PatchLog

Sendmail as a SMTP-AUTH client on FreeBSD

Thanks for visiting! If you're new here, you may want to subscribe to my RSS feed. This blog posts regular information about web development, unix/linux, How-tos and patches. Go ahead, subscribe to my feed! You can also receive updates via email, instant messenger, skype or tweeter.

This post describes the configuration of Sendmail to use SMTP-AUTH when connecting to a remote MTA to send messages. Such a configuration would be needed in case you have a dynamic ip and your ISP relays the messages for you, but they require authentication. This is not a post about how to set your mta to authenticate users and to relay for them. This will show you how to set it to authenticate itself to other mta that will relay messages for you.

Sendmail comes installed by default on a clean FreeBSD 6.2 system, but is has no support for SMTP authentication using SASL by default, so it needs to be recompiled.

Install Cyrus SASL

You can compile cyrus-sasl2 lib from ports (if you need to set some special options ) or install it as a package:

cd /usr/ports/security/cyrus-sasl2
make install clea

Or just install it from packages with:

pkg_add -r cyrus-sasl2

Recompile Sendmail

First you need to make sure you set the compile flags so that Sendmail uses cyrus-sasl2:

 
echo "
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
"    >>    /etc/make.conf

and then just recompile it and install:

cd  /usr/src/usr.sbin/sendmail
make clean
make depend
make
make install

Configure Sendmail

Make sure you have the right mc files. Go to /etc/mail and type: make all install . This will create a .mc file named [your_hostname].mc .
Edit that file, look for a line like “define(`SMART_HOST', `your.isp.....” and replace your.isp with the host that will relay messages for you. After that line add the following lines:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

Note: In case your ISP's MTA does not accept connections on port 25, but another port you can tell sendmail to connect on that port by using something like the following line:

define(`RELAY_MAILER_ARGS', `IPC $h 587')dnl

where 587 is the port where your ips accepts connections for smtp relay.

Now you have to regenerate the .cf file. Type make all install in /etc/mail and you should have everything set in sendmail.cf .
All that's left to do is to create the file that will hold the information about the username and password to use when authenticating to your ISP's MTA : /etc/mail/auth/client-info :

 
mkdir /etc/mail/auth
chmod 700 /etc/mail/auth
cd /etc/mail/auth
echo '
AuthInfo:[YOUR.ISP.MTA.HOST] "U:root" "I:[YOUR_USERNAME]" "P:[YOUR_PASSWORD]"
'   >   client-info
makemap hash client-info   < client-info

Now you can start/restart sendmail and everything should be ok.

If you enjoyed this post, you should subscribe to my full RSS Feeds

This entry was posted on Thursday, September 13th, 2007 at 7:50 am and is filed under freebsd. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Viewing 1 Comment

harri fischer 8 months ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

for the compilation to work (for freebsd 7.0-release), i had to use the information from
http://unix.derkeiler.com/Mailing-Lists/FreeBSD...
and
http://www.freebsd.org/doc/en_US.ISO8859-1/book...

to find out, that the line
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
has to be changed to
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL

in /etc/make.conf
i also set the environment variable MAKEOBJDIRPREFIX to /usr/obj and performed the cleansing as described in the first link, but I really think that the make.conf line was the important part.

reply edit reblog flag