On Thu, Mar 11, 2004 at 08:39:54AM +1100, Chris Richards wrote:
> Hiya,
>  
> I am running FreeBSD 5.1-RELEASE-p10 and want to configure
> SMTP-AUTH/TLS. A friend gave me some instructions on how to do it and
> they talk about editing "$SRC/devtools/Site/site.config.m4" $SRC being
> the sendmail source of course. My friend is not a FreeBSD user so I
> can't ask him for help.
>  
> I just have a standard install of sendmail on a normal system build. Can
> someone point me in the right direction as to where this file should be?
> I have searched for it and it does not exist in the current system - Is
> there a directory somewhere that I can add it to so it will be included
> in a sendmail build?

It's actually very easy.  First, you need to install some SASL
libraries that come with the cyrus-sasl-2.1.17_1 package:

    # portinstall -N security/cyrus-sasl2

Then make the system sendmail compile the SASL code and link against
those libraries, by adding the following to /etc/make.conf:

    SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
    SENDMAIL_LDFLAGS=-L/usr/local/lib
    SENDMAIL_LDADD=-lsasl2

and do a normal build,installworld cycle as described in
/usr/src/UPDATING and the Handbook and many other places.

Now, enable the SASL capabilities in your sendmail config by adding
the following to your /etc/mail/`hostname`.mc:

    dnl ## Set SASL options
    TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
    define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
    define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
    define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

    dnl
    define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
    define(`confCACERT_PATH', `CERT_DIR')dnl
    define(`confCACERT', `CERT_DIR/cacert.pem')dnl
    define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
    define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
    define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
    define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl

Then you need to generate yourself a suitable encryption key for the
TLS encrypted sessions.  In order to create a self-signed certificate
and key in the appropriate format, follow the instructions here:

    http://www.sendmail.org/~ca/email/other/cagreg.html

Then just build your sendmail configuration, install it and start
testing:

    # cd /etc/mail
    # make
    # make install
    # make restart

For further information, there's a section in the handbook which goes
through setting up SMTP Auth using SASL version 1 in rather more
detail, which you might find useful -- the procedure is very similar
to what's required for SASL version 2:

    http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html

and also look at this page:

    http://www.ofb.net/%7Ejheiss/sendmail/tlsandrelay.shtml

although you can ignore the linux specific instructions about how to
get sendmail compiled with OpenSSL -- you get all that already with
the system sendmail.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to