Date: Sat, 19 Jul 2003 18:51:42 -0500 From: Chris Boyd <cboyd@gizmopartners.com> To: freebsd-security@freebsd.org Subject: Re: ASMTP setup on 4.8 Message-ID: <F253ED5B-BA43-11D7-9685-00039375B178@gizmopartners.com> In-Reply-To: <yge65lzol3s.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to Hajimu UMEMOTO, Sergey Dorokhov and Josh Tolbert for helping me get this figured out. What follows is a very terse procedure for getting ASMTP, IMAP and POP over SSL running. --Chris See http://puresimplicity.net/~hemi/freebsd/sendmail.html for original procedures. cd /usr/ports/mail/cclient make -DWITH_SSL_AND_PLAINTEXT=yes install cd /usr/ports/mail/imap-uw make -DWITH_SSL_AND_PLAINTEXT=yes install Put these in /etc/inetd.conf imaps stream tcp nowait root /usr/local/libexec/imapd imapd pop3s stream tcp nowait root /usr/local/libexec/ipop3d ipop3d kill -HUP <inetd's PID> cd /usr/ports/security/cyrus-sasl2 make install cd /usr/ports/security/cyrus-sasl2-saslauthd/ make install Add these lines to /etc/rc.conf ########## Start SASLAUTHD and look at local passwds sasl_saslauthd_enable="YES" sasl_saslauthd_flags="-a getpwent" Add these line to /etc/make.conf # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL Build sendmail from the source tree. (Does /etc/make.conf work if building from ports?) cd /usr/src/usr.sbin/sendmail make clean make depend make (My make stopped at cc: /usr/src/usr.sbin/sendmail/../../lib/libsmutil/libsmutil.a: No such file or directory cc: /usr/src/usr.sbin/sendmail/../../lib/libsm/libsm.a: No such file or directory I remedied by doing cd ../../lib/libsmutil/ make cd /usr/src/usr.sbin/sendmail cd ../../lib/libsm make and then continuing cd /usr/src/usr.sbin/sendmail make ) make install Do the SSL cert creation. Don't forget to put the hostname in when it asks for the common name. mkdir /etc/mail/certs cd /etc/mail/certs openssl dsaparam 1024 -out dsa1024.pem openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout mykey.pem rm dsa1024.pem chmod -R 600 /etc/mail/certs/* Tell sendmail to use saslauthd to check passwords vi /usr/local/lib/sasl2/Sendmail.conf and change the line to read pwcheck_method: saslauthd Set up sendmail by editing the host's mc file and adding these just above the MAILER(local) line define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Rebuild the cf files make all install restart Probably ought to do a good reboot about now to make sure everything gets started correctly (mainly saslauthd).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F253ED5B-BA43-11D7-9685-00039375B178>