Re: Setting up automounts, milters, IPv6, etc.

From: Alexander Dalloz (
Date: 09/27/05

  • Next message: Josh Coffman: "Re: kernel 2.6.12-1.1456_FC4 problems"
    To: For users of Fedora Core releases <>
    Date: Tue, 27 Sep 2005 21:22:24 +0200

    Am Di, den 27.09.2005 schrieb Philip Prindeville um 20:40:

    > I was hoping to get some pointers on how to do the following sysadmin
    > chores:
    > * I'm running sendmail+cyrus, and I'd like to configure a milter with
    > some simple
    > rules (for instance, don't accept email from sites that don't have
    > records)

    You better don't implement that because you would reject much too much
    false positives. -> HACK(`require_rdns')
       "I don't recommend this. The amount of collateral damage is
    excessive." (Neil W. Rickert) [You know who Neil is? Co-author of the
    bat book.]

    What you can consider is to let influence a missing reverse DNS or even
    bogus DNS entries (MX pointing to for spam rating, not blind
    rejection. I recommend to have a close look at MimeDefang It is highly adjustable just with little Perl
    An example:

    > * I'd also like to set up autofs, but it seems to be failing... I tried
    > to set up an example
    > /home mountpoint like the auto.master man page suggests, but they
    > don't give an
    > example of what /etc/auto.home would look like (and just coping
    > into it
    > doesn't work). Suggestions?

    > * I tried to edit /etc/sysconfig/network to have "NETWORK_IPV6=no" but
    > it still
    > wants to bring up IPV6 networking anyway:
    > eth0 Link encap:Ethernet HWaddr 00:11:09:04:D5:2A
    > inet addr: Bcast: Mask:
    > inet6 addr: fe80::211:9ff:fe04:d52a/64 Scope:Link

    > is this a bug? What am I missing?

    Add to /etc/modprobe.conf

    alias net-pf-10 off
    alias ipv6 off

    > * Lastly, when I start up my mail UA, it complains about the certificate
    > coming from
    > the host being signed localhost.localdomain... Is there a
    > walk-through on how to set
    > up the various certificates required for using SSL/TLS for sending
    > email from a
    > client? How do I set up certificates for individual users, for instance?

    There are a lot of info to be found by a google search for example for
    "openssl create self-signed certificates". Fedora ships the CA script
    and (openssl-perl).

    > /var/log/messages.1:Sep 19 19:30:30 mail sendmail[23081]: unable to open
    > Berkeley db /etc/sasldb2: No such file or directory

    You offer MD5 mech which is not configured.

    > Sep 27 12:29:30 mail sendmail[5896]: NOQUEUE: connect from []
    > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=DIGEST-MD5
    > Sep 27 12:29:30 mail sendmail[5896]: j8RITUIv005896: Milter: no active
    > filter
    > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server,
    > relay=[], version=TLSv1/SSLv3, verify=NO,
    > cipher=DHE-RSA-AES256-SHA, bits=256/256
    > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server, cert-subject=,
    > cert-issuer=, verifymsg=ok
    > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=LOGIN
    > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896: AUTH failure
    > (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in
    > database

    Your client uses CRAM-MD5 as your Sendmail setup offers that mech, but
    you have not configured your server to provide that. So it must fail.

    > Sep 27 12:29:31 mail sendmail[5896]: AUTH=server, relay=[],
    > authid=philipp, mech=PLAIN, bits=0
    > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896:
    > from=<>, size=72799, class=0, nrcpts=1,
    > msgid=<>, proto=ESMTP,
    > daemon=MTA-v4, relay=[]

    Fallback to mech PLAIN, which I guess succeeds.

    > similarly, I can't send email using SSL when connecting to my
    > sendmail server...
    > (but TLS seems to work).

    SSL is something different than (START)TLS in this context. Is that
    above a question or statement?

    > * Ditto for Cyrus. I can't use secure authentication:
    > Sep 27 12:38:42 mail imaps[5986]: starttls: TLSv1 with cipher AES256-SHA
    > (256/256 bits reused) no authentication

    Too few information. We can't know what you changed from default setup.
    Use "imtest" for testing and adjusting your setup.

    > I'm using Thunderbird, if that makes any difference.

    Yes, Thunderbird can use MD5, while other popular MUAs can only speak
    PLAIN or LOGIN (Outlook, OE).

    > -Philip


    Alexander Dalloz | Enger, Germany | GPG 0xB366A773
    legal statement:
    Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
    Serendipity 21:00:34 up 7 days, 4:46, load average: 0.65, 0.29, 0.21 


    fedora-list mailing list
    To unsubscribe:

  • Next message: Josh Coffman: "Re: kernel 2.6.12-1.1456_FC4 problems"

    Relevant Pages

    • Re: Fork bombing a Linux machine as a non-root user
      ... Hello All and thanks Jeff, Gene, Arthur, ... This is my setup and how can i protect this home PC from unauthorised ... Fedora core 1) and another for Windows. ... Gene, where to find resources for statefull filtering by blocking ...
    • RE: VNC (Virtual Network Computing) question
      ... I have a Red Hat 9 and Fedora machine setup with ... The Red Hat machine has tightvnc, ... .vnc/xstartup file for the fedora to get it to work as a full session. ...
    • Re: Powerful and Stable PC Configuration for Linux (Fedora)
      ... > The integrated Lan on this mobo is a gigabit lan... ... > a generic nic to install fedora over nfs). ... >>I'd go for a RAID setup of multiple IDE drives. ...
    • Re: Auto-Send an email daily
      ... I would like to setup a recurrence for it. ... send multiple individual emails, html or plain text, with attachments, ... recipients list can be drawn from your Outlook Contacts, ...
    • Upgrade Server 2k - Quick Question
      ... Currently running Win2k ... server (plain, non-SBS) plus some proprietary dental practice management ... (It's a plain jane cable modem install) ... I inherited this setup several months ago and have never been comfortable ...