SMTP AUTH for Sendmail

From Gruff Goat Wiki

Standard installation of FreeBSD include Sendmail. However this Sendmail version is not ready for SMTP_AUTH usage. This page logs enabling SMTP_AUTH for Sendmail.

Contents 1 Preparation 2 Cyrus-SASL 3 Build and install Sendmail 4 Client Sendmail 5 Server Sendmail 6 References

Preparation

• Update the ports tree

 cvsup -g -L 2 /root/ports-supfile

• Update the source tree

 cvsup -g -L 2 /root/secure-supfile

Cyrus-SASL

• Make install Cyrus SASL port from /usr/ports/security/cyrus-sasl2
• Review /usr/ports/security/cyrus-sasl2/files/Sendmail.README
• Add the following lines to /etc/make.conf

 SENDMAIL_CFLAGS+=	-I/usr/local/include -DSASL=2
 SENDMAIL_LDFLAGS+=	-L/usr/local/lib
 SENDMAIL_LDADD+=	-lsasl2

Build and install Sendmail

The compile of sendmail should not have any problems if /usr/src has not been changed extensively and the shared libraries it needs are available.

 cd /usr/src/usr.sbin/sendmail
 make cleandir
 make obj
 make
 make install

It is possible that the build and install of just Sendmail will fail. In this case, you will need to build and install world.

Client Sendmail

Assumption: Sendmail 8.12 or later

• Create a file a file to store your client authorization information.

 mkdir /etc/mail/auth
 touch /etc/mail/client-info
 echo 'AuthInfo:smtp.server "U:root" "I:user" "P:pass"' >> /etc/mail/client-info

The smpt.server should be the mail server you connect to and I: and P: should be your connection username and password. U set to root usually works fine as this is the system user that Sendmail runs under.

• Hash the client-info file and protect the password.

 cd /etc/mail/auth
 makemap hash client-info < client-info
 chmod -R 600 /etc/mail/auth

• Edit your sendmail.mc file. Please backup your originals before proceding. Many of these lines may already exist in your mc file and just need to be verified and have the leading dnl removed. Use you favorite text editor in place of edit.

 cd /etc/mail
 cp freebsd.mc freebsd.mc.OLD
 cp sendmail.cf sendmail.cf.OLD
 edit freebsd.mc          # Note: Leading ` is different from trailing '
   define(`SMART_HOST',`smtp.server')dnl
   define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
   FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
   FEATURE(`no_default_msa')dnl
   DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl
 end edit

• Generate the sendmail.cf

 m4 /usr/share/sendmail/cf/m4/cf.m4 freebsd.mc > sendmail.cf

• Restart Sendmail

 /etc/rc.d/sendmail restart

• Test your configuration

Server Sendmail

References

• FreeBSD Handbook - Using CVSup
• Keeping FreeBSD Up-To-Date: A Security Odyssey
• FreeBSD Handbook - Rebuilding “world”
• FreeBSD Handbook - SMTP Authentication
• Sendmail.org - SMTP AUTH in sendmail

--Gary 00:03, 11 Aug 2005 (CDT)