Sendmail with SMTP AUTH
Introduction
This document explain how to install sendmail with Cyrus SASL (Simple Authentication and Security Layer) to use SMTP AUTH.
Installation
Prerequisites
You should have a basic knowledge
of UNIX.
The server should allow incoming
connections to the SMTP service which will be listening on TCP port 25.
Installing Cyrus SASL
Download the Cyrus SASL2 source code from the Cyrus ftp site.
- Extract the files from the downloaded file (cyrus-sasl-2.1.21.tar.gz for example).
- Change the current directory to where the SASL2 source code was extracted.
- Enter the following command:
./configure --enable-cram --enable-digest --enable-plain --enable-login \
--disable-krb4 --disable-gssapi --without-saslauthd
make
make install
- The SASL2 library and plugins are now installed. The next step is to configure SASL2 for sendmail.
Configuring SASL
- Enter the following commands:
echo "pwcheck_method: auxprop" > /usr/lib/sasl2/Sendmail.conf
echo "auxprop_plugin: sasldb" >> /usr/lib/sasl2/Sendmail.conf
- Create the SASL user and set the password in the /etc/sasldb file with the following command:
saslpasswd username
- You will be prompted to enter the user's password
- You can get a list of SASL users by typing the following command:
sasldblistusers
Installing sendmail
Download the sendmail source code
from the Sendmail website.
- Extract the files from the downloaded
file.
- Change the current directory to
where the sendmail source code was extracted.
- Create a site.config.m4 file in devtools/Site and add the following entries:
APPENDDEF(`confENVDEF', `-DSASL=20121')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`confINCDIRS', `-I/usr/local/include')
note: The number 20121 is derived from the version of the SASL2 library. If you are using cyrus-sasl-2.1.10, the number would be 20110.
- Enter the following command:
sh Build
- If there are no errors, you may
continue with the installation.
- If you are installing sendmail
8.12.x
or 8.13.x
- Verify whether you have a
user smmsp. Create the user if it does not exist. The user should
not be assigned a login shell.
- Verify whether you have a
group called smmsp.
- Enter the following command:
sh Build install
The sendmail binary is now installed.
The next step is to configure sendmail.
Configuring sendmail
The main configuration file for sendmail in the /etc/mail/sendmail.cf. Starting with version 8.12, sendmail uses the /etc/mail/submit.cf configuration file for mail submission. The .cf files are complex to understand. It is recommended that you create a .mc configuration file and use the M4 (macro processor) to generate the .cf file.
There are some sample .mc configuration files in the cf/cf/ directory of the sendmail source code. Alternatively, you can use one of the sample configuration files available from this website . You should edit the .mc file with a UNIX text editor such as vi .
- Change the current directory to cf/cf directory.
- Copy your .mc configuration file to the current directory as sendmail.mc .
- Modify the sendmail.mc and add the following entries after the DOMAIN(generic)dnl entry:
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
- Add the following entries after the MAILER lines of your sendmail.mc :
LOCAL_CONFIG
ESASL_PATH=/usr/local/lib/sasl2
- To generate the sendmail.cf, enter the following command:
sh Build sendmail.cf
- To install the sendmail.cf as /etc/mail/sendmail.cf and submit.cf as /etc/mail/submit.cf, enter the following command:
sh Build install-cf
If you already have sendmail installed and configured, you can generate a new sendmail.cf file by using the following command:
m4 path_to/m4/cf.m4 config.mc > sendmail.cf
The directory for the sendmail cf/cf.m4 file depends on the operating system you are using. You can find more information here.
You can now start sendmail.
Verifying whether sendmail is running with SMTP AUTH enabled
You can verify whether sendmail is running by running the following command:
telnet localhost 25
You will see the sendmail banner which shows the version of sendmail you are using.
Type ehlo localhost
You should see a line with the following:
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
Type quit to exit and return to the shell.
Feedback
If you have any
comments, you can contact the author here.
http://www.elandsys.com/resources/sendmail/smtpauth.html