Travel

Categories

Sendmail smtp auth under CentOS 6

1.Get signed server certificate for auth

2. edit sendmail.mc as below : (port 587 is listened by default, no need to add in the mc)

define(`confAUTH_OPTIONS', `A p y')dnl
 TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
 define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
 define(`confCACERT_PATH',`/etc/pki/tls/certs')
 define(`confCACERT',`/etc/pki/tls/certs/gd_bundle.crt')
 define(`confSERVER_CERT',`/etc/pki/tls/certs/server.crt')
 define(`confSERVER_KEY',`/etc/pki/tls/certs/server.key')
 DAEMON_OPTIONS(`Port=465,Addr=0.0.0.0, Name=MTA')

3. install saslauthd, make sure the below are installed :

cyrus-sasl-plain
cyrus-sasl-devel
cyrus-sasl-lib
cyrus-sasl

4. Check /etc/sysconfig/saslauthd,  should be as below :

MECH=pam
# these two settings are the defaults
SOCKETDIR=/var/run/saslauthd
FLAGS=

5. check /etc/sasl2/Sendmail.conf, should be as below :

pwcheck_method:saslauthd

6. service saslauthd restart; service sendmail restart

7. Use the command : openssl s_client -starttls smtp -connect localhost:587 and then enter
EHLO localhost for debugging, you should see something as below :

EHLO localhost
250-testhost.ie.cuhk.edu.hk Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 200000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP

 

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>