[FUG-BR] [E CONTINUA O IMPASSE]Sendmail Autenticado.
Luiz Fernando Pasqual S. Souza
pasquall em terra.com.br
Quinta Abril 5 10:01:05 BRT 2007
Junior,
On Tue, Apr 03, 2007 at 09:35:52AM -0300, Junior Pires wrote:
> Tentei, segui isso à risca e nada...
>
> Alguém ai já configurou Sendmail com sutenticação SMTP? se sim, eu
> agradeçeria muito se me desse aqui uma dica.
Já configurei e funciona sem maiores problemas, segue a receita de bolo
abaixo.
Não anotei o autor, por isso, não lembro quem escreveu.
-----
FreeBSD's sendmail does not support SMPT-AUTH out of the box. So, we will have to recompile it with appropriate options, and add support for TLS encryption at this time. You will need your system sources for this. If you don't have them installed, you should do so now.
Alternatively, you can use the sendmail port mail/sendmail. You will need to change
sendmail_program= "/usr/local/sbin/sendmail"
in /etc/rc.conf and build the port with
# cd /usr/ports/mail/sendmail
# make -DSENDMAIL_WITH_SASL -DSENDMAIL_WITH_TLS install clean
Be sure to follow the instructions of the port, but keep in mind that this document assumes that you are using the sendmail installation in your base system. You will need to regard the pathnames in this article's installation instructions to agree with pathnames for this particular installation.
Depending upon your preference, it might also make sense to erase your sendmail installation in /usr and add
NO_SENDMAIL=TRUE
to /etc/make.conf if you decide to use the sendmail port. Adding this line will prevent subsequent builds of the operating system from installing duplicate copies of sendmail.
Here's how to re-build sendmail with SASL and TLS support:
1.
Find out if and where you installed OpenSSL. You will need it for TLS support, and the port you will install for SASL capability also links against this library).
You can use
# which openssl
to determine the prefix of your installation This is normally /usr for the base system's OpenSSL, and /usr/local if you use the port. If the command above yields nothing, then you must install the security/openssl port first.
2.
After installing OpenSSL, install security/cyrus-sasl from ports:
1.
Run
# cd /usr/ports/security/cyrus-sasl
# make install clean
2.
De-select everything in the configuration dialogue. You need the client site library only, and do not need server side features.
3.
Now delete or move the following server-side startup scripts. These are not needed.
/usr/local/etc/rc.d/cyrus_pwcheck.sh
/usr/local/etc/rc.d/cyrus_sasl1
/usr/local/etc/rc.d/saslauthd1.sh
4.
Lastly, remove the cyrus user the port created:
# rmuser cyrus
3.
Now edit /etc/make.conf and add the following lines:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -I/usr/local/include -DSASL -DSTARTTLS
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl -lssl -lcrypto
-I/usr/local/include is only needed if you are using the OpenSSL port.
These lines will give sendmail the proper configuration options for linking to cyrus-sasl and the OpenSSL libraries at compile time. Make sure that security/cyrus-sasl and eventually security/openssl has been installed before recompiling sendmail again.
4.
Recompile sendmail by executing the following commands you will need to compile libsm and libsmutil only if you have never built world before or you erased /usr/obj) from a previous buildworld.
# cd /usr/src/lib/libsm
# make cleandir obj depend all
# make
# cd /usr/src/lib/libsmutil
# make cleandir obj depend all
# cd /usr/src/usr.sbin/sendmail
# make cleandir obj depend all install
5.
Now check your installation using the following command:
# sendmail -d0.1 -bv root
It should yield output similar to this:
Version 8.12.9p2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASL
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
[...]
If you cannot spot SASL or STARTTLS, then something went wrong with your installation.
Now it's time to setup sendmail to use SMTP-AUTH to relay your e-mail. TLS will be used automatically if it is available.
1.
First, you have to find out which authentication mechanisms are supported by external.mail.server. The following transcript of a short telnet session illustrates this:
% telnet external.mail.relay 25
Trying xxx.xxx.xxx.xxx...
Connected to external.mail.relay.
Escape character is '^]'.
Now start a fake SMTP-session:
EHLO foo
The server will respond with something similar to this:
250-8BITMIME
250-AUTH=DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250 STARTTLS
Now terminate the session with
quit
Connection closed by foreign host.
2.
To make sendmail use the authenication mechanisms offered by the remote server, add the following line to your configuration file /etc/mail/host.local.domain.mc:
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')
(according to the AUTH line(s) in the telnet output).
Warning: Please note, that the LOGIN and PLAIN mechanisms send the unencrypted password, so be sure to avoid these methods if possible or to use them in combination with TLS. (Note how it was skipped in our example!)
3.
Now, the login credentials for the external mail server need to be defined.
This ich should look like this (in our case one line!):
AuthInfo:external.mail.server "U:remoteuser" "I:remoteuser" "P:secret"
"R:external.mail.server" "M:DIGEST-MD5 CRAM-MD5"
4.
Now rebuild the sendmail configuration, and restart the daemon.
# make all install restart
Important: If you need to debug your SASL configuration, you will have to restart sendmail in the following way:
# make stop all install start
instead of the usual
# make all install restart
Congratulations, now you are able to send e-mail via an external mail relay. This means also, that you are now able to send problem reports using send-pr(1) and to post to the FreeBSD mailing lists
If you have tried everything above, and still does not work please have a look at Section 5. If you still have problems, don't hesitate to contact me so that this document can be improved.
--
<about>
<name>Luiz Fernando Pasqual S. Souza</name>
<email>pasquall at terra dot com dot br</email>
<icq>59929504</icq>
</about>
Mais detalhes sobre a lista de discussão freebsd