The following sets up SMTP-AUTH for sendmail on a sendmail system using SASL.
To start with, I found this bug on gentoo.org which discussing a few missing steps I included in here. I presume this issue will eventually be fixed in the sendmail ebuild. http://bugs.gentoo.org/144060
- emerge sendmail, include USE flags with “ssl sasl”
- create a pem file /etc/ssl/certs/sendmail.pem
- add the following to sendmail.mc
define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confCACERT_PATH', `/etc/ssl/certs')dnl define(`confCACERT', `/etc/ssl/certs/sendmail.pem')dnl define(`confSERVER_CERT', `/etc/ssl/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/ssl/certs/sendmail.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
- sometimes have to change SSLMTA to TLSMTA inside of DAEMON_OPTIONS
- add the Sendmail.conf for sasl in /etc/sasl2/Sendmail.conf
pwcheck_method: saslauthd mech_list: login plain
- add the pam config in /etc/pam.d/smtp
# created by me auth required pam_nologin.so auth include system-auth account include system-auth
- rc-update add saslauthd default
- rc-update add sendmail default