Unmemorable Memories

It is widely accepted fact that in the business world, it’s not what you know that will get you rising to the top. More often than not, it’s who you know that will get you there.

The same thing is true about the spiritual realm. It’s not what you know, it’s who you know. We can know all we could about the Bible, Jesus Christ, the nature of God, biblical Prophecies, and so on… But if we do not know Jesus, all this knowledge is not going to get us anywhere.

And what’s more important than knowing Jesus, is Jesus knowing you! Why do I say that? In the parable of the ten virgins in Matthew 25:1-12, the bridegroom (which represent’s Jesus) denies the five foolish virgins entrance into the wedding feast by saying, “I do not know you.” So in the end, when Jesus comes, and takes his people home, only those whom he knows will go home with him.

Many claim that they know Jesus. But according to Matthew 7:21, ““Not everyone who says to Me, ‘Lord, Lord,’ shall enter the kingdom of heaven, but he who does the will of My Father in heaven.”

How can you ensure that Jesus will in the end say “I know you”? By having a genuine friendship relationship with him. This is a relationship that must encompass all aspects of your life. And when you have this kind of close relationship with him, your whole life will be transformed. You cannot have a relationship with Christ without being transformed. If you don’t experience transformation, then your relationship with Him is dead. Your relationship with Christ will transform you so that in all aspects of your life, Christ will be in control. Your dealings with everyone will be controlled by Christ. Your thoughts, your words, your actions, will all be controlled by Jesus.

In the end, when Jesus comes to take home his own, will he say to you, “depart from me for I do not know you” or will he say, “I know you, you are my child. Come join me in my kingdom”?

-- Posted in Bible, Religion and Philosophy

Introduction
SMTP Athentication (SMTP-AUTH) is a feature that allows one to have an SMTP server that can be used by authorized parties on the internet. The idea is to allow only authorized users to use the SMTP server as a relay. Users that have not authenticated themselves may only use the SMTP server to deliver mail to domains managed by that SMTP server. They cannot use it to relay to other domains.

This document describes how to enable SMTP-AUTH with Sendmail on Debian 3.1.
SMTP Authentication uses SASL and TLS. Debian comes with a version of sendmail that has TLS and SASL support. It also comes with SASLv2. One would naturally expect that since all the pieces are there, it should work right out of the box. Well it doesn’t. The reason is that there are SASL plugins that are missing from Debian 3.1

Pre-requisites
There are a few packages that are required for this

1. sendmail
2. sendmail-base
3. sendmail-bin
4. sendmail-cf
5. sendmail-doc
6. sasl2-bin
7. libsasl2-modules
8. libssl0.9.7
9. openssl

Configure SASL for sendmail

echo “pwcheck_method: saslauthd” > /usr/lib/sasl2/Sendmail.conf
echo “mech_list: EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN” >> /usr/lib/sasl2/Sendmail.conf

mkdir -p /var/run/saslauthd

Create the OpenSSL certificates

mkdir -p /etc/mail/certs
cd /etc/mail/certs
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 365

: Enter your password for smtpd.key.
: Enter your Country Name (e.g., “DE”).
: Enter your State or Province Name.
: Enter your City.
: Enter your Organization Name (e.g., the name of your company).
: Enter your Organizational Unit Name (e.g. “IT Department”).
: Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
: Enter your Email Address.

openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 365

: Enter your Country Name (e.g., “DE”).
: Enter your State or Province Name.
: Enter your City.
: Enter your Organization Name (e.g., the name of your company).
: Enter your Organizational Unit Name (e.g. “IT Department”).
: Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
: Enter your Email Address.

openssl x509 -noout -text -in sendmail.pem
chmod 600 ./sendmail.pem

Configure Sendmail

1. Create the SASL sendmail configuration file

mkdir -p /etc/mail/sasl (if it doesn’t already exist)

Create /etc/mail/sasl/sasl.m4 with the following contents

dnl ### do SMTPAUTH
define(`confAUTH_MECHANISMS’, `LOGIN PLAIN DIGEST-MD5 CRAM-MD5′)dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5′)dnl

2. Configure the TLS settings for Sendmail
edit /etc/mail/tls/starttls.m4
look in the file for the following settings and change them as follows:

define(`confCACERT_PATH’, `/etc/mail/certs’)dnl
define(`confCACERT’, `/etc/mail/certs/cacert.pem’)dnl
define(`confSERVER_CERT’, `/etc/mail/certs/sendmail.pem’)dnl
define(`confSERVER_KEY’, `/etc/mail/certs/sendmail.pem’)dnl
define(`confCLIENT_CERT’, `/etc/mail/certs/sendmail.pem’)dnl
define(`confCLIENT_KEY’, `/etc/mail/certs/sendmail.pem’)dnl

3. Configure main sendmail config file
edit /etc/mail/sendmail.mc
ensure that the following lines are in the file (after the first include)

include(`/etc/mail/tls/starttls.m4′)dnl
include(`/etc/mail/sasl/sasl.m4′)dnl

4. Rebuild the sendmail configuration

cd /etc/mail
make

5. modfy /etc/default/saslauthd to ensure that saslauthd will run at startup

Ucomment the “#START=yes” line from that file by removing the ‘#’ mark.

6. Start saslauthd

/etc/init.d/saslauthd start

7. restart sendmail.

/etc/init.d/sendmail reload

SMTP-AUTH test

telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 localhost ESMTP Sendmail 8.13.4/8.13.4/Debian-3; Thu, 23 Feb 2006 11:33:14 -0500; (No UCE/UBE) logging access from: localhost(OK)-root@localhost 127.0.0.1
ehlo localhost
250-localhost Hello root@localhost 127.0.0.1, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP

if you see the 250-AUTH line then all is well.

To test the authentication
References

1. http://howtoforge.com/howto_sendmail_smtp_auth_tls

-- Posted in Geeks Paradise

February is almost over, and I don’t have a blog entry…. must write one… oh wait, I just did!

-- Posted in Uncategorized