Tag Archives: sasl

Sendmail as a SMTP-AUTH client on FreeBSD

This post describes the configuration of Sendmail to use SMTP-AUTH when connecting to a remote MTA to send messages. Such a configuration would be needed in case you have a dynamic ip and your ISP relays the messages for you, but they require authentication. This is not a post about how to set your mta to authenticate users and to relay for them. This will show you how to set it to authenticate itself to other mta that will relay messages for you.

Sendmail comes installed by default on a clean FreeBSD 6.2 system, but is has no support for SMTP authentication using SASL by default, so it needs to be recompiled.

Install Cyrus SASL

You can compile cyrus-sasl2 lib from ports (if you need to set some special options ) or install it as a package:

  1.  

Or just install it from packages with:

  1.  

Recompile Sendmail

First you need to make sure you set the compile flags so that Sendmail uses cyrus-sasl2:

  1. span style="color: #ff0000;">"
  2. SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
  3. SENDMAIL_LDFLAGS=-L/usr/local/lib
  4. SENDMAIL_LDADD=-lsasl2
  5. "

and then just recompile it and install:

  1.  

Configure Sendmail

Make sure you have the right mc files. Go to /etc/mail and type: make all install . This will create a .mc file named [your_hostname].mc .
Edit that file, look for a line like “define(`SMART_HOST', `your.isp.....” and replace your.isp with the host that will relay messages for you. After that line add the following lines:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

Note: In case your ISP's MTA does not accept connections on port 25, but another port you can tell sendmail to connect on that port by using something like the following line:

define(`RELAY_MAILER_ARGS', `IPC $h 587')dnl

where 587 is the port where your ips accepts connections for smtp relay.

Now you have to regenerate the .cf file. Type make all install in /etc/mail and you should have everything set in sendmail.cf .
All that's left to do is to create the file that will hold the information about the username and password to use when authenticating to your ISP's MTA : /etc/mail/auth/client-info :

  1. span style="color: #ff0000;">'
  2. AuthInfo:[YOUR.ISP.MTA.HOST] "U:root" "I:[YOUR_USERNAME]" "P:[YOUR_PASSWORD]"
  3. '

Now you can start/restart sendmail and everything should be ok.