Date: Sun, 11 Mar 2018 20:15:37 +0100 From: Matthias Apitz <guru@unixarea.de> To: freebsd-questions@freebsd.org Subject: Re: difficulty installing sendmail+tls+sasl2 package Message-ID: <20180311191537.GA2197@c720-r314251> In-Reply-To: <CAFsnNZ%2B4Ww2Fb_DTQaCT4F=TUhLf--DymY4J0y4yVeD2NUg97w@mail.gmail.com> References: <CAFsnNZ%2B4Ww2Fb_DTQaCT4F=TUhLf--DymY4J0y4yVeD2NUg97w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is what I (always on any update) run to get sendmail working with SASL; and note: regarding your last question about imap and smartphones: this has nothing todo with running sendmail as an outbound server. HIH matthias $Id: sendmail.txt,v 1.5 2017/03/07 16:37:50 guru Exp $ how to enable AUTH in SMTP (required since 2010 for my outbound mail): we need the follwing ports and a recompiled 'sendmail' with some config; details are described here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html - install port security/cyrus-sasl2 - config line in /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd - install port security/cyrus-sasl2-saslauthd, - edit /etc/rc.conf: saslauthd_enable="YES" - restart daemon with # /usr/local/etc/rc.d/saslauthd start - recompile sendmail with /etc/make.conf set to SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # cd /usr/src/lib/libsmutil # make cleandir && make obj && make # cd /usr/src/lib/libsm # make cleandir && make obj && make # cd /usr/src/usr.sbin/sendmail # make cleandir && make obj && make && make install - configure sendmail with the lines in /etc/mail/current.Sisis.de.mc: # added by guru # define(`SMART_HOST', `smtp.1blu.de')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`masquerade_envelope') FEATURE(`accept_unresolvable_domains') FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl # MAILER(local) MAILER(smtp) # added by guru # MASQUERADE_AS(`unixarea.de') # dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl # # end of adds - run make and move the config as: # mv current.Sisis.de.cf sendmail.cf # mv current.Sisis.de.submit.cf submit.cf # /etc/rc.d/sendmail onerestart AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html - config AUTH in (create) /etc/mail/auth/client-info as: AuthInfo:smtp.1blu.de "U:root" "I:w51XXXXXXXXXX" "P:XXXXXXXXXXXXX" see: http://www.sendmail.org/documentation/configurationReadme The RHS for an AuthInfo: entry in the access map should consists of a list of tokens, each of which has the form: "TDstring" (including the quotes). T is a tag which describes the item, D is a delimiter, either ':' for simple text or '=' for a base64 encoded string. Valid values for the tag are: U user (authorization) id I authentication id P password R realm M list of mechanisms delimited by spaces - build the database # cd /etc/mail/auth # makemap hash client-info < client-info # chmod 0600 client-info all should be fine now; - to test SSL: # /etc/rc.d/sendmail restart # printf "To: guru@unixarea.de\nSubject: r314251 test\n\ntest\n" | /usr/sbin/sendmail -t # tail -f /var/log/maillog Oct 5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Oct 5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=<guru@unixarea.de>, ctladdr=<guru@unixarea.DDR.dd> (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu) -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180311191537.GA2197>