NAME: Sendmail 8.11 SASL SMTP Client AUTH Changelog: * Fri Sept 7 - Ran Ispell - Reformatted logs and SMTP chat transcripts for better readability * Wed Aug 29 16:19:49 IST 2001 - Added note about white-spaces in default-auth-info * Tue Aug 21 15:46:52 IST 2001 - Initial roll out Synopsis: Configuring sendmail to acts as a client to authenticate itself to a server. DESCRIPTION: Same as above If the server setup has been done as described in the other sendmail + SMTP AUTH docs, you will have the following features: (1) CRAM-MD5 or DIGEST-MD5 based password encryption (2) Transport layer security with SSL/TLS REQUIREMENTS: (1) Updated Sendmail. Do not use sendmail 8.10.0, sendmail 8.10.0 uses this data when sending e-mail and tries to authenticate against every server that offers SMTP AUTH. (2) An SMTP smart host which does SMTP AUTH with SSL/TLS (optional) INSTALLATION: Install the latest version of Sendmail RPM CONFIGURATION: Step1: Changes to sendmail .mc file In your site specific sendmail .mc file add the following defines: # cd /usr/share/sendmail-cf/cf/ # vim my-domain.mc -- redhat.mc -- TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5')dnl define(`confDEF_AUTH_INFO', `/etc/mail/default-auth-info')dnl FEATURE(`no_default_msa')dnl turn off default entry for MSA define(`SMART_HOST', `smtp.isp.net')dnl -- redhat.mc -- Change "smtp.isp.net" to a valid SMTP server which can do SMTP AUTH. Generate the .cf file # m4 redhat.mc > /etc/sendmail.cf Step2: Create "default-auth-info" to store user credentials # cd /etc/mail # vim default-auth-info And add your username, username, password and SASL realm details in that order. This is case sensitive and white space sensitive. If you do cut and paste, make sure you delete out all the leading white spaces which have crept in. -- default-auth-info -- username username password isp.net -- default-auth-info Make the file rw by root only # chown root.root default-auth-info # chmod 600 default-auth-info Step3. Restart Sendmail # killall -HUP sendmail TESTING: Try sending a mail by invoking sendmail directly like this - # /usr/lib/sendmail -v shanu@godzilla.foobar.com hello . shanu@godzilla.foobar.com... Connecting to monster.foobar.com. via relay... 220 foobar.com ESMTP Sendmail 8.11.2/8.11.2; Tue, 21 Aug 2001 16:00:01 +0530 >>> EHLO localhost.localdomain 250-foobar.com Hello mail.foobar.com [192.168.1.82], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250-STARTTLS 250 HELP >>> STARTTLS 220 2.0.0 Ready to start TLS >>> EHLO localhost.localdomain 250-foobar.com Hello mail.foobar.com [192.168.1.82], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250 HELP >>> AUTH DIGEST-MD5 334 bm9uY2U9InNEZUxHU3JtSDkyQVNQZ2VwRURzOHByTlpVQStHTkFhdWhXZEk3Nis1SUE9Iixx b3A9ImF1dGgsYXV0aC1pbnQsYXV0aC1jb25mIixjaXBoZXI9InJjNC00MCxyYzQtNTYscmM0LGRl cywzZGVzIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw== >>> dXNlcm5hbWU9Im1haWwiLHJlYWxtPSJtb25zdGVyLmV4b2NvcmUuY29tIixub25jZT0ic0Rl TEdTcm1IOTJBU1BnZXBFRHM4cHJOWlVBK0dOQWF1aFdkSTc2KzVJQT0iLGNub25jZT0iTUxJM1ZF eE5yekQyMzZaYit6MXAyMTNyRzFWaEpJOEtIQmNVNDRMY09oND0iLG5jPTAwMDAwMDAxLHFvcD1h dXRoLWNvbmYsY2lwaGVyPSJyYzQiLGNoYXJzZXQ9dXRmLTgsZGlnZXN0LXVyaT0ic210cC9tb25z dGVyLmV4b2NvcmUuY29tLiIscmVzcG9uc2U9NDMyNTg3Yzg1MDlhNTM1MGMwYzA1MDUzMWUzMTIw NzgcnNwYXV0aD0wZTVlZmE1ZmJmYWFlYWRjNDgwYjA5MzhkNDEyY2RmZQ== >>> 235 2.0.0 OK Authenticated >>> EHLO localhost.localdomain 250-foobar.com Hello mail.foobar.com [192.168.1.82], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250-AUTH LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250 HELP >>> MAIL From: SIZE=6 AUTH=root@localhost.localdomain 250 2.1.0 ... Sender ok >>> RCPT To: 250 2.1.5 ... Recipient ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 f7LAU1U08364 Message accepted for delivery shanu@godzilla.foobar.com... Sent (f7LAU1U08364 Message accepted for delivery) Closing connection to monster.foobar.com. >>> QUIT 221 2.0.0 foobar.com closing connection LOGS: Here is a log snippet from a successful SMTP AUTH connection for Sendmail as client. On the client side: Aug 21 16:06:05 mail sendmail[931]: f7LAa2b00931: from=root, size=6, class=0, nr cpts=1, msgid=<200108211036.f7LAa2b00931@localhost.localdomain>, relay=root@localhost Aug 21 16:06:07 mail sendmail[931]: f7LAa2b00931: to=shanu@godzilla.foobar.com, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:02, mailer=relay, pri=30006, relay=monster.foobar.com. [192.168.1.1], dsn=2.0.0, stat=Sent (f7LAU1U08364 Message accepted for delivery) On the server side (the SMART HOST): Aug 21 16:06:20 monster sendmail[8559]: f7LAaJU08557: to=, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30300, relay=godzilla.foobar.com. [192.168.1.24], dsn=2.0.0, stat=Sent (f7LAb1US009573 Message accepted for delivery) The mail headers: From root@localhost.localdomain Tue Aug 21 16:07:01 2001 Return-Path: Received: from foobar.com (IDENT:root@monster.foobar.com [192.168.1.1]) by godzilla.foobar.com (8.12.0.Beta16/8.12.0.Beta16/Debian +8.12.0.Beta16) with ESMTP id f7LAb1US009573 for ; Tue, 21 Aug 2001 16:07:01 +0530 Received: from localhost.localdomain (mail.foobar.com [192.168.1.82]) (authenticated (128 bits)) by foobar.com (8.11.2/8.11.2) with ESMTP id f7LAaJU08557 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified +NO) for ; Tue, 21 Aug 2001 16:06:20 +0530 Received: (from root@localhost) by localhost.localdomain (8.11.2/8.11.2) id f7LAgNb00936 for shanu@godzilla.foobar.com; Tue, 21 Aug 2001 16:12:23 +0530 Date: Tue, 21 Aug 2001 16:12:23 +0530 From: root Message-Id: <200108211042.f7LAgNb00936@localhost.localdomain> FILES: /etc/mail/default-auth-info RPMS: sendmail-8.11.2-14.i386.rpm See Also: 1. Sendmail 8.10.0 as client for SMTP AUTH, http://www.sendmail.org/~ca/email/auth.html#DefaultAuthInfo BUGS: In case of problems, start sendmail with LogLevel=14 and check mail logs. Author: Shanker Balan http://shankerbalan.com/