Single file version available here.
Last updated on 2008-03-01.
To discuss, comment here.
| Next |
Table of Contents
http://www.linuxquestions.org/questions/showthread.php?s=&postid=1144343#post1144343
This Howto is meant to help demystify sendmail and get it to do some really cool stuff, in particular SMTP AUTH. Although this is meant to be Slackware specific, 95% of the stuff will work on any distro. This howto has been broken up into 4 main parts for ease of reading, they are Introduction, Compilation & Installation, Client-side SMTP AUTH and Server-side SMTP AUTH.
In case you have no idea what SMTP AUTH is good for, basically it allows you to provide relaying to people outside your trusted network by authenticating them in a secure manner. This is in contrast to an "open relay" which will allow anybody, anywhere to use your server to email whomever they want. As you can imagine, an open relay is a spammers dream as they are using YOUR precious resources to spam ten million people with your IP as the source….a very very bad thing!
As with most internet services we must break them down into two categories: client and server. Client-side SMTP AUTH is useful when your ISP's mail server requires you to authenticate yourself in order to relay through it using SMART_HOST; if you are on DSL you probably know what I'm talking about. Now this begs the question "why bother using the ISP's mail server when I'm setting up my own?" Good question, here is the answer. If you are like me and you run your own sendmail server using a residential (usually dynamic) IP, chances are 80% of your mail is going to be either bounced or plain out dropped due to SPAM filters running on most enterprise SMTP servers. Fortunately there is a way around this and that is by telling sendmail to relay all its outgoing mail to your ISP's SMTP server and have them send the mail on your behalf via SMART_HOST.
Server-side SMTP AUTH is exactly what the ISP's mail server is doing in the client-side example. It allows you to give relay access to only those that you specify, usually users listed in your /etc/passwd file. Unfortunately many email clients, Outlook and Outlook Express are especially notorious, will send the SMTP AUTH password in plain text format which is a bad thing. This is where the STARTTLS command comes into play. It will encrypt the password end to end by use of SSL so that if anybody were to sniff packets on our network they would only see garbage.
Lets test sendmail to make sure everything we wanted was really compiled in:
/usr/sbin/sendmail -d0.1 -bv root
In the *Compiled With* line make sure you see *STARTTLS* and *SASLv2*. If you do, go ahead and CTRL+C out, if you don't see both please re-read this howto more carefully and recompile Sendmail and/or Cyrus SASLv2.
As mentioned earlier, client-side SMTP AUTH allows us to authenticate in order to relay all outgoing mail to our ISP's sendmail server and have them send the mail on our behalf via SMART_HOST. Note that you can have SMART_HOST work just fine without SMTP AUTH if your ISP's SMTP server doesnt require authentication.
Now that we have a working version of sendmail which supports SMTP AUTH, open up the /usr/share/sendmail/cf/cf/sendmail-slackware.mc file with your favorite editor and lets make some changes!
Below I have copy and pasted my sendmail-slackware.mc file and I have highlighted the parts I changed in green, parts I added in red and parts that are specific to your system in blue. Please read through this carefully and make sure you make all the necessary changes and additions.
[...]