Setting up SMTP auth with sendmail is similar to Postfix. This walks through setting up SMTP auth with dbmail and Saslv2/Sendmail 8.13.8. It should work similarly for other recent sendmail versions.

First make sure cyrus-sasl is installed, also install the cyrus-sasl-sql package. As of this writing I'm not sure if the sql package is needed to make this work because I installed it before I tested it, but it won't hurt to install and I'm sure it needs it. Make sure saslauthd is started and starts automatically upon bootup.

You have to first make sure sendmail is already compiled to support SASL. You can do this by issuing the following command: sendmail -d0.1 -bv root | grep SASL If you see something with SASL in the output you are good to go like the following: NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS

In your sendmail.mc file make sure you have the following lines:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

* Rebuild your sendmail.mc file: m4 sendmail.mc > sendmail.cf (or wherever the path to your m4/mc/cf files are respectively

* Restart sendmail

* Verify the settings kicked in by doing the following:

telnet localhost 25

ehlo localhost

You are looking for a reply that contains something similar to the following line as part of the reply:

250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Now time to configure SASL.

Modify Sendmail.conf, on my Red Hat Enterprise system this was located at: /usr/lib/sasl2/Sendmail.conf

Modify this file as follows:

pwcheck_method: auxprop auxprop_plugin: sql log-level: 14 sql_engine: mysql sql_hostnames: localhost sql_user: username sql_passwd: password sql_database: databasename sql_verbose: yes sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

The 'log-level' settings is used for debugging, it should write to your /var/log/messages file. You can remove this once you don't need it. The big difference from the Postfix configuration is the last line with the sql query. In my particular case the userid's for my users were in the format of their email address like john@domain.com. Sendmail strips the domain portion from the username which caused me a lot of headaches. Thus I added an '@' symbol along with %r in my query which in sendmail terminology is “realm” aka the domain portion of the userid. If you are not using the entire email as the username then you can just use: sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u'

Hope this helps save some people some time.

 
smtp_auth/sendmail.txt · Last modified: 2011/07/13 21:44 by masoodrahim
 
DBMail is developed by Paul J Stevens together with developers world-wide