On Thu, 2004-10-28 at 15:43, Paul Howarth wrote:
> On Thu, 2004-10-28 at 03:02, Ow Mun Heng wrote:
[snip]
...
[/snip]
> However, to answer your original question, I have my MSP send mail out
> via my MSA, not my MTA, and this is how I do it:
Why do you need to have AUTH?? Your Relay provides AUTH is it? (or I
gather it's your own MTA somewhere) Lookin at the headers, it's
goalkeeper.
GoalKeeper is TLS Enabled, and thus encrypted, but after it reaches
mx1.redhat.com, it becomes plaintext. (correct?)
[snip]
> 1. Create an AUTH user ID for the client:
>
> saslpasswd2 -a Sendmail -c -u <server-hostname> <msp-username>
> --> when prompted, enter the password
....
[/snip]
Thanks for the detail write up. Needs some digestion.
> dnl Use the MSA with AUTH
> define(`RELAY_MAILER_ARGS', `TCP $h 587')
What's $h? Hostname? port 587? That's the definition of the MSA right?
> 5. Add to sendmail.mc:
>
> LOCAL_RULESETS
> SLocal_trust_auth
> R$* $: $&{auth_authen}
> Rsmmsp $# OK
What about this in the sendmail-cf docs?
Other things don't work well with the MSP and require tweaking or
workarounds. For example, to allow for client authentication it
is not just sufficient to provide a client certificate and the
corresponding key, but it is also necessary to make the key group
(smmsp) readable and tell sendmail not to complain about that, i.e.,
define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
Additionally the MTA must trust this authentication data so the AUTH=
part will be relayed on to the next hop
Now.. The question is, does it retain it's TLS/encrypted state after leaving the MSA
or MTA? on to the next mail hop?
