Configuring SMTP authentication on the MTA provides a number of benefits. SMTP authentication adds a layer of security to Sendmail, and provides mobile users who switch hosts the ability to use the same MTA without the need to reconfigure their mail client's settings each time.
Install security/cyrus-sasl2
from the Ports Collection. This port supports a number of
compile-time options. For the SMTP authentication method
demonstrated in this example, make sure that
LOGIN
is not disabled.
After installing security/cyrus-sasl2
,
edit
/usr/local/lib/sasl2/Sendmail.conf
,
or create it if it does not exist, and add the following
line:
Next, install security/cyrus-sasl2-saslauthd
and add the following line to
/etc/rc.conf
:
Finally, start the saslauthd daemon:
#
service saslauthd start
This daemon serves as a broker for sendmail to authenticate against the FreeBSD passwd(5) database. This saves the trouble of creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the same.
Next, edit /etc/make.conf
and add
the following lines:
These lines provide
Sendmail the proper configuration
options for linking to cyrus-sasl2
at compile time.
Make sure that cyrus-sasl2
has been installed
before recompiling
Sendmail.
Recompile Sendmail by executing the following commands:
#
cd /usr/src/lib/libsmutil
#
make cleandir && make obj && make
#
cd /usr/src/lib/libsm
#
make cleandir && make obj && make
#
cd /usr/src/usr.sbin/sendmail
#
make cleandir && make obj && make && make install
This compile should not have any problems if
/usr/src
has not
changed extensively and the shared libraries it needs are
available.
After Sendmail has been
compiled and reinstalled, edit
/etc/mail/freebsd.mc
or the local
.mc
file. Many administrators choose
to use the output from hostname(1) as the name of the
.mc
file for uniqueness. Add these
lines:
These options configure the different methods available to Sendmail for authenticating users. To use a method other than pwcheck, refer to the Sendmail documentation.
Finally, run make(1) while in /etc/mail
. That will run the
new .mc
and create a
.cf
named either
freebsd.cf
or the name used for the
local .mc
. Then, run make
install restart
, which will copy the file to
sendmail.cf
, and properly restart
Sendmail. For more information
about this process, refer to
/etc/mail/Makefile
.
To test the configuration, use a MUA to
send a test message. For further investigation, set the
LogLevel
of Sendmail
to 13
and watch
/var/log/maillog
for any errors.
For more information, refer to SMTP authentication.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.