This document is to configure SMTP server on Fedora Core 4, to use it from anywhere without the necessity of opening up the relay for public use and hence subjecting yourself to the possibility of being blacklisted or ending up in other databases such as ORBS. DRAC and SMTP AUTH are two different approach which addresses this.
The Purpose of this document is to explain the process of installation and Configuration of sendmail with relay for roaming users, ie,relay based on authentication. With SMTP-AUTH client may indicate an authentication mechanism to the server, perform an authentication protocol exchange, and optionally negotiate a security layer for subsequent protocol interactions. This extension is a profile of the Cyrus Simple Authentication and Security Layer [SASL].
Platform: Fedora Core 4, Sendmail 8.13.5
Installation of sendmail with SASL support
a) Download sendmail source package from:
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.5.tar.gz
This is downloaded into /usr/local/src directory.
b) tar -zxvf sendmail.8.13.5
c) cd sendmail-8.13.5
d) cd devtools/Site
e) joe site.config.m4
f) Add the following lines to it:
APPENDDEF(`confENVDEF’, `-DSASL’)
APPENDDEF(`conf_sendmail_LIBS’, `-lsasl’)
g) cd /usr/local/src/sendmail-8.13.5/cf/cf
h) create a file called linux.mc with exactly the following lines:
OSTYPE(`linux')dnl
define(`confCONNECTION_RATE_THROTTLE',40)dnl
define(`confMAX_HOP',30)dnl
define(`confMAX_MESSAGE_SIZE',10000000)dnl
define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo')dnl
define(`confQUEUE_LA',5)dnl
define(`confREFUSE_LA',10)dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_IDENT',0s)dnl
define(`confTO_QUEUEWARN', `12h')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`STATUS_FILE',`/etc/mail/sendmail.st')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
FEATURE(`local_procmail', `/usr/bin/procmail')dnl
FEATURE(`always_add_domain')dnl
define(`confCW_FILE',` /etc/mail/local-host-names')dnl
FEATURE(`smrsh')dnl
define(`confEBINDIR',`/usr/lib/libexec')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`redirect')dnl
FEATURE(`virtusertable',` hash -o /etc/mail/virtusertable')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 PLAIN LOGIN PAM')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 PLAIN LOGIN PAM')dnl
MAILER(`smtp')dnl
i) run :
m4 ../m4/cf.m4 linux.mc > sendmail.cf
j) cp sendmail.cf /etc/mail
if /etc/mail does not exist , create it and then copy
k) cd /usr/local/src/sendmail-8.13.5/
l) groupadd -g smmsp; useradd -g smmsp smmsp
m) sh Build
n) sh Build install
o) create a file called /etc/rc.d/init.d/sendmail with following lines ( the standard redhat startup-script):
#!/bin/sh
#
#This shell script takes care of starting and stopping sendmail.
#
# chkconfig: 2345 80 30
# description: Sendmail is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: sendmail
# config: /etc/sendmail.cf
# pidfile: /var/run/sendmail.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Source sendmail configureation.
if [ -f /etc/sysconfig/sendmail ] ; then
. /etc/sysconfig/sendmail
else
DAEMON=yes
QUEUE=1h
fi
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/sendmail ] || exit 0
RETVAL=0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting sendmail: "
/usr/bin/newaliases > /dev/null 2>&1
for i in virtusertable access domaintable mailertable ; do
if [ -f /etc/mail/$i ] ; then
makemap hash /etc/mail/$i < /etc/mail/$i
fi
done
daemon /usr/sbin/sendmail $([ "$DAEMON" = yes ] && echo -bd) \
$([ -n "$QUEUE" ] && echo -q$QUEUE)
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
;;
stop)
# Stop daemons.
echo -n "Shutting down sendmail: "
killproc sendmail
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
;;
restart|reload)
$0 stop
$0 start
RETVAL=$?
;;
status)
status sendmail
RETVAL=$?
;;
*)
echo "Usage: sendmail {start|stop|restart|status}"
exit 1
esac
exit $RETVAL
********* End of start/stop sendmail script ************
0) use /etc/rc.d/init.d/sendmail start/stop to start/stop sendmail
p) cd /etc/mail
q) touch local-host-names access domaintable mailertable virtusertable
r) if not exist, create dir /var/spool/mqueue
Sendmail installation is complete
Authentication with PAM
Edit /usr/lib/sasl/Sendmail.conf. Add the following line to it:
pwcheck_method: PAM
Create /etc/pam.d/smtp with following lines:
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
Test your setup, by using clients like Outlook Express and relay mail through this server.
