Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Mar 2018 20:15:37 +0100
From:      Matthias Apitz <guru@unixarea.de>
To:        freebsd-questions@freebsd.org
Subject:   Re: difficulty installing sendmail+tls+sasl2 package
Message-ID:  <20180311191537.GA2197@c720-r314251>
In-Reply-To: <CAFsnNZ+4Ww2Fb_DTQaCT4F=TUhLf--DymY4J0y4yVeD2NUg97w@mail.gmail.com>
References:  <CAFsnNZ+4Ww2Fb_DTQaCT4F=TUhLf--DymY4J0y4yVeD2NUg97w@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Here is what I (always on any update) run to get sendmail working with
SASL; and note: regarding your last question about imap and smartphones:
this has nothing todo with running sendmail as an outbound server.

HIH

	matthias


$Id: sendmail.txt,v 1.5 2017/03/07 16:37:50 guru Exp $

how to enable AUTH in SMTP (required since 2010 for my outbound mail):

we need the follwing ports and a recompiled 'sendmail' with some config;
details are described here:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html

- install port security/cyrus-sasl2

- config line in /usr/local/lib/sasl2/Sendmail.conf

  pwcheck_method: saslauthd

- install port security/cyrus-sasl2-saslauthd,

- edit /etc/rc.conf:

  saslauthd_enable="YES"

- restart daemon with

  # /usr/local/etc/rc.d/saslauthd start

- recompile sendmail with /etc/make.conf set to

  SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
  SENDMAIL_LDFLAGS=-L/usr/local/lib
  SENDMAIL_LDADD=-lsasl2

  # cd /usr/src/lib/libsmutil
  # make cleandir && make obj && make
  # cd /usr/src/lib/libsm
  # make cleandir && make obj && make
  # cd /usr/src/usr.sbin/sendmail
  # make cleandir && make obj && make && make install

- configure sendmail with the lines in /etc/mail/current.Sisis.de.mc:

  # added by guru
  # 
  define(`SMART_HOST', `smtp.1blu.de')dnl
  define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
  FEATURE(`masquerade_envelope')
  FEATURE(`accept_unresolvable_domains')
  FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
  #
  MAILER(local)
  MAILER(smtp)
  # added by guru
  #
  MASQUERADE_AS(`unixarea.de')
  #
  dnl set SASL options
  TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
  define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
  #
  # end of adds

- run make and move the config as:

  # mv current.Sisis.de.cf sendmail.cf
  # mv current.Sisis.de.submit.cf submit.cf
  # /etc/rc.d/sendmail onerestart

AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html 

- config AUTH in (create) /etc/mail/auth/client-info as:

  AuthInfo:smtp.1blu.de "U:root" "I:w51XXXXXXXXXX" "P:XXXXXXXXXXXXX"

  see: http://www.sendmail.org/documentation/configurationReadme
  The RHS for an AuthInfo: entry in the access map should consists of a
  list of tokens, each of which has the form: "TDstring" (including
  the quotes).  T is a tag which describes the item, D is a delimiter,
  either ':' for simple text or '=' for a base64 encoded string.
  Valid values for the tag are:

        U       user (authorization) id
        I       authentication id
        P       password
        R       realm
        M       list of mechanisms delimited by spaces

- build the database

  # cd /etc/mail/auth
  # makemap hash client-info < client-info
  # chmod 0600 client-info

all should be fine now;

- to test SSL:

  # /etc/rc.d/sendmail restart

  # printf "To: guru@unixarea.de\nSubject: r314251 test\n\ntest\n" | /usr/sbin/sendmail -t

  # tail -f /var/log/maillog
  Oct  5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
  Oct  5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=<guru@unixarea.de>, ctladdr=<guru@unixarea.DDR.dd> (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu)



-- 
Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/  📱 +49-176-38902045



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20180311191537.GA2197>