Free. BSD as a Secure Mail Server Using sendmail and imap- uw. Building a simple sendmail server that supports auth- based. SSL/TLS encryption while using Free. BSD is fairly. straightforward.
Install FreeBSD v4.9. imap-uw-2002_1,1 University of Washington IMAP4rev1/POP2/POP3 mail servers. libiconv-1.8_2 A character set conversion library. libmcal.
Free. BSD's base sendmail is very flexible. The goal is to have working sendmail, ipop. Microsoft. e- mail clients, don't require any extra password maintenance, uses. Free. BSD's included sendmail and uses applications from. Free. BSD's ports system.
Make sure your ports tree is updated (using cvsup or portsnap). Also, if you're planning on doing an update of the base system soon it would be a. It may also be a good time.
LDA to. procmail during the sendmail setup. Installing imap- uw. Install mail/cclient from the Free.
BSD ports system. Don't forget to add "- DWITH_SSL_AND_PLAINTEXT" to make to enable. LOGIN and PLAIN auth support if you wish to support non- SSL- capable IMAP. DWITH_SSL_AND_PLAINTEXT install. Install mail/imap- uw from the Free. BSD ports system.
Eiichiromomma / CVMLAB. Code. Issues 0. Pull requests 0. Wiki Pulse Graphs FreeBSD imapuw. eiichiromomma edited this page Aug 17, 2014 · 1 revision Pages 344. . http:// Installing FreeBSD 4.10 mail. Install FreeBSD. SSL_AND_PLAINTEXT=true install” Install imap-uw. Any concerns regarding this port should be directed to the FreeBSD Ports. error in man page for imapd of mail/imap-uw If you install the imap-wu port and. . RE: Sendmail - IMAP-UW. questions at freebsd.org > >Subject: Re: Sendmail. html, and had no > >>> problems with > >>> the install except for Sendmail. I have made this configuration few years ago on 6.1 release for testing purposes.I hope it is not much outdated. Imap-uw Install mail/cclient with. Mail Components. There are five major. More information about installing and using a MUA on FreeBSD can be found in Section 27.10., mail/imap-uw.
Again, don't forget the "- DWITH_SSL_AND_PLAINTEXT" to turn on. SSL- encrypted and plain- text IMAP support if you. SSL- enabled IMAP clients.
DWITH_SSL_AND_PLAINTEXT install. Install an Open. SSL certificate. When you install the.
![Freebsd Install Imap-Uw Freebsd Install Imap-Uw](http://www.katch.ne.jp/~atsuro/freebsd/227/outlook.jpg)
Be sure you use the FQDN for your mail server when it asks for. Common Name."Edit /etc/inetd. You can also turn on the standard. The lines in your /etc/inetd. Restart inetd. You can kill and restart inetd.
HUP signal will result. Just "kill - HUP" the PID of inetd. Test it out! Point your favorite e- mail client (that does SSL/TLS. SSL, set the auth type to PLAIN or LOGIN (if given.
If you can't check. SSL- encrypted IMAP or POP3 on the right ports. LOGIN. or PLAIN auth types, make sure the mail server is able to accept. If all else fails, start retracing your steps.
Did. you build things right? Did you generate an Open. SSL certificate? Did you set up /etc/inetd. Is your client configuration. Sendmail setup. Install security/cyrus- sasl.
Free. BSD. ports system. Installing security/cyrus- sasl. Saslauthd can be started by /usr/local/etc/rc.
Starting saslauthd manually will be necessary. Be certain to add the line. YES". to /etc/rc.
Change sendmail build options in /etc/make. Free. BSD's. SENDMAIL_* variables in /etc/make. Site. directory in a "virgin" sendmail source tree. We need to use. the build options to enable cyrus- sasl.
The lines in /etc/make. SASL (cyrus- sasl v. SENDMAIL_CFLAGS=- I/usr/local/include - DSASL=2. SENDMAIL_LDFLAGS=- L/usr/local/lib. SENDMAIL_LDADD=- lsasl.
Adding to enable alternate port (smtps) for sendmail.. SENDMAIL_CFLAGS+= - D_FFR_SMTP_SSLRebuild sendmail.
You can do this the next time you rebuild the world or you can rebuild sendmail. To rebuild sendmail and associated programs.
Free. BSD world you need to do the. Obtain and install an SSL certificate. You can generate an. Open. SSL certificate yourself. R 6. 00 /etc/mail/certs/*Make sure sendmail is using saslauthd for. Sendmail. conf controls which. Sendmail. conf needs.
Edit sendmail's mc file. The mc file should be the. If it's. not, do a "make all" to generate an mc file with this name.
Make. changes to that file, not the original freebsd. We need to allow. PLAIN and LOGIN, specify PLAIN and LOGIN auth types. SSL certificate. and tell sendmail to listen on the smtps port. AUTH_MECHANISMS',`PLAIN LOGIN')dnl. TRUST_AUTH_MECH(`PLAIN LOGIN')dnl. CERT_DIR', `/etc/mail/certs')dnl.
CACERT_PATH', `CERT_DIR')dnl. CACERT', `CERT_DIR/mycert. SERVER_CERT', `CERT_DIR/mycert. SERVER_KEY', `CERT_DIR/mykey.
CLIENT_CERT', `CERT_DIR/mycert. CLIENT_KEY', `CERT_DIR/mykey. DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl. DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl.
Note that only mail clients that support raw TLS connections will. M=s" in the. smtps port line in the mc file. If you want a "regular" smtp port. M=s part. Rebuild cf files. From /etc/mail. make all install restart.
Try it out! Point your mailer at the mail server, configure the. SSL/TLS and auth and give it a shot. If things don't work it's time to start checking your work. If. everything looks right bump the Log.
Level to 2. 5 in sendmail. Pitfalls and problems. Make sure your mail clients are pointed at the FQDN of the mail. TLD of the mail server if it happens to have.
TLD pointed at it. Make sure your Open. SSL certificates are signed for the FQDN of. TLD of your server.
Some clients don't. Outlook and Outlook Express), but some clients (Eudora). Clients can auth without SSL/TLS encryption to imapd. SSL/TLS can take place on the regular smtp port). Since. clients will be using LOGIN or PLAIN types of auth this presents a. Make a point to enforce the use of SSL/TLS when.
SSL was used. and check /var/log/maillog to see if an SSL connection was established). Notes about mail clients. Outlook and Outlook Express work fine as long as you. SSL to the smtp port (2. I. personally find Outlook and Outlook Express to both have problems. IMAPS server if I don't do anything.
None of the other Windows clients. Eudoradoes not currently work with newer versions of Open. SSL. This. problem is documented in Eudora's support. I did not feel inclined to disable what needs to be disabled. Eudora and neither should you.
Hopefully Eudora. Certicom to fix the problem with Certicom's. SSL libraries. Eudora is more well- behaved with IMAP than Microsoft. Mozilla's. mail client (Netscape Mail should work, too) works.
TLS session manually, just. Outlook and OE do. That means Mozilla doesn't play nice with. TLS connection. Mozilla is also fairly polite with IMAP and isn't as noisy as.
Outlook/Outlook Express are when you turn the "Maximum number of. Mulberry rocks. By far the most IMAP- friendly. Windows, Mulberry is also the most flexible as far. Mulberry is a nice. Eudora replacement.
Many mail clients on free, UNIX- like OSes play very nice with. KMail has been reported to work. Why no CRAM- MD5 or DIGEST- MD5 support? Adding support for CRAM- MD5 and DIGEST- MD5 complicates. CRAM- MD5 and DIGEST- MD5 can not.
PAM (the default system the above setup uses for. Keeping. plain- text passwords in files is just a Bad Thing, plus password. Sendmail talks to saslauthd, which in turn. CRAM- MD5 and. DIGEST- MD5 auth require a separate password database to be maintained.
Berkeley database format) for authentication. That. requires somehow changing user passwords in both databases. I suppose. one could hack up the passwd script to change the sasldb. Along the same vein, imap- uw requires a separate flat. CRAM- MD5 and DIGEST- MD5. Again, that complicates the password update procedure.
Credits. Gregory. Neil Shapiro cleared up some confusion I had in regards to. Free. BSD's sendmail build process. Lots of web pages (most notably this page)The folks in #sendmail on irc. IRC in general. Umemoto for contacting me about this page to inform me that. Mr. Umemoto is the cyrus- sasl.
Chris. Boyd for also notifying me of the port shake- up and going. Joe Auty and Glen Hasselman for pointing. DWITH_SSL_AND_PLAINTEXT=yes was not the same as. DWITH_SSL_AND_PLAINTEXT. Andreas Wideroe. Andersen for pointing out that the sasl_saslauthd_enable.
Page created 2. 00. Page modified 2. 00. Comments? Suggestions? Send them to hemi@puresimplicity.