SMTP AUTH for Sendmail
Standard installation of FreeBSD include Sendmail. However this Sendmail version is not ready for SMTP_AUTH usage. This page logs enabling SMTP_AUTH for Sendmail.
- Update the ports tree
cvsup -g -L 2 /root/ports-supfile
- Update the source tree
cvsup -g -L 2 /root/secure-supfile
- Make install Cyrus SASL port from /usr/ports/security/cyrus-sasl2
- Review /usr/ports/security/cyrus-sasl2/files/Sendmail.README
- Add the following lines to /etc/make.conf
SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2
Build and install Sendmail
The compile of sendmail should not have any problems if /usr/src has not been changed extensively and the shared libraries it needs are available.
cd /usr/src/usr.sbin/sendmail make cleandir make obj make make install
It is possible that the build and install of just Sendmail will fail. In this case, you will need to build and install world.
Assumption: Sendmail 8.12 or later
- Create a file a file to store your client authorization information.
mkdir /etc/mail/auth touch /etc/mail/client-info echo 'AuthInfo:smtp.server "U:root" "I:user" "P:pass"' >> /etc/mail/client-info
The smpt.server should be the mail server you connect to and I: and P: should be your connection username and password. U set to root usually works fine as this is the system user that Sendmail runs under.
- Hash the client-info file and protect the password.
cd /etc/mail/auth makemap hash client-info < client-info chmod -R 600 /etc/mail/auth
- Edit your sendmail.mc file. Please backup your originals before proceding. Many of these lines may already exist in your mc file and just need to be verified and have the leading dnl removed. Use you favorite text editor in place of edit.
cd /etc/mail cp freebsd.mc freebsd.mc.OLD cp sendmail.cf sendmail.cf.OLD edit freebsd.mc # Note: Leading ` is different from trailing ' define(`SMART_HOST',`smtp.server')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl end edit
- Generate the sendmail.cf
m4 /usr/share/sendmail/cf/m4/cf.m4 freebsd.mc > sendmail.cf
- Restart Sendmail
- Test your configuration
- FreeBSD Handbook - Using CVSup
- Keeping FreeBSD Up-To-Date: A Security Odyssey
- FreeBSD Handbook - Rebuilding “world”
- FreeBSD Handbook - SMTP Authentication
- Sendmail.org - SMTP AUTH in sendmail
--Gary 00:03, 11 Aug 2005 (CDT)