Sendmail SMTP AUTH Config Explanation
Both for my own knowledge and that of the internet, I took the time to finely document my sendmail.mc configuration file for use with SMTP AUTH to an external SMTP server. In this configuration, my local users can send mail to the rest of the internet by authenticating with my ISP’s SMTP server and send mail through it.
The following sites were extremely helpful when initially trying to configure this:
- SMTP AUTH in sendmail 8.10-8.13
- Sendmail SMTP AUTH Quick Start
- Using SMTP AUTH and STARTTLS with sendmail
- Sendmail SMTP AUTH Howto
- Setting up SMTP AUTH with sendmail and Cyrus-SASL
You can download my configuration file as it is printed below.
# The Following removes any comments placed between the two diverts. (meaning: # this is useless, but common practice.) divert(-1) divert(0) # Includes the default sendmail configuration file include(`/usr/share/sendmail-cf/m4/cf.m4') # The following three Lines are required for all sendmail configs VERSIONID(`$Id: sendmail-procmail.mc,v 1.2 2004/12/07 01:59:31 g2boojum Exp $') OSTYPE(linux) DOMAIN(generic) # Provide a separate map for client side authentication information. # This is used for SMTP authentication. My authinfo file contains one line: # AuthInfo:"I: " "P: " # See: http://www.sendmail.org/m4/smtp_auth.html FEATURE(`authinfo',`hash /etc/mail/authinfo.db') # Prevents the creation an MSA with the default options # See: http://www.sendmail.org/m4/features.html FEATURE(`no_default_msa') # Creates an MSA with new options # See: http://www.sendmail.org/m4/tweaking_config.html DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E') # This tells sendmail which hosts to accept mail from. I only want # localhost to be able to connect to my smtp server, so that I don't # have to deal with being an open relay that will only send mail through # my secure account. The file indicated has the following: # localhost.localdomain RELAY # localhost RELAY # 127.0.0.1 RELAY FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl # Means that you can send mail to local users. # See: http://www.sendmail.org/m4/mailers.html MAILER(local) # Means you can deliver mail to other servers # through SMTP traffic MAILER(smtp) # Makes processing through procmail possible MAILER(procmail) # If recipient addresses are fully qualified to another # host, send mail through this server. #See: http://www.sendmail.org/m4/masquerading_relaying.html define(`SMART_HOST',`send-vif.cc.columbia.edu') # Creates an MTA with non-default options (listen on localhost only) # See: http://www.sendmail.org/m4/tweaking_config.html DAEMON_OPTIONS(`Port=25,Addr=127.0.0.1, Name=MTA') # The following four lines allow sendmail to negotiate SMTP AUTH with # the external mail servers. In my case, this is only to my ISP's SMTP # AUTH server. # See: http://www.sendmail.org/m4/tweaking_config.html define(`confCACERT_PATH',`/etc/ssl/certs') define(`confCACERT',`/etc/ssl/certs/ca-certificates.crt') # You must manually generate these files so that your server has # a self-signed certificate to present to the external SMTP AUTH server. # See: http://sial.org/howto/openssl/self-signed/ # See: http://www.sendmail.org/m4/tweaking_config.html # See: http://www.sendmail.org/~ca/email/starttls.html define(`confSERVER_CERT',`/usr/share/ca-certificates/server.pem') define(`confSERVER_KEY',`/usr/share/ca-certificates/server.pem') # List the available authentication mechanisms presented to clients. # This is by default "GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5" define(`confAUTH_MECHANISMS', `LOGIN PLAIN') # This is strange. The 'A' means "Use the AUTH= parameter for the MAIL FROM # command only when authentication succeeded. This can be used as a workaround # for broken MTAs that do not implement RFC 2554 correctly.". # Then, the 'p' means "don't permit mechanisms susceptible to passive # dictionary attack" and 'y' means "don't permit mechanisms that allow # # anonymous login". # According to the third URL below, "Next line stops sendmail from allowing # auth without encryption" # See: http://www.sendmail.org/m4/tweaking_config.html # See: http://lists.freebsd.org/pipermail/freebsd-questions/2003-June/008118.html # See: http://news.umailcampaign.com/message/106448.aspx define(`confAUTH_OPTIONS', `A p y') TRUST_AUTH_MECH(`LOGIN PLAIN') # Tells sendmail how verbose it should be for logging. For a long time, I had # mine set at 40 to get tons of output and diagnose issues. The default is # 9. define(`confLOG_LEVEL', `9')
0 Comments »
No comments yet.
RSS feed for comments on this post. TrackBack URI