requires sasl and STARTTLS. make they are compiled in with sendmail -d0.1 -bv.

the following is pretty much redhat specific.

It looks as if all that's needed is TLS not settings such as

• FEATURE(`authinfo')dnl default file is hash /etc/mail/authinfo
• dnl TRUST_AUTH_MECH(`GSSAPI')dnl
• dnl define(`confAUTH_MECHANISMS', `GSSAPI')dnl
• dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
• dnl FEATURE(`no_default_msa')dnl turn off default entry for MSA
• dnl DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl

links

sample1

i have a problem with my sendmail 8.12.9 configuration under redhat 7.2, which means i was not able to stop the server from relaying third party mail. i use STARTTLS and SMTP AUTH for relaying mails from my roaming users, other users are only able to send to local users. but it does not seem to work, or let's say: i must have made a mistake somewhere.

define(`ALIAS_FILE', `/etc/aliases')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`CERT_DIR',`/usr/share/ssl/certs')dnl
define(`confCACERT_PATH',`CERT_DIR')dnl
define(`confCACERT',`CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT',`CERT_DIR/[edited].pem')dnl
define(`confSERVER_KEY',`CERT_DIR/[edited]l.pem')dnl
define(`confCLIENT_CERT',`CERT_DIR/[edited].pem')dnl
define(`confCLIENT_KEY',`CERT_DIR/[edited].pem')dnl
define(`confTLS_SRV_OPTIONS',`V')dnl
define(`confAUTH_OPTIONS', `p,y')dnl
define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl
FEATURE(dnsbl, `blackholes.mail-abuse.org', 
	`Rejected - see [url]http://www.mail-abuse.org/rbl/[/url]')dnl
FEATURE(dnsbl, `dialups.mail-abuse.org', 
	`Dialup - see [url]http://www.mail-abuse.org/dul/[/url]')dnl
FEATURE(dnsbl, `relays.mail-abuse.org', 
	`Open spam relay - see [url]http://work-rss.mail-abuse
	.org/rss/[/url]')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`delay_checks')dnl
EXPOSED_USER(`root')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
MASQUERADE_AS(`[edited]')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain

tsl

options:
1. define(`CERT_DIR',`/usr/share/ssl/certs')dnl
2. define(`confCACERT_PATH',`CERT_DIR')dnl
3. define(`confCACERT',`CERT_DIR/ca-bundle.crt')dnl
4. define(`confSERVER_CERT',`CERT_DIR/[edited].pem')dnl
5. define(`confSERVER_KEY',`CERT_DIR/[edited]l.pem')dnl
6. define(`confCLIENT_CERT',`CERT_DIR/[edited].pem')dnl
7. define(`confCLIENT_KEY',`CERT_DIR/[edited].pem')dnl
8. define(`confTLS_SRV_OPTIONS',`V')dnl
9. define(`confAUTH_OPTIONS', `p,y')dnl
10. define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl

options (2):
1. define(`confAUTH_OPTIONS', `A p y')dnl
2. TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
3. define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
4. define(`confCACERT_PATH',`/usr/share/ssl/certs')
5. define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
6. define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
7. define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

second example leaves out:

• define(`confCLIENT_CERT',`CERT_DIR/[edited].pem')dnl
• define(`confCLIENT_KEY',`CERT_DIR/[edited].pem')dnl
• define(`confTLS_SRV_OPTIONS',`V')dnl