difficulty installing sendmail+tls+sasl2 package
Matthias Apitz
guru at unixarea.de
Sun Mar 11 19:57:11 UTC 2018
Here is what I (always on any update) run to get sendmail working with
SASL; and note: regarding your last question about imap and smartphones:
this has nothing todo with running sendmail as an outbound server.
HIH
matthias
$Id: sendmail.txt,v 1.5 2017/03/07 16:37:50 guru Exp $
how to enable AUTH in SMTP (required since 2010 for my outbound mail):
we need the follwing ports and a recompiled 'sendmail' with some config;
details are described here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
- install port security/cyrus-sasl2
- config line in /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
- install port security/cyrus-sasl2-saslauthd,
- edit /etc/rc.conf:
saslauthd_enable="YES"
- restart daemon with
# /usr/local/etc/rc.d/saslauthd start
- recompile sendmail with /etc/make.conf set to
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install
- configure sendmail with the lines in /etc/mail/current.Sisis.de.mc:
# added by guru
#
define(`SMART_HOST', `smtp.1blu.de')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`masquerade_envelope')
FEATURE(`accept_unresolvable_domains')
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
#
MAILER(local)
MAILER(smtp)
# added by guru
#
MASQUERADE_AS(`unixarea.de')
#
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
#
# end of adds
- run make and move the config as:
# mv current.Sisis.de.cf sendmail.cf
# mv current.Sisis.de.submit.cf submit.cf
# /etc/rc.d/sendmail onerestart
AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html
- config AUTH in (create) /etc/mail/auth/client-info as:
AuthInfo:smtp.1blu.de "U:root" "I:w51XXXXXXXXXX" "P:XXXXXXXXXXXXX"
see: http://www.sendmail.org/documentation/configurationReadme
The RHS for an AuthInfo: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes). T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:
U user (authorization) id
I authentication id
P password
R realm
M list of mechanisms delimited by spaces
- build the database
# cd /etc/mail/auth
# makemap hash client-info < client-info
# chmod 0600 client-info
all should be fine now;
- to test SSL:
# /etc/rc.d/sendmail restart
# printf "To: guru at unixarea.de\nSubject: r314251 test\n\ntest\n" | /usr/sbin/sendmail -t
# tail -f /var/log/maillog
Oct 5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Oct 5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=<guru at unixarea.de>, ctladdr=<guru at unixarea.DDR.dd> (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu)
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045
More information about the freebsd-questions
mailing list