Setting up SMTP-AUTH in Gentoo

The following sets up SMTP-AUTH for sendmail on a sendmail system using SASL.

To start with, I found this bug on which discussing a few missing steps I included in here. I presume this issue will eventually be fixed in the sendmail ebuild.

  1. emerge sendmail, include USE flags with “ssl sasl”
  2. create a pem file /etc/ssl/certs/sendmail.pem
  3. add the following to

define(`confAUTH_OPTIONS', `A')dnl
define(`confCACERT_PATH', `/etc/ssl/certs')dnl
define(`confCACERT', `/etc/ssl/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `/etc/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/ssl/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s')dnl

  • sometimes have to change SSLMTA to TLSMTA inside of DAEMON_OPTIONS
  • add the Sendmail.conf for sasl in /etc/sasl2/Sendmail.conf
  • pwcheck_method: saslauthd
    mech_list: login plain

    • add the pam config in /etc/pam.d/smtp

    # created by me
    auth       required
    auth       include      system-auth
    account    include      system-auth

    • rc-update add saslauthd default
    • rc-update add sendmail default
This entry was posted in Gentoo. Bookmark the permalink.