best options for a *WORKING* MTA
Matthias Apitz
guru at unixarea.de
Mon Jun 1 16:56:33 UTC 2015
El día Monday, June 01, 2015 a las 12:48:46PM -0400, Aryeh Friedman escribió:
> I have tried every which way I can find in the handbook and/or on the net
> to get a working mail server and the best I can do get the default sendmail
> to answer on localhost only (postfix seems to be completely broken).
> Where can I find a good *SIMPLE* set of instructions on how to set up a
> working mail server to accept mail for my domain?
attached below is mine which works fine for years for my domain
'unixarea.de' and MX host of the ISP smtp.1blu.de
matthias
$Id: sendmail.txt,v 1.4 2014/10/05 14:51:32 guru Exp $
how to enable AUTH in SMTP (required since 2010 for my outbound mail):
we need the follwing ports and a recompiled 'sendmail' with some config;
details are described here:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html
- install port security/cyrus-sasl2
- config line in /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
- install port security/cyrus-sasl2-saslauthd,
- edit /etc/rc.conf:
saslauthd_enable="YES"
- restart daemon with
# /usr/local/etc/rc.d/saslauthd start
- recompile sendmail with /etc/make.conf set to
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install
- configure sendmail with the lines in /etc/mail/current.Sisis.de.mc:
# added by guru
#
define(`SMART_HOST', `smtp.1blu.de')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`masquerade_envelope')
FEATURE(`accept_unresolvable_domains')
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
#
MAILER(local)
MAILER(smtp)
# added by guru
#
MASQUERADE_AS(`unixarea.de')
#
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
#
# end of adds
- run make and move the config as:
# mv current.Sisis.de.cf sendmail.cf
# mv current.Sisis.de.submit.cf submit.cf
# /etc/rc.d/sendmail onerestart
AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html
- config AUTH in (create) /etc/mail/auth/client-info as:
AuthInfo:smtp.1blu.de "U:root" "I:YYYYYYYYYYYYY" "P:XXXXXXXXXXXXX"
see: http://www.sendmail.org/documentation/configurationReadme
The RHS for an AuthInfo: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes). T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:
U user (authorization) id
I authentication id
P password
R realm
M list of mechanisms delimited by spaces
- build the database
# cd /etc/mail/auth
# makemap hash client-info < client-info
# chmod 0600 client-info
all should be fine now;
- to test SSL:
$ openssl s_client -connect smtp.1blu.de:25 -starttls smtp
# /etc/rc.d/sendmail restart
# printf "To: guru at unixarea.de\nSubject: test\n\ntest\n" | /usr/sbin/sendmail -t
# tail -f /var/log/maillog
Oct 5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Oct 5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=<guru at unixarea.de>, ctladdr=<guru at unixarea.DDR.dd> (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu)
--
Matthias Apitz, guru at unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045
"Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden."
"Si el hombre es formado por las circunstancias entonces es necesario formar humanamente
las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)
More information about the freebsd-questions
mailing list