From d2a82171b7b989c106f57bd1318a31c6a72cb09f Mon Sep 17 00:00:00 2001 From: justin Date: Sun, 8 Aug 2010 18:57:27 -0700 Subject: [PATCH] Adding what I learned - there are separate pkgsrc modules needed. --- docs/handbook/handbook-smtp-auth.mdwn | 42 +++++++++------------------ 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/docs/handbook/handbook-smtp-auth.mdwn b/docs/handbook/handbook-smtp-auth.mdwn index b2e8a758..c239631d 100644 --- a/docs/handbook/handbook-smtp-auth.mdwn +++ b/docs/handbook/handbook-smtp-auth.mdwn @@ -4,23 +4,17 @@ ***Written by James Gorham. *** - - Having SMTP Authentication in place on your mail server has a number of benefits. SMTP Authentication can add another layer of security to **sendmail** , and has the benefit of giving mobile users who switch hosts the ability to use the same mail server without the need to reconfigure their mail client settings each time. - 1. Install [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) from the ports. You can find this port in [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl). [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) has a number of compile time options to choose from and, for the method we will be using here, make sure to select the `pwcheck` option. - - 1. After installing [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl), edit `/usr/pkg/lib/sasl2/Sendmail.conf` (or create it if it does not exist) and add the following line: - - + 1. Install [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl) from the ports. You can find this port in [`security/cyrus-sasl`](http://pkgsrc.se/security/cyrus-sasl). Also, install [`security/cyrus-saslauthd`](http://pkgsrc.se/security/cyrus-saslauthd) and any of the security/cy2-* packages that match how you want to authenticate. In this case, [`security/cy2-login`](http://pkgsrc.se/security/cy2-login) is needed. - pwcheck_method: passwd + 1. Edit `/usr/pkg/lib/sasl2/Sendmail.conf` (or create it if it does not exist) and add the following line: - + pwcheck_method: saslauthd - This method will enable **sendmail** to authenticate against your DragonFly `passwd` database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same. +This method will enable **sendmail** to authenticate against your DragonFly `passwd` database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same. 1. Now edit `/etc/make.conf` and add the following lines: @@ -32,49 +26,39 @@ Having SMTP Authentication in place on your mail server has a number of benefits 1. Recompile **sendmail** by executing the following commands: - - # cd /usr/src/usr.sbin/sendmail # make cleandir # make obj # make # make install - +The compile of **sendmail** should not have any problems if `/usr/src` has not been changed extensively and the shared libraries it needs are available. To check if SASL was compiled in: - The compile of **sendmail** should not have any problems if `/usr/src` has not been changed extensively and the shared libraries it needs are available. + sendmail -d0.1 -bv root 1. After **sendmail** has been compiled and reinstalled, edit your `/etc/mail/freebsd.mc` file (or whichever file you use as your `.mc` file. Many administrators choose to use the output from [hostname(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#hostname§ion1) as the `.mc` file for uniqueness). Add these lines to it: - - dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl - define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl - - -These options configure the different methods available to **sendmail** for authenticating users. If you would like to use a method other than **pwcheck** , please see the included documentation. +These options configure the different methods available to **sendmail** for authenticating users. If you would like to use a method other than **saslauthd** , please see the included documentation. Finally, run [make(1)](http://leaf.dragonflybsd.org/cgi/web-man?command#make§ion1) while in `/etc/mail`. That will run your new `.mc` file and create a `.cf` file named `freebsd.cf` (or whatever name you have used for your `.mc` file). Then use the command `make install restart`, which will copy the file to `sendmail.cf`, and will properly restart **sendmail** . For more information about this process, you should refer to `/etc/mail/Makefile`. +If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the `LogLevel` of **sendmail** to 13 and watch `/var/log/maillog` for any errors. One example way to run sendmail with that higher debug level: + sendmail –O LogLevel=14 –bs -Am -If all has gone correctly, you should be able to enter your login information into the mail client and send a test message. For further investigation, set the `LogLevel` of **sendmail** to 13 and watch `/var/log/maillog` for any errors. +You may wish to add the following line to `/etc/rc.conf` so this service will be available after every system boot: - - -You may wish to add the following lines to `/etc/rc.conf` so this service will be available after every system boot: - - sasl_pwcheck_enable="YES" - sasl_pwcheck_program="/usr/local/sbin/pwcheck" + saslauthd="YES" This will ensure the initialization of SMTP_AUTH upon system boot. -For more information, please see the **sendmail** page regarding [SMTP authentication](http://www.sendmail.org/~ca/email/auth.html). - +This is enough to get started. **Using separate encryption, such as STARTTLS, is recommended.** +For more information, please see the **sendmail** page regarding [SMTP authentication](http://www.sendmail.org/~ca/email/auth.html). CategoryHandbook -- 2.41.0