SOLVED: WAS Re: sendmail status and auth advice

Anton Shterenlikht as at cmplx.uk
Mon Jul 10 15:34:23 UTC 2017


Matthew Seaman matthew at FreeBSD.org
Mon Jul 10 12:56:18 UTC 2017
>
>Authentication setup in sendmail hasn't changed for quite some time, so
>the old docs you may find online are probably still relevant.  One
>problem you'll find is that the vast majority of the stuff you'll find
>about sendmail authentication is talking about sendmail acting as the
>server end of the authentication, whereas you want it to behave as the
>client end.  If I recall correctly that needs authinfo settings in
>/etc/mail/access, or (recommended) you need to add FEATURE(`authinfo')
>to your .mc file to create a dedicated file.

Yes, "Using sendmail as a client with AUTH",
http://www.sendmail.org/~ca/email/auth.html#authclientinfo

has the required info, apart from:

define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl

which is mentioned here:
 https://unix.stackexchange.com/questions/132711/using-port-587-with-sendmail


>I'd advise you to get hold of a copy of the O'Reilly Sendmail book --
>that's a pretty comprehensive guide on everything you need to know about
>configuring sendmail.

I have this book in the library, in fact I ordered it, but...
it's a complete monster to read.

>Another surprisingly useful guide is
>/usr/share/sendmail/cf/README -- it covers a remarkably large amount of
>stuff.

Agreed.
For what I need, one can go straight to SMTP AUTHENTICATION section.

>If you are trying to configure sendmail to pretend to be a mail client
>and submit messages by port 587 then in general you don't need a local
>SSL certificate.  Unless, of course, your service provider has
>configured things to require one, but office365 doesn't do that.

Yes, this is indeed what I'm trying to do, which, as I found out
is called "Using sendmail as a client with AUTH".

>However, normal sysadminly paranoia suggests that you definitely want
>STARTTLS to happen before sendmail tries to send any passwords around.
>I know it is possible to enforce that from the sendmail client end, but
>I've forgotten exactly how since I stopped using sendmail for anything
>significant mail-wize.

This I haven't figured out yet.

Thanks

Anton


More information about the freebsd-questions mailing list