[ale] FC8 configuration of sendmail

Michael H. Warfield mhw at WittsEnd.com
Tue Dec 4 10:21:03 EST 2007 

On Tue, 2007-12-04 at 09:55 -0500, Christopher Fowler wrote:
> I'm trying to configure sendmail on a server like BellSouth has
> configured their servers.

> Many of us travel and when we do we have to configure a local SMTP
> server to do the relay.  In some cases that it not possible.  One of my
> sales reps uses BS and they have a user/pass configuration where when
> they travel they can send mail from anywhere.

> I have a stock FC8 install.  In Evolution I've told my client that the
> server requires authentication.  When i send mail I get "Relay denied"
> error messages.  What do I need to configure or add to make this work?

	Read the comments in /etc/mail/sendmail.mc and uncomment the
appropriate lines (remove the dnl in front) and run "make" in that
directory to rebuild your sendmail.cf file.

	1) Make sure you are set up for TLS SMTP...

	Lines you are looking for in sendmail.mc are these:

define(`confCACERT_PATH',`/etc/pki/tls/certs')dnl
define(`confCACERT',`/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.crt')dnl 
define(`confSERVER_KEY',`/etc/pki/tls/private/sendmail.key')dnl
define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.crt')dnl
define(`confCLIENT_KEY',`/etc/pki/tls/private/sendmail.key')dnl

	Make sure you've created those certs and keys.

	2) Enable the authentication trust options...

	Above the cert options, you should something like this:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')

	3) (Optional) Enable SSL smtp on port 465.

	Locate and enable this line in sendmail.mc:

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

	The TLS options will run SSL on port 25, so the port 465 / smtps stuff
is purely optional (like if port 25 is blocked for some reason).  You
need SSL in one form or another for PLAIN authentication.

	Once you have those enabled and you've rebuild your sendmail.cf file
and restarted sendmail, you should be all set.

> Chris

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list