Junior,
On Tue, Apr 03, 2007 at 09:35:52AM -0300, Junior Pires wrote:
> Tentei, segui isso à risca e nada...
>
> Alguém ai já configurou Sendmail com sutenticação SMTP? se sim, eu
> agradeçeria muito se me desse aqui uma dica.
Já configurei e funciona sem maiores problemas, segue a receita de bolo
abaixo.
Não anotei o autor, por isso, não lembro quem escreveu.
-----
FreeBSD's sendmail does not support SMPT-AUTH out of the box. So, we will have
to recompile it with appropriate options, and add support for TLS encryption at
this time. You will need your system sources for this. If you don't have them
installed, you should do so now.
Alternatively, you can use the sendmail port mail/sendmail. You will need to
change
sendmail_program= "/usr/local/sbin/sendmail"
in /etc/rc.conf and build the port with
# cd /usr/ports/mail/sendmail
# make -DSENDMAIL_WITH_SASL -DSENDMAIL_WITH_TLS install clean
Be sure to follow the instructions of the port, but keep in mind that this
document assumes that you are using the sendmail installation in your base
system. You will need to regard the pathnames in this article's installation
instructions to agree with pathnames for this particular installation.
Depending upon your preference, it might also make sense to erase your sendmail
installation in /usr and add
NO_SENDMAIL=TRUE
to /etc/make.conf if you decide to use the sendmail port. Adding this line will
prevent subsequent builds of the operating system from installing duplicate
copies of sendmail.
Here's how to re-build sendmail with SASL and TLS support:
1.
Find out if and where you installed OpenSSL. You will need it for TLS
support, and the port you will install for SASL capability also links against
this library).
You can use
# which openssl
to determine the prefix of your installation This is normally /usr for
the base system's OpenSSL, and /usr/local if you use the port. If the command
above yields nothing, then you must install the security/openssl port first.
2.
After installing OpenSSL, install security/cyrus-sasl from ports:
1.
Run
# cd /usr/ports/security/cyrus-sasl
# make install clean
2.
De-select everything in the configuration dialogue. You need the
client site library only, and do not need server side features.
3.
Now delete or move the following server-side startup scripts. These
are not needed.
/usr/local/etc/rc.d/cyrus_pwcheck.sh
/usr/local/etc/rc.d/cyrus_sasl1
/usr/local/etc/rc.d/saslauthd1.sh
4.
Lastly, remove the cyrus user the port created:
# rmuser cyrus
3.
Now edit /etc/make.conf and add the following lines:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -I/usr/local/include -DSASL
-DSTARTTLS
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl -lssl -lcrypto
-I/usr/local/include is only needed if you are using the OpenSSL port.
These lines will give sendmail the proper configuration options for
linking to cyrus-sasl and the OpenSSL libraries at compile time. Make sure that
security/cyrus-sasl and eventually security/openssl has been installed before
recompiling sendmail again.
4.
Recompile sendmail by executing the following commands you will need to
compile libsm and libsmutil only if you have never built world before or you
erased /usr/obj) from a previous buildworld.
# cd /usr/src/lib/libsm
# make cleandir obj depend all
# make
# cd /usr/src/lib/libsmutil
# make cleandir obj depend all
# cd /usr/src/usr.sbin/sendmail
# make cleandir obj depend all install
5.
Now check your installation using the following command:
# sendmail -d0.1 -bv root
It should yield output similar to this:
Version 8.12.9p2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASL
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
[...]
If you cannot spot SASL or STARTTLS, then something went wrong with your
installation.
Now it's time to setup sendmail to use SMTP-AUTH to relay your e-mail. TLS will
be used automatically if it is available.
1.
First, you have to find out which authentication mechanisms are supported
by external.mail.server. The following transcript of a short telnet session
illustrates this:
% telnet external.mail.relay 25
Trying xxx.xxx.xxx.xxx...
Connected to external.mail.relay.
Escape character is '^]'.
Now start a fake SMTP-session:
EHLO foo
The server will respond with something similar to this:
250-8BITMIME
250-AUTH=DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250 STARTTLS
Now terminate the session with
quit
Connection closed by foreign host.
2.
To make sendmail use the authenication mechanisms offered by the remote
server, add the following line to your configuration file
/etc/mail/host.local.domain.mc:
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')
(according to the AUTH line(s) in the telnet output).
Warning: Please note, that the LOGIN and PLAIN mechanisms send the
unencrypted password, so be sure to avoid these methods if possible or to use
them in combination with TLS. (Note how it was skipped in our example!)
3.
Now, the login credentials for the external mail server need to be
defined.
This ich should look like this (in our case one line!):
AuthInfo:external.mail.server "U:remoteuser" "I:remoteuser" "P:secret"
"R:external.mail.server" "M:DIGEST-MD5 CRAM-MD5"
4.
Now rebuild the sendmail configuration, and restart the daemon.
# make all install restart
Important: If you need to debug your SASL configuration, you will
have to restart sendmail in the following way:
# make stop all install start
instead of the usual
# make all install restart
Congratulations, now you are able to send e-mail via an external mail relay.
This means also, that you are now able to send problem reports using send-pr(1)
and to post to the FreeBSD mailing lists
If you have tried everything above, and still does not work please have a look
at Section 5. If you still have problems, don't hesitate to contact me so that
this document can be improved.
--
<about>
<name>Luiz Fernando Pasqual S. Souza</name>
<email>pasquall at terra dot com dot br</email>
<icq>59929504</icq>
</about>
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
