***Written by James Gorham. ***
-
-
Having SMTP Authentication in place on your mail server has a number of benefits. SMTP Authentication can add another layer of security to **sendmail** , and has the benefit of giving mobile users who switch hosts the ability to use the same mail server without the need to reconfigure their mail client settings each time.
- 1. Install [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) from the ports. You can find this port in [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl). [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) has a number of compile time options to choose from and, for the method we will be using here, make sure to select the `pwcheck` option.
-
- 1. After installing [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl), edit `/usr/pkg/lib/sasl2/Sendmail.conf` (or create it if it does not exist) and add the following line:
-
-
+ 1. Install [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) from the ports. You can find this port in [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl). Also, install [`security/cyrus-saslauthd`](http://pkgsrc.se/security/cyrus-saslauthd) and any of the security/cy2-* packages that match how you want to authenticate. In this case, [`security/cy2-login`](http://pkgsrc.se/security/cy2-login) is needed.
- pwcheck_method: passwd
+ 1. Edit `/usr/pkg/lib/sasl2/Sendmail.conf` (or create it if it does not exist) and add the following line:
-
+ pwcheck_method: saslauthd
- This method will enable **sendmail** to authenticate against your DragonFly `passwd` database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same.
+This method will enable **sendmail** to authenticate against your DragonFly `passwd` database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same.
1. Now edit `/etc/make.conf` and add the following lines:
1. Recompile **sendmail** by executing the following commands:
-
-
# cd /usr/src/usr.sbin/sendmail
# make cleandir
# make obj
# make
# make install
-
+The compile of **sendmail** should not have any problems if `/usr/src` has not been changed extensively and the shared libraries it needs are available. To check if SASL was compiled in:
- The compile of **sendmail** should not have any problems if `/usr/src` has not been changed extensively and the shared libraries it needs are available.
+ sendmail -d0.1 -bv root
1. After **sendmail** has been compiled and reinstalled, edit your `/etc/mail/freebsd.mc` file (or whichever file you use as your `.mc` file. Many administrators choose to use the output from [hostname(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#hostname§ion1) as the `.mc` file for uniqueness). Add these lines to it:
-
-
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
- define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
-
-
-These options configure the different methods available to **sendmail** for authenticating users. If you would like to use a method other than **pwcheck** , please see the included documentation.
+These options configure the different methods available to **sendmail** for authenticating users. If you would like to use a method other than **saslauthd** , please see the included documentation.
Finally, run [make(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#make§ion1) while in `/etc/mail`. That will run your new `.mc` file and create a `.cf` file named `freebsd.cf` (or whatever name you have used for your `.mc` file). Then use the command `make install restart`, which will copy the file to `sendmail.cf`, and will properly restart **sendmail** . For more information about this process, you should refer to `/etc/mail/Makefile`.
+If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the `LogLevel` of **sendmail** to 13 and watch `/var/log/maillog` for any errors. One example way to run sendmail with that higher debug level:
+ sendmail –O LogLevel=14 –bs -Am
-If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the `LogLevel` of **sendmail** to 13 and watch `/var/log/maillog` for any errors.
+You may wish to add the following line to `/etc/rc.conf` so this service will be available after every system boot:
-
-
-You may wish to add the following lines to `/etc/rc.conf` so this service will be available after every system boot:
-
- sasl_pwcheck_enable="YES"
- sasl_pwcheck_program="/usr/local/sbin/pwcheck"
+ saslauthd="YES"
This will ensure the initialization of SMTP_AUTH upon system boot.
-For more information, please see the **sendmail** page regarding [SMTP authentication](http://www.sendmail.org/~ca/email/auth.html).
-
+This is enough to get started. **Using separate encryption, such as STARTTLS, is recommended.**
+For more information, please see the **sendmail** page regarding [SMTP authentication](http://www.sendmail.org/~ca/email/auth.html).
CategoryHandbook
projects / ikiwiki.git / commitdiff