-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Dalloz wrote: <<--snip-->> | | | Maybe a little misunderstanding: the default entry in Sendmail.conf is | "pwcheck_method:saslauthd". Then the saslauthd must be running (service | saslauthd status). The saslauthd is by default configured to auth | against the shadow file. If you want to change that you will have to | create a file /etc/sysconfig/saslauthd with content i.e. "MECH=pam", | this will override the setting in the init script. There is a file /etc/sysconfig/saslauthd that I did not create. It contains the following: # To read about how postfix uses saslauthd read this: # /usr/share/doc/postfix-*/README-Postfix-SASL-RedHat.txt # # To see a list of authentication mechanisms supported by saslauthd execute this command # /usr/sbin/saslauthd -v # # Default to pam MECH=pam Maybe this is another postfix change.... When I installed FC1, I usually install everything. It saves having to find something when I need it. Should I set the entry in Sendmail.conf to pwcheck_method:saslauthd. Then change the /etc/sysconfig/saslauthd to use shadow? Maybe, I'm a little confused how this is suppose to work properly..... <<--snip-->> | | I don't know what you did, but it sounds not proper. The cacert is | something very different then the client certificates as ipop3d.pem. | Maybe should post you a brief description of the necessary steps. | The ipop3d.pem is needed for the server to authenticate with the client when connecting. The client then imports this certificate into its database of accepted certs. The ipop3d.pem is a server cert that identifies (in my case the server: beta.support.intcomgrp.com on IP 192.168.10.20). <<--snip-->> | One last note: The default setting in sendmail.mc is not to force | STARTTLS being active for PLAIN and LOGIN AUTH. If you did not already | change that, then change that to allow LOGIN and PLAIN only after | STARTTLS has been done: | | define(`confAUTH_OPTIONS', `A p')dnl | | Else it matters how the user configured his client, if he did activate | SSL/TLS in his mail client. And you know, never trust the user. Already done... although I've even seen one setup on the web that suggests `A p y'. <<--snip-->> Thanks, James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA9u0Bc7lFLjBWKW0RAnU5AKCSl4IBBrSwgt+lgAMg0mL8qFmOGgCfd94B jZBbx2NrJnUkLxexDt83wyg= =+5zx -----END PGP SIGNATURE-----
