On Thu, Mar 11, 2004 at 08:39:54AM +1100, Chris Richards wrote:
> Hiya,
>
> I am running FreeBSD 5.1-RELEASE-p10 and want to configure
> SMTP-AUTH/TLS. A friend gave me some instructions on how to do it and
> they talk about editing "$SRC/devtools/Site/site.config.m4" $SRC being
> the sendmail source of course. My friend is not a FreeBSD user so I
> can't ask him for help.
>
> I just have a standard install of sendmail on a normal system build. Can
> someone point me in the right direction as to where this file should be?
> I have searched for it and it does not exist in the current system - Is
> there a directory somewhere that I can add it to so it will be included
> in a sendmail build?
It's actually very easy. First, you need to install some SASL
libraries that come with the cyrus-sasl-2.1.17_1 package:
# portinstall -N security/cyrus-sasl2
Then make the system sendmail compile the SASL code and link against
those libraries, by adding the following to /etc/make.conf:
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
and do a normal build,installworld cycle as described in
/usr/src/UPDATING and the Handbook and many other places.
Now, enable the SASL capabilities in your sendmail config by adding
the following to your /etc/mail/`hostname`.mc:
dnl ## Set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
Then you need to generate yourself a suitable encryption key for the
TLS encrypted sessions. In order to create a self-signed certificate
and key in the appropriate format, follow the instructions here:
http://www.sendmail.org/~ca/email/other/cagreg.html
Then just build your sendmail configuration, install it and start
testing:
# cd /etc/mail
# make
# make install
# make restart
For further information, there's a section in the handbook which goes
through setting up SMTP Auth using SASL version 1 in rather more
detail, which you might find useful -- the procedure is very similar
to what's required for SASL version 2:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
and also look at this page:
http://www.ofb.net/%7Ejheiss/sendmail/tlsandrelay.shtml
although you can ignore the linux specific instructions about how to
get sendmail compiled with OpenSSL -- you get all that already with
the system sendmail.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgp0.pgp
Description: PGP signature
