sendmail status and auth advice

Matthew Seaman matthew at
Mon Jul 10 12:56:18 UTC 2017

On 2017/07/10 13:10, Anton Shterenlikht wrote:
> points to
> which is up to 8.13, last updated in 2006.
> The version I have on FreeBSD 11.0-RELEASE-p9 is
> sendmail+tls+sasl2-8.15.2_3.
> So I'm worried the advice might not be up to date.
> Is it?
> Trying to find some sendmail docs online I realised
> that now points to
> which seems to be a for profit company.
> And there seem to be no sendmail docs on that site.
> Are there still current sendmail docs online somewhere?
> I'm struggling to set up sendmail on my server to *send*
> only via 587 (STARTTLS).
> What is the easiest strategy to implement and/or the
> easiest guide to follow?
> Am I correct that for send only use of AUTH I don't
> need to issue or use certificates?
> Would be thankful for any advice.

Authentication setup in sendmail hasn't changed for quite some time, so
the old docs you may find online are probably still relevant.  One
problem you'll find is that the vast majority of the stuff you'll find
about sendmail authentication is talking about sendmail acting as the
server end of the authentication, whereas you want it to behave as the
client end.  If I recall correctly that needs authinfo settings in
/etc/mail/access, or (recommended) you need to add FEATURE(`authinfo')
to your .mc file to create a dedicated file.

I'd advise you to get hold of a copy of the O'Reilly Sendmail book --
that's a pretty comprehensive guide on everything you need to know about
configuring sendmail.  Another surprisingly useful guide is
/usr/share/sendmail/cf/README -- it covers a remarkably large amount of

If you are trying to configure sendmail to pretend to be a mail client
and submit messages by port 587 then in general you don't need a local
SSL certificate.  Unless, of course, your service provider has
configured things to require one, but office365 doesn't do that.

However, normal sysadminly paranoia suggests that you definitely want
STARTTLS to happen before sendmail tries to send any passwords around.
I know it is possible to enforce that from the sendmail client end, but
I've forgotten exactly how since I stopped using sendmail for anything
significant mail-wize.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 972 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list