sendmail and SASL. V0.1 of this document show you only how to set up
LOGIN AUTH (several ail client like outlook express, netscape use this
method of authentification. SMTP AUTH are use to permit relaying for
user who where authentified. You must use at least sendmail 8.9.
[wrong, it’s 8.10]
2. Get the needed software
2.1 Download Cyprus SASL
You can get the source of cyrus SASL at
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/. Get the latest stable
version.
[1.5.x, no 2.x]
2.2 Download Sendmail
You will need to recompile sendmail. Get the source of sendmail
at http://www.sendmail.com if your distribution don’t give you the source.
[http://www.sendmail.org not com!]
For me, i use a slackware, and i have get the source from the cd
source of the slackware.
3. Compile the software
3.1 Compile and install SASL
Extract file from the SASL package:
gzip -cd cyrus-sasl-1.5.27.tar.gz | tar xvf –
Enter the SASL directory, and do a:
./configure –enable-login
The –enable-login option will enable login authentification (that
is not enable by default). Check for other option that you will
need (–perfix, …, make a configure –help to show all options).
Next do a make, make install. So sasl is now installed. Depending
to wich prefiw directory you have installed SASL, you will need to
add an entry to /etc/ld.so.conf to add the SASL lib directory. Then
make a “ldconfig”.
3.2 Compile sendmail
I will not describe here all the option of sendmail compilation,
but i will show you only how to add the SASL support in sendmail.
In the source directory of sendmail, go to devtools/OS sub directory,
and add to the file that match your plateform:
[do NOT do that! Use devtools/Site/site.config.m4
See devtools/Site/README]
APPENDDEF(`confENVDEF’, `-DSASL’)
APPENDDEF(`conf_sendmail_LIBS’, `-lsasl’)
For me, i add this two line to the devtools/OS/Linux file because
i have a Linux platform. Then recompil and install sendmail. To
be sure that Sendmail have the SASL support, do a:
sendmail -d0.1 -bv root | grep SASL
You must see something like that:
NETUNIX NEWDB QUEUE SASL SCANF SMTP USERDB XDEBUG
Make sure SASL appears in the output. Otherwise, recompile sendmail and
make sure you have put the two APPENDDEF line is the correct OS file
for your system.
4. Configure
For this example i use only LOGIN method, so only this method will
be described here. LOGIN method will use real user/passwd that are
described by your /etc/passwd. So user in this file are able to do
SMTP AUTH.
4.1 Configure SASL for Login AUTH
You must add a file for sendmail configuration of SASL.
Go to the /usr/lib/sasl directory.
Create a file Sendmail.conf with:
pwcheck_method: shadow
I suppose that your system use the shadow method for user
authentification. If your system uses the (old) password method,
replace shadow by passwd.
4.2 Sendmail configuration.
Edit your sendmail.cf (normally /etc/mail/sendmail.cf).
[Oh, great…. read cf/README]
Add this line:
# list of authentication mechanisms
C{TrustAuthMech}LOGIN
O AuthMechanisms=LOGIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5]]>