1.Get signed server certificate for auth
2. edit sendmail.mc as below : (port 587 is listened by default, no need to add in the mc)
define(`confAUTH_OPTIONS', `A p y')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confCACERT_PATH',`/etc/pki/tls/certs') define(`confCACERT',`/etc/pki/tls/certs/gd_bundle.crt') define(`confSERVER_CERT',`/etc/pki/tls/certs/server.crt') define(`confSERVER_KEY',`/etc/pki/tls/certs/server.key') DAEMON_OPTIONS(`Port=465,Addr=0.0.0.0, Name=MTA')
3. install saslauthd, make sure the below are installed :
cyrus-sasl-plain
cyrus-sasl-devel
cyrus-sasl-lib
cyrus-sasl
4. Check /etc/sysconfig/saslauthd, should be as below :
MECH=pam # these two settings are the defaults SOCKETDIR=/var/run/saslauthd FLAGS=
5. check /etc/sasl2/Sendmail.conf, should be as below :
pwcheck_method:saslauthd
6. service saslauthd restart; service sendmail restart
7. Use the command : openssl s_client -starttls smtp -connect localhost:587 and then enter
EHLO localhost for debugging, you should see something as below :
EHLO localhost
250-testhost.ie.cuhk.edu.hk Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 200000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
Leave a Reply