Discussion:
sendmail AUTH
(too old to reply)
Wolfgang Agnes
2024-11-07 22:47:37 UTC
Permalink
--8<-------------------------------------------------------->8---
(*) Followup-To

comp.mail.sendmail

I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---

Here's what I see when I say ``HELP'' to my sendmail:

214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info

It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I have at
the moment?

I have no cyrus packages installed on this FreeBSD. If AUTH suffices to
me, then I wouldn't install anything else.

# pkg info | grep cyrus
#

# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Andrzej Adam Filip
2024-11-08 04:50:05 UTC
Permalink
Post by Wolfgang Agnes
--8<-------------------------------------------------------->8---
(*) Followup-To
comp.mail.sendmail
I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I have at
the moment?
I have no cyrus packages installed on this FreeBSD. If AUTH suffices to
me, then I wouldn't install anything else.
# pkg info | grep cyrus
#
# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Supported AUTHentication mechanisms are listed in reply to EHLO
(extended HELO) ESMTP command. EHLO replies list SMTP extensions
supported in the ESMTP session/connection.

:> ehlo xxx
:< 250-mail.example.org Hello localhost [127.0.0.1], pleased to meet you
:< 250-ENHANCEDSTATUSCODES
:< 250-PIPELINING
:< 250-EXPN
:< 250-VERB
:< 250-8BITMIME
:< 250-SIZE
:< 250-DSN
:< 250-ETRN
:< 250-AUTH DIGEST-MD5 CRAM-MD5
:< 250-DELIVERBY
:< 250 HELP
--
[Andrew] Andrzej A. Filip
Wolfgang Agnes
2024-11-08 10:52:48 UTC
Permalink
Post by Andrzej Adam Filip
Post by Wolfgang Agnes
--8<-------------------------------------------------------->8---
(*) Followup-To
comp.mail.sendmail
I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I have at
the moment?
I have no cyrus packages installed on this FreeBSD. If AUTH suffices to
me, then I wouldn't install anything else.
# pkg info | grep cyrus
#
# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Supported AUTHentication mechanisms are listed in reply to EHLO
(extended HELO) ESMTP command. EHLO replies list SMTP extensions
supported in the ESMTP session/connection.
:> ehlo xxx
:< 250-mail.example.org Hello localhost [127.0.0.1], pleased to meet you
:< 250-ENHANCEDSTATUSCODES
:< 250-PIPELINING
:< 250-EXPN
:< 250-VERB
:< 250-8BITMIME
:< 250-SIZE
:< 250-DSN
:< 250-ETRN
:< 250-AUTH DIGEST-MD5 CRAM-MD5
:< 250-DELIVERBY
:< 250 HELP
Thanks! Then I don't have support for authentication.

--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---

I'll have to recompile Sendmail.
Kalevi Kolttonen
2024-11-08 15:40:15 UTC
Permalink
Post by Wolfgang Agnes
Thanks! Then I don't have support for authentication.
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
I'll have to recompile Sendmail.
Not necessarily. I cannot remember the exact conditions, but
sometimes AUTH appears only after the client has issued
STARTTLS to enable the encryption layer. Clients do EHLO again
after the encryption layer is working.

br,
KK
Wolfgang Agnes
2024-11-08 18:40:17 UTC
Permalink
Post by Kalevi Kolttonen
Post by Wolfgang Agnes
Thanks! Then I don't have support for authentication.
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
I'll have to recompile Sendmail.
Not necessarily. I cannot remember the exact conditions, but
sometimes AUTH appears only after the client has issued
STARTTLS to enable the encryption layer. Clients do EHLO again
after the encryption layer is working.
Thanks! I don't know how to investigate it further after I type
STARTTLS. I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.

By the way, I think you're thinking is good---you might be thinking that
sendmail wouldn't want credentials traveling in the clear, but I believe
it does accept that if we compile it with AUTH PLAIN, say. I think
saying STARTTLS before will not be required.

The book

sendmail
Bryan Costales, George Jansen
& Claus Assmann with Gregory Neil Shapiro
O'Reilly, 2007, fourth edition, ISBN 978-0-596-51029-9

seems to confirm that I don't have AUTH support. On section 5.1.2.1, we
find:

--8<-------------------------------------------------------->8---
Before you install sendmail, test it to be sure the added SASL support
has worked. You can do this by running sendmail from the directory in
which it was built. Note that you must do this as root:

# obj.*/sendmail/sendmail -bs -Am

Here, we run the newly built sendmail relative to the source
directory. The -bs tells sendmail to speak SMTP on its standard
input. The -Am tells sendmail to use its server configuration file (not
submit.cf), even though it is running in mail-submission mode.

Such a test session might look like this:

220 your.host.domain ESMTP Sendmail 8.14.1/8.14.1; Fri, 14 Dec 2007 11:43:02 -0700
(PST)
ehlo your.host.domain
250-your.host.domain Hello ***@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 <-- note this line
250-DELIVERBY
250 HELP
quit
221 2.0.0 your.host.domain closing connection

Here, the AUTH SMTP keyword appears, indicating that this site supports SASL
authentication and two modes of authentication as shown earlier.
--8<-------------------------------------------------------->8---

And here's my test:

--8<-------------------------------------------------------->8---
# /usr/sbin/sendmail -bs -Am
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 15:29:21 -0300 (-03)
help
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
EHLO localhost
250-my.host.name Hello ***@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
HELP <--- I lose the connection here
#
--8<-------------------------------------------------------->8---

In maillog, I find:

--8<-------------------------------------------------------->8---
Nov 8 15:29:44 my.host sendmail[16217]: tls_srv_features=(null), relay=(null) [0]
Nov 8 15:29:44 my.host sendmail[16217]: tls_srv_features=empty, stat=0, relay=(null) [0]
--8<-------------------------------------------------------->8---

besides other irrelevant lines.

I find curious, though, that if I don't have SASL support, why should I
see the command AUTH as the answer to HELP? (I seem to have no
mechanism compiled-in for authentication.)
Kalevi Kolttonen
2024-11-08 18:48:08 UTC
Permalink
Post by Wolfgang Agnes
Thanks! I don't know how to investigate it further after I type
STARTTLS. I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.
Please install a perl-based tool called "swaks". From the manual page:

Swaks - Swiss Army Knife SMTP, the all-purpose SMTP transaction tester

and then use its "-tls" option.

With swaks, all SMTP testing becomes very easy indeed.
Post by Wolfgang Agnes
By the way, I think you're thinking is good---you might be thinking that
sendmail wouldn't want credentials traveling in the clear, but I believe
it does accept that if we compile it with AUTH PLAIN, say. I think
saying STARTTLS before will not be required.
You never *compile* Sendmail with "AUTH PLAIN", those are m4 configuration
file options.

br,
KK
Wolfgang Agnes
2024-11-09 20:22:01 UTC
Permalink
Post by Kalevi Kolttonen
Post by Wolfgang Agnes
Thanks! I don't know how to investigate it further after I type
STARTTLS. I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.
Swaks - Swiss Army Knife SMTP, the all-purpose SMTP transaction tester
and then use its "-tls" option.
With swaks, all SMTP testing becomes very easy indeed.
Pretty useful. Thanks!
Post by Kalevi Kolttonen
Post by Wolfgang Agnes
By the way, I think you're thinking is good---you might be thinking that
sendmail wouldn't want credentials traveling in the clear, but I believe
it does accept that if we compile it with AUTH PLAIN, say. I think
saying STARTTLS before will not be required.
You never *compile* Sendmail with "AUTH PLAIN", those are m4 configuration
file options.
Point taken. On the other hand, we could perhaps call the process of
writing the sendmail.cf file as a certain compilation? Because we read
a file that seems to be written in a certain domain-specific language
and then a program writes the sendmail.cf, which looks like a
lower-level type of language. :)
Bjørn Mork
2024-11-08 19:55:50 UTC
Permalink
Post by Wolfgang Agnes
Thanks! I don't know how to investigate it further after I type
STARTTLS. I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.
You can have openssl connect and issue the STARTTLS, and then continue
with TLS. Like so:

***@miraculix:~$ openssl s_client -connect canardo:25 -starttls smtp -quiet
Can't use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = canardo.mork.no
verify return:1
250 HELP
ehlo du
250-canardo.dyn.mork.no Hello [IPv6:2a01:799:10de:2e0a:149a:2079:3a3a:3457], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 canardo.dyn.mork.no closing connection


Drop the "-quiet" option to get more details about the TLS negotiation,
or add other options. You can also send client certificate if you want,
using -key and -cert. And there are plenty of other options as usual
with openssl :-)

See the openssl s_client manual page for more details.


Bjørn
Wolfgang Agnes
2024-11-09 20:23:31 UTC
Permalink
Post by Bjørn Mork
Post by Wolfgang Agnes
Thanks! I don't know how to investigate it further after I type
STARTTLS. I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.
You can have openssl connect and issue the STARTTLS, and then continue
Can't use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R11
verify return:1
depth=0 CN = canardo.mork.no
verify return:1
250 HELP
ehlo du
250-canardo.dyn.mork.no Hello
[IPv6:2a01:799:10de:2e0a:149a:2079:3a3a:3457], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 canardo.dyn.mork.no closing connection
Nice! Thanks for the illustration. Didn't know openssl also made that
pretty easy.
Andrzej Adam Filip
2024-11-08 16:48:01 UTC
Permalink
Post by Wolfgang Agnes
[…]
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
I'll have to recompile Sendmail.
Take a look at https://www.sendmail.org/~ca/email/auth.html
--
[Andrew] Andrzej A. Filip
Wolfgang Agnes
2024-11-08 18:46:06 UTC
Permalink
Post by Andrzej Adam Filip
Post by Wolfgang Agnes
[…]
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
I'll have to recompile Sendmail.
Take a look at https://www.sendmail.org/~ca/email/auth.html
Thanks! I'll follow those instruction and report back.
Wolfgang Agnes
2024-11-09 21:09:51 UTC
Permalink
Post by Andrzej Adam Filip
Post by Wolfgang Agnes
[…]
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
I'll have to recompile Sendmail.
Take a look at https://www.sendmail.org/~ca/email/auth.html
Thanks! I now have support for DIGEST-MD5 and CRAM-MD5.

--8<-------------------------------------------------------->8---
# sendmail -bs -Am
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Sat, 9 Nov 2024 17:26:51 -0300 (-03)
ehlo localhost
250-my.host.name Hello ***@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---

I made sure not to add PLAIN or LOGIN, although I'd accept such
authentications if I can make sure the conversation would be always
wrapped in TLS, which I think it would be desirable for port 587. But I
don't if that's easy to do.

Anyway, thanks for the help.
Claus Aßmann
2024-11-10 06:05:22 UTC
Permalink
Post by Wolfgang Agnes
I made sure not to add PLAIN or LOGIN, although I'd accept such
authentications if I can make sure the conversation would be always
wrapped in TLS, which I think it would be desirable for port 587. But I
don't if that's easy to do.
Did you read the fine documentation?

AuthOptions
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
Wolfgang Agnes
2024-11-11 11:27:14 UTC
Permalink
Claus Aßmann
Post by Claus Aßmann
Post by Wolfgang Agnes
I made sure not to add PLAIN or LOGIN, although I'd accept such
authentications if I can make sure the conversation would be always
wrapped in TLS, which I think it would be desirable for port 587. But I
don't if that's easy to do.
Did you read the fine documentation?
AuthOptions
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
Thanks! I am. I'm reading a fine and well-written book in its fourth
edition---thanks very much for your attention. :) Now you reminded me
about AuthOptions. And the p-option is now in place and things look
brigther now. Thanks very much.

%openssl s_client -starttls smtp -connect my.host.name:587 -quiet
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E5
verify return:1
depth=0 CN = my.host.name
verify return:1
250 HELP
ehlo localhost
250-my.host.name Hello my.host.name [1.2.3.4], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 my.host.name closing connection

(I then enabled PLAIN as well.)

%telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Mon, 11 Nov 2024 08:23:43 -0300 (-03)
ehlo localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 my.host.name closing connection
Connection closed by foreign host.

Andrzej Adam Filip
2024-11-08 16:50:57 UTC
Permalink
Post by Wolfgang Agnes
--8<-------------------------------------------------------->8---
(*) Followup-To
comp.mail.sendmail
I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I have at
the moment?
I have no cyrus packages installed on this FreeBSD. If AUTH suffices to
me, then I wouldn't install anything else.
# pkg info | grep cyrus
#
# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Do you plan to use dovecot (IMAP)?
YES => AFAIK postfix offers better dovecot integration than sendmail.
--
[Andrew] Andrzej A. Filip
Wolfgang Agnes
2024-11-08 18:45:37 UTC
Permalink
Post by Andrzej Adam Filip
Post by Wolfgang Agnes
--8<-------------------------------------------------------->8---
(*) Followup-To
comp.mail.sendmail
I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I have at
the moment?
I have no cyrus packages installed on this FreeBSD. If AUTH suffices to
me, then I wouldn't install anything else.
# pkg info | grep cyrus
#
# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Do you plan to use dovecot (IMAP)?
YES => AFAIK postfix offers better dovecot integration than sendmail.
(Thanks!) Such as what?

So far I'm not planning on using IMAP. This is just for personal mail
and I prefer the whole thing to be local, so POP3 should be enough to
bring my mail to my personal computer and then I can manage it here.

And I also don't want to plan to run Postfix. I am actually fond of
qmail, but I decided to run the legend once again to (this time) really
learn how it works and celebrate what a great software it has always
been.
Marco Moock
2024-11-08 19:46:26 UTC
Permalink
Post by Andrzej Adam Filip
Post by Wolfgang Agnes
--8<-------------------------------------------------------->8---
(*) Followup-To
comp.mail.sendmail
I suggest we take this thread to comp.mail.sendmail.
--8<-------------------------------------------------------->8---
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your
site. 214 2.0.0 End of HELP info
It shows AUTH. But it doesn't show anything else such as PLAIN or
CRAM-MD5. What does that mean? What kind of AUTH support do I
have at the moment?
I have no cyrus packages installed on this FreeBSD. If AUTH
suffices to me, then I wouldn't install anything else.
# pkg info | grep cyrus
#
# uname -a
FreeBSD my.host.name 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64
Do you plan to use dovecot (IMAP)?
YES => AFAIK postfix offers better dovecot integration than sendmail.
IIRC Dovecot supports getting mail from /var/spool and also via LMTP.
--
kind regards
Marco

Send spam to ***@cartoonies.org
Bjørn Mork
2024-11-08 20:17:46 UTC
Permalink
Post by Marco Moock
Post by Andrzej Adam Filip
Do you plan to use dovecot (IMAP)?
YES => AFAIK postfix offers better dovecot integration than sendmail.
IIRC Dovecot supports getting mail from /var/spool and also via LMTP.
There are lots of possibilites. I've been using the dovecot+sendmail
combo for years, and courier+sendmail before that. Have always used
procmail as lda delivering to Maildirs in the users' home dir.

Having

FEATURE(`local_procmail')dnl

in sendmail.mc and

DEFAULT=$HOME/Maildir/

in /etc/procmailrc is enough for delivery. The dovecot config has

mail_location = maildir:~/Maildir

My main reason for that configuration is that it allows each user to
filter mail directly into different imap folders using their own
~/.procmailrc without doing anything extra. Just add procmail rules
delivering to Maildir/.whatever/ instead of the default, and it will
show up in the INBOX.whatever folder in dovecot.

That's just one way to to it. There's a huge menu of mailbox formats and
locations. But whatever you choose I'm pretty sure both sendmail and
dovecot can support it.



Bjørn
Loading...