Re: Setting up automounts, milters, IPv6, etc.
From: Alexander Dalloz (ad+lists_at_uni-x.org)
To: For users of Fedora Core releases <email@example.com> Date: Tue, 27 Sep 2005 21:22:24 +0200
Am Di, den 27.09.2005 schrieb Philip Prindeville um 20:40:
> I was hoping to get some pointers on how to do the following sysadmin
> * I'm running sendmail+cyrus, and I'd like to configure a milter with
> some simple
> rules (for instance, don't accept email from sites that don't have
You better don't implement that because you would reject much too much
http://www.cs.niu.edu/~rickert/cf/ -> HACK(`require_rdns')
"I don't recommend this. The amount of collateral damage is
excessive." (Neil W. Rickert) [You know who Neil is? Co-author of the
What you can consider is to let influence a missing reverse DNS or even
bogus DNS entries (MX pointing to 127.0.0.1) for spam rating, not blind
rejection. I recommend to have a close look at MimeDefang
www.mimedefang.org. It is highly adjustable just with little Perl
An example: http://www.mimedefang.org/kwiki/index.cgi?CheckForMX
> * I'd also like to set up autofs, but it seems to be failing... I tried
> to set up an example
> /home mountpoint like the auto.master man page suggests, but they
> don't give an
> example of what /etc/auto.home would look like (and just coping
> auto.net into it
> doesn't work). Suggestions?
> * I tried to edit /etc/sysconfig/network to have "NETWORK_IPV6=no" but
> it still
> wants to bring up IPV6 networking anyway:
> eth0 Link encap:Ethernet HWaddr 00:11:09:04:D5:2A
> inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
> inet6 addr: fe80::211:9ff:fe04:d52a/64 Scope:Link
> is this a bug? What am I missing?
Add to /etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off
> * Lastly, when I start up my mail UA, it complains about the certificate
> coming from
> the host being signed localhost.localdomain... Is there a
> walk-through on how to set
> up the various certificates required for using SSL/TLS for sending
> email from a
> client? How do I set up certificates for individual users, for instance?
There are a lot of info to be found by a google search for example for
"openssl create self-signed certificates". Fedora ships the CA script
and CA.pl (openssl-perl).
> /var/log/messages.1:Sep 19 19:30:30 mail sendmail: unable to open
> Berkeley db /etc/sasldb2: No such file or directory
You offer MD5 mech which is not configured.
> Sep 27 12:29:30 mail sendmail: NOQUEUE: connect from [192.168.1.5]
> Sep 27 12:29:30 mail sendmail: AUTH: available mech=DIGEST-MD5
> ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
> LOGIN PLAIN
> Sep 27 12:29:30 mail sendmail: j8RITUIv005896: Milter: no active
> Sep 27 12:29:30 mail sendmail: STARTTLS=server,
> relay=[192.168.1.5], version=TLSv1/SSLv3, verify=NO,
> cipher=DHE-RSA-AES256-SHA, bits=256/256
> Sep 27 12:29:30 mail sendmail: STARTTLS=server, cert-subject=,
> cert-issuer=, verifymsg=ok
> Sep 27 12:29:30 mail sendmail: AUTH: available mech=LOGIN
> DIGEST-MD5 PLAIN ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI
> DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> Sep 27 12:29:31 mail sendmail: j8RITUIw005896: AUTH failure
> (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in
Your client uses CRAM-MD5 as your Sendmail setup offers that mech, but
you have not configured your server to provide that. So it must fail.
> Sep 27 12:29:31 mail sendmail: AUTH=server, relay=[192.168.1.5],
> authid=philipp, mech=PLAIN, bits=0
> Sep 27 12:29:31 mail sendmail: j8RITUIw005896:
> from=<firstname.lastname@example.org>, size=72799, class=0, nrcpts=1,
> msgid=<43398F8A.email@example.com>, proto=ESMTP,
> daemon=MTA-v4, relay=[192.168.1.5]
Fallback to mech PLAIN, which I guess succeeds.
> similarly, I can't send email using SSL when connecting to my
> sendmail server...
> (but TLS seems to work).
SSL is something different than (START)TLS in this context. Is that
above a question or statement?
> * Ditto for Cyrus. I can't use secure authentication:
> Sep 27 12:38:42 mail imaps: starttls: TLSv1 with cipher AES256-SHA
> (256/256 bits reused) no authentication
Too few information. We can't know what you changed from default setup.
Use "imtest" for testing and adjusting your setup.
> I'm using Thunderbird, if that makes any difference.
Yes, Thunderbird can use MD5, while other popular MUAs can only speak
PLAIN or LOGIN (Outlook, OE).
-- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 21:00:34 up 7 days, 4:46, load average: 0.65, 0.29, 0.21
-- fedora-list mailing list firstname.lastname@example.org To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- application/pgp-signature attachment: Dies ist ein digital signierter Nachrichtenteil