Sendmail as a SMTP-AUTH client on FreeBSD

This post describes the configuration of Sendmail to use SMTP-AUTH when connecting to a remote MTA to send messages. Such a configuration would be needed in case you have a dynamic ip and your ISP relays the messages for you, but they require authentication. This is not a post about how to set your mta to authenticate users and to relay for them. This will show you how to set it to authenticate itself to other mta that will relay messages for you.

Sendmail comes installed by default on a clean FreeBSD 6.2 system, but is has no support for SMTP authentication using SASL by default, so it needs to be recompiled.

Install Cyrus SASL

You can compile cyrus-sasl2 lib from ports (if you need to set some special options ) or install it as a package:

  1. cd /usr/ports/security/cyrus-sasl2
  2. make install clea

Or just install it from packages with:

  1. pkg_add -r cyrus-sasl2

Recompile Sendmail

First you need to make sure you set the compile flags so that Sendmail uses cyrus-sasl2:

  1.  
  2. echo "
  3. SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
  4. SENDMAIL_LDFLAGS=-L/usr/local/lib
  5. SENDMAIL_LDADD=-lsasl2
  6. " >> /etc/make.conf
  7.  

and then just recompile it and install:

  1. cd /usr/src/usr.sbin/sendmail
  2. make clean
  3. make depend
  4. make
  5. make install

Configure Sendmail

Make sure you have the right mc files. Go to /etc/mail and type: make all install . This will create a .mc file named [your_hostname].mc .
Edit that file, look for a line like “define(`SMART_HOST', `your.isp.....” and replace your.isp with the host that will relay messages for you. After that line add the following lines:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

Note: In case your ISP's MTA does not accept connections on port 25, but another port you can tell sendmail to connect on that port by using something like the following line:

define(`RELAY_MAILER_ARGS', `IPC $h 587')dnl

where 587 is the port where your ips accepts connections for smtp relay.

Now you have to regenerate the .cf file. Type make all install in /etc/mail and you should have everything set in sendmail.cf .
All that's left to do is to create the file that will hold the information about the username and password to use when authenticating to your ISP's MTA : /etc/mail/auth/client-info :

  1.  
  2. mkdir /etc/mail/auth
  3. chmod 700 /etc/mail/auth
  4. cd /etc/mail/auth
  5. echo '
  6. AuthInfo:[YOUR.ISP.MTA.HOST] "U:root" "I:[YOUR_USERNAME]" "P:[YOUR_PASSWORD]"
  7. ' > client-info
  8. makemap hash client-info < client-info

Now you can start/restart sendmail and everything should be ok.

One thought on “Sendmail as a SMTP-AUTH client on FreeBSD

  1. for the compilation to work (for freebsd 7.0-release), i had to use the information from
    http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2007-08/msg02198.html
    and
    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html

    to find out, that the line
    SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
    has to be changed to
    SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL

    in /etc/make.conf
    i also set the environment variable MAKEOBJDIRPREFIX to /usr/obj and performed the cleansing as described in the first link, but I really think that the make.conf line was the important part.

Leave a Reply