From Steve McKinney <sjm _at_ porter _dot_ acadaff _dot_ appstate _dot_ edu>:
(Original problem: "I can't send mail with Mozilla Mail. I can send it through pine at the console. When I click send in Mozilla the box comes up telling me it's sending the message, but the box stays up as long as I leave it there, sometimes for an hour. This worked before I tried the authentication tutorial. I am running redhat 9 and the latest version of sendmail.")
Solution: "I was able to get it working. I dug around into a few other tutorials and used them with yours to figure it out. I think the main difference is the way certificate creation was done. 'make sendmail.pem' didn't work right for this system.
/etc/mail/sendmail.cf
/etc/mail/sendmail.mc if it exists
/etc/mail/access
/etc/mail/virtusertable
/etc/aliases
sendmail -d0.1 -bvYou should see something similar to this:
Version 8.12.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = myserver
(canonical domain name) $j = myserver.mysubdomain.university.edu
(subdomain name) $m = mysubdomain.university.edu
(node name) $k = myserver.mysubdomain.university.edu
========================================================
Recipient names must be specified
Be SURE SASL and STARTTLS are in there!!! If they aren't you'll need to consult another tutorial on how to get them in. Check the links at the bottom of this tutorial.
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/usr/share/ssl/CA')
define(`confCACERT',`/usr/share/ssl/CA/cacert.pem')
define(`confSERVER_CERT',`/usr/share/ssl/CA/sendmail_c.pem')
define(`confSERVER_KEY',`/usr/share/ssl/CA/sendmail_r.pem')
make -C /etc/mail
cd /usr/share/ssl/CA(If the CA dir doesn't exist, create it)
mkdir certs crl newcerts private
echo "01" > serial
cp /dev/null index.txt
cp /usr/local/openssl/openssl.cnf.sample openssl.cnf
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnfNOTE: make the CN [Common_Name] something like 'MyServer's Certificate Authority'
openssl req -nodes -new -x509 -keyout sendmail_r.pem -out sendmail_r.pem -days 365 -config openssl.cnf
NOTE: make the CN [Common_Name] 'myserver.university.edu'
openssl x509 -x509toreq -in sendmail_r.pem -signkey sendmail_r.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out sendmail_c.pem -infiles tmp.pemNOTE: you need to create some directories / copy some files before this will work. I attempted to make this so you don't have the extra work, but it didn't work (I changed the dir in openssl.conf to . I have only tried this once and something else may have caused the error, try it if you want to).
I believe these will do it:
mkdir demoCA cp cacert.pem index.txt serial demoCA cp -r private/ demoCA/
rm -f tmp.pem
chmod 600 *.pem
cd /usr/share/ssl/certs
make imapd.pemNOTE: be sure to use the server name [like 'myserver.university.edu'] for the CN
service xinetd restart
service sendmail restart
netstat -aBe sure imaps or port 993 is listening along with port 25 (sendmail)
Load up Mozilla Mail
Go to Edit->Preferences->Mail & Newsgroups Account Settings->Server Settings
Make sure "Use Secure Connection (SSL)" is CHECKED and make sure Port is 993
Go to Outgoing Server (SMTP) and make sure port is 25, "Use name and Password" is CHECKED, and "Use Secure Connection (SSL)" is ALWAYS!!!
Test it out!
Links I found helpful:
http://www.technoids.org/wwstarttls.html
http://www.sendmail.org/~ca/email/other/cagreg.html