sendmail smtp-auth

  1. links
  2. sample
  3. tsl

requires sasl and STARTTLS. make they are compiled in with sendmail -d0.1 -bv.

the following is pretty much redhat specific.

It looks as if all that's needed is TLS not settings such as

links

  1. http://www.joreybump.com/code/howto/smtpauth.html: quick start guide on redhat smtp auth guide

sample1

i have a problem with my sendmail 8.12.9 configuration under redhat 7.2, which means i was not able to stop the server from relaying third party mail. i use STARTTLS and SMTP AUTH for relaying mails from my roaming users, other users are only able to send to local users. but it does not seem to work, or let's say: i must have made a mistake somewhere.

define(`ALIAS_FILE', `/etc/aliases')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`CERT_DIR',`/usr/share/ssl/certs')dnl
define(`confCACERT_PATH',`CERT_DIR')dnl
define(`confCACERT',`CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT',`CERT_DIR/[edited].pem')dnl
define(`confSERVER_KEY',`CERT_DIR/[edited]l.pem')dnl
define(`confCLIENT_CERT',`CERT_DIR/[edited].pem')dnl
define(`confCLIENT_KEY',`CERT_DIR/[edited].pem')dnl
define(`confTLS_SRV_OPTIONS',`V')dnl
define(`confAUTH_OPTIONS', `p,y')dnl
define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl
FEATURE(dnsbl, `blackholes.mail-abuse.org', 
	`Rejected - see [url]http://www.mail-abuse.org/rbl/[/url]')dnl
FEATURE(dnsbl, `dialups.mail-abuse.org', 
	`Dialup - see [url]http://www.mail-abuse.org/dul/[/url]')dnl
FEATURE(dnsbl, `relays.mail-abuse.org', 
	`Open spam relay - see [url]http://work-rss.mail-abuse
	.org/rss/[/url]')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`delay_checks')dnl
EXPOSED_USER(`root')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
MASQUERADE_AS(`[edited]')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
source (email)

tsl

    options:
  1. define(`CERT_DIR',`/usr/share/ssl/certs')dnl
  2. define(`confCACERT_PATH',`CERT_DIR')dnl
  3. define(`confCACERT',`CERT_DIR/ca-bundle.crt')dnl
  4. define(`confSERVER_CERT',`CERT_DIR/[edited].pem')dnl
  5. define(`confSERVER_KEY',`CERT_DIR/[edited]l.pem')dnl
  6. define(`confCLIENT_CERT',`CERT_DIR/[edited].pem')dnl
  7. define(`confCLIENT_KEY',`CERT_DIR/[edited].pem')dnl
  8. define(`confTLS_SRV_OPTIONS',`V')dnl
  9. define(`confAUTH_OPTIONS', `p,y')dnl
  10. define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl
    options (2):
  1. define(`confAUTH_OPTIONS', `A p y')dnl
  2. TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
  3. define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
  4. define(`confCACERT_PATH',`/usr/share/ssl/certs')
  5. define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
  6. define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
  7. define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

second example leaves out: