I've recently moved to a new ISP (higher bandwith for lower cost, but with a monthly cap - let's hope my calculations of usage are correct).
I discovered the ISP's SMTP server required authentication, so in order to continue sending mail out from the FreeBSD web/mail server, crimson, I was going to have to figure out how sendmail could act as an authenticating client.
After reading the Sendmail Bat book, and some googling, the following seemed to be required (note, this is for a FreeBSD 6.2 system, making minimal changes to the default system setup).
First, you need to create an access database in /etc/mail
.
This has to contain AuthInfo
records to inform sendmail of
the authentication tokens required. I created a file called
access
in /etc/mail
with the following contents:
AuthInfo:smtp.isp.com "U:username" "P:password"
Replace smtp.isp.com
by your ISP's mail server, and the
username and password fields as required.
The access database is built by running the following command in
/etc/mail
:
make maps
which creates the file access.db
.
The sendmail configuration file (crimson.mc)
needs the
following addition:
define(`confAUTH_MECHANISMS',`LOGIN PLAIN')
And, or course, define SMART_HOST to the new smtp relay, i.e.
define(`SMART_HOST',`smtp.isp.com')
I rebuilt the sendmail.cf file and restarted sendmail by:
make && make install && make restart
I tested to see if client authentication worked by sending an email to my new email address. Nope, DSN 5.0.0 - Service Unavailable.
Most of the articles I'd read majored on creating a version of sendmail that required authentication from its clients. For this, sendmail needed to be compiled with SASL. It seemed to me that SASL shouldn't be required for simple client authentication, but maybe I was wrong.
To build a version of sendmail with SASL on FreeBSD, first add the
following lines to /etc/make.conf
:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2
Then, install the package cyrus-sasl2
, by:
pkg_add -r cyrus-sasl2
Then rebuild sendmail:
# cd /usr/src/lib/libsmutil # make cleandir && make obj && make # cd /usr/src/lib/libsm # make cleandir && make obj && make # cd /usr/src/usr.sbin/sendmail # make cleandir && make obj && make && make install
N.B. These instructions have been stolen wholesale from The FreeBSD Handbook.
Once the new version of sendmail was started, client authentication instantly started to work. So, situation normal, completely wrong assumptions. SASL is mandatory for sendmail client SMTP authentication.