Having SMTP Authentication in place on your mail server has a number of benefits. SMTP Authentication can add another layer of security to sendmail, and has the benefit of giving mobile users who switch hosts the ability to use the same mail server without the need to reconfigure their mail client settings each time.
Install security/cyrus-sasl
from the ports. You can find this port in
security/cyrus-sasl.
security/cyrus-sasl has
a number of compile time options to choose from and, for
the method we will be using here, make sure to select the
pwcheck
option.
After installing security/cyrus-sasl,
edit /usr/local/lib/sasl/Sendmail.conf
(or create it if it does not exist) and add the following
line:
pwcheck_method: passwd
This method will enable sendmail
to authenticate against your FreeBSD passwd
database. This saves the trouble of creating a new set of usernames
and passwords for each user that needs to use
SMTP authentication, and keeps the login
and mail password the same.
Now edit /etc/make.conf
and add the
following lines:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl
These lines will give sendmail the proper configuration options for linking to cyrus-sasl at compile time. Make sure that cyrus-sasl has been installed before recompiling sendmail.
Recompile sendmail by executing the following commands:
#
cd /usr/src/usr.sbin/sendmail
#
make cleandir
#
make obj
#
make
#
make install
The compile of sendmail should not have any problems
if /usr/src
has not been changed extensively
and the shared libraries it needs are available.
After sendmail has been compiled
and reinstalled, edit your /etc/mail/freebsd.mc
file (or whichever file you use as your .mc
file. Many administrators
choose to use the output from hostname(1) as the .mc
file for
uniqueness). Add these lines to it:
dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
These options configure the different methods available to sendmail for authenticating users. If you would like to use a method other than pwcheck, please see the included documentation.
Finally, run make(1) while in /etc/mail
.
That will run your new .mc
file and create a .cf
file named
freebsd.cf
(or whatever name you have used
for your .mc
file). Then use the
command make install restart
, which will
copy the file to sendmail.cf
, and will
properly restart sendmail.
For more information about this process, you should refer
to /etc/mail/Makefile
.
If all has gone correctly, you should be able to enter your login
information into the mail client and send a test message.
For further investigation, set the LogLevel
of
sendmail to 13 and watch
/var/log/maillog
for any errors.
You may wish to add the following line to /etc/rc.conf
so this service will be available after every system boot:
cyrus_pwcheck_enable="YES"
This will ensure the initialization of SMTP_AUTH upon system boot.
For more information, please see the sendmail page regarding SMTP authentication.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.