Minor cleanups while I'm looking at the page
[ikiwiki.git] / docs / handbook / handbook-smtp-auth.mdwn
CommitLineData
558fd63b
P
1## 20.10 SMTP Authentication
2
3
4
5***Written by James Gorham. ***
6
7
8
9Having SMTP Authentication in place on your mail server has a number of benefits. SMTP Authentication can add another layer of security to **sendmail** , and has the benefit of giving mobile users who switch hosts the ability to use the same mail server without the need to reconfigure their mail client settings each time.
10
11
12
13 1. Install [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) from the ports. You can find this port in [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl). [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) has a number of compile time options to choose from and, for the method we will be using here, make sure to select the `pwcheck` option.
14
58b36c8b 15 1. After installing [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl), edit `/usr/pkg/lib/sasl2/Sendmail.conf` (or create it if it does not exist) and add the following line:
558fd63b
P
16
17
18
19 pwcheck_method: passwd
20
21
22
23 This method will enable **sendmail** to authenticate against your DragonFly `passwd` database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same.
24
25 1. Now edit `/etc/make.conf` and add the following lines:
26
27 SENDMAIL_CFLAGS=-I/usr/pkg/include/sasl -DSASL
28 SENDMAIL_LDFLAGS=-L/usr/pkg/lib
29 SENDMAIL_LDADD=-lsasl2
30
31 These lines will give **sendmail** the proper configuration options for linking to [`cyrus-sasl`](http://pkgsrc.se/cyrus-sasl) at compile time. Make sure that [`cyrus-sasl`](http://pkgsrc.se/cyrus-sasl) has been installed before recompiling **sendmail** .
32
33 1. Recompile **sendmail** by executing the following commands:
34
35
36
37 # cd /usr/src/usr.sbin/sendmail
38 # make cleandir
39 # make obj
40 # make
41 # make install
42
43
44
45 The compile of **sendmail** should not have any problems if `/usr/src` has not been changed extensively and the shared libraries it needs are available.
46
47 1. After **sendmail** has been compiled and reinstalled, edit your `/etc/mail/freebsd.mc` file (or whichever file you use as your `.mc` file. Many administrators choose to use the output from [hostname(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#hostname&section1) as the `.mc` file for uniqueness). Add these lines to it:
48
49
50
51 dnl set SASL options
558fd63b 52 TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
558fd63b 53 define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
558fd63b
P
54 define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
55
56
57
58b36c8b 58These options configure the different methods available to **sendmail** for authenticating users. If you would like to use a method other than **pwcheck** , please see the included documentation.
558fd63b 59
58b36c8b 60Finally, run [make(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#make&section1) while in `/etc/mail`. That will run your new `.mc` file and create a `.cf` file named `freebsd.cf` (or whatever name you have used for your `.mc` file). Then use the command `make install restart`, which will copy the file to `sendmail.cf`, and will properly restart **sendmail** . For more information about this process, you should refer to `/etc/mail/Makefile`.
558fd63b
P
61
62
63
64If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the `LogLevel` of **sendmail** to 13 and watch `/var/log/maillog` for any errors.
65
66
67
68You may wish to add the following lines to `/etc/rc.conf` so this service will be available after every system boot:
69
558fd63b 70 sasl_pwcheck_enable="YES"
558fd63b
P
71 sasl_pwcheck_program="/usr/local/sbin/pwcheck"
72
558fd63b
P
73This will ensure the initialization of SMTP_AUTH upon system boot.
74
558fd63b
P
75For more information, please see the **sendmail** page regarding [SMTP authentication](http://www.sendmail.org/~ca/email/auth.html).
76
77
78
558fd63b
P
79CategoryHandbook
80
81CategoryHandbook-email
82