, it has no affect compared to leaving it out.


/usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

My SMTP connection is forcing the 128-bit enc properly however it is not forcing the user to authenticate. It will still allow anonymous access which I want to prevent but I do want authorized users to be able to access the sendmail smtp server from outside the network if they have the proper privelages (aka username in /etc/passwd and password in /etc/shadow). PLEASE HELP :(

Problem Solved.

After researching more and talking to a local guru I discovered my problem. My /etc/mail/access file was incorrect and was allowing mydomain.com relay without AUTH. Therefore, removing that along with all the localhost entries and making my access file to strictly enforce ENC and let salsauthd to do the AUTH.

Thus my resulting access file:

TLS_Clt: ENCR:128
TLS_Srv: ENCR:128
TLS_Rcpt: ENCR:128


and also note the following sendmail.mc change:


define(`confAUTH_OPTIONS', `A p y')dnl


Hope this helps someone! This made me server require AUTH for every SMTP connection and it forces atleast 128-bit encryption. :-)

with that magic u did, can you relay from yer server (where sendmail is running, 127.0.0.1)? I mean, without autenticating yerself?

Also, can you relay mail to yahoo and alike? Do the comon web mail servers like yahoo, hotmail, etc, allow encrypted connections? on self signed certs?

Hi to all,my problem is this,I have a hotmail e-mail account and I can access it with Windows XP Professional O.S.I have Fedora Core 3 dual booting with it.I have been trying to access my hotmail account via Kmail and Sendmail.The servers I have been using after a search on the web are smtp.email.msn.com and pop3.email.msn.com .But when I use Kmail to access my e-mals,a dialouge box comes up and says that it could not connect to pop3.email.msn.com.

can anybody help me with this one?

Steve