● OpenBSD Sendmail + SMTP AUTH mini HOWTO(转寄 - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: jjksam (欢迎光临荔园晨风Linux版, InstallBBS版!), 信区: Linux
标  题: OpenBSD Sendmail + SMTP AUTH mini HOWTO(转寄)
发信站: 荔园晨风BBS站 (Sat Dec  8 19:22:35 2001), 转信

【以下文字转载自 jjksam 的信箱】
【原文由 jjksam@smth.org 所发表】
发信人: scaner (水荫路-安流桥), 信区: FreeBSD
标  题: OpenBSD Sendmail + SMTP AUTH mini HOWTO(转寄)
发信站: BBS 水木清华站 (Sun Dec  2 23:33:04 2001)

OpenBSD Sendmail + SMTP AUTH Mini-HOWTO
Introduction
This Mini-HOWTO describes the steps I took to set up sendmail with SMTP AUTH
[RFC 2554] support on OpenBSD 2.9. It covers recompiling OpenBSD's sendmail
sources with support for SASL [RFC 2222], which SMTP AUTH is based on. Note
that I am talking about
the sendmail source code distributed with OpenBSD's source tree here (ie.
from the OpenBSD 2.9 src.tar.gz archive file) and not the sendmail source
tarball distributed by www.sendmail.org.
Caveat and Disclaimer
If you are following these instructions with a version of OpenBSD other than
2.9, your mileage may vary. Another version of OpenBSD should be fairly
similar, but you may well have some additional problem solving to do.
As usual, I am responsible for nothing you do. You are responsible for
everything you do. If you destroy your system, it is your fault. It is not my
fault, the fault of my parents, the fault of my children or the fault of my
dog.

Recompiling OpenBSD's Sendmail with SASL Support
In order to recompile sendmail with SASL support, you will need to first
install the 'cyrus-sasl' port from the OpenBSD ports tree. The following
steps will accomplish this.

  o Download ports.tar.gz

  o Untar it in /usr with a command like
    tar -C /usr -xvzf ports.tar.gz

  o cd to
    /usr/ports/security/cyrus-sasl

  o Do a
    make install ; make clean

Next, you will need to install the OpenBSD source tree so the sendmail source
is available. The following steps will accomplish this.

  o Download src.tar.gz

  o Untar it in /usr/src with a command like
      tar -C /usr/src -xvzf src.tar.gz

Now, to recompile sendmail with the SASL libraries and SASL support, do the
following.

  o cd to
    /usr/src/gnu/usr.sbin/sendmail/sendmail

  o Edit the Makefile in this directory as follows
    Add -DSASL to the ENVDEF variable
    Add -lsasl to the LDADD variable

  o Edit the sendmail.h file and change
    # include <sasl.h>
    to
    # include <sasl/sasl.h>

  o Make the following symlinks
    ln -s /usr/local/include/sasl /usr/include/sasl
    cd /usr/local/lib ; ln -s libsasl.so.8.8 libsasl.so

  o Add /usr/local/lib to your LD_LIBRARY_PATH like so
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib

  o cd to
    /usr/src/gnu/usr.sbin/sendmail

  o Do a
    make ; make install ; make clean

Now, assuming god loves you, your sendmail binary has SMTP AUTH support. :-)

Fixing OpenBSD's 'cyrus-sasl' Port
For some reason, although the cyrus-sasl port make symlinks as required in
the /usr/local/lib/sasl directory, it makes them all wrong. It makes dangling
symlinks to library files that don't exist! In order to have your new
sendmail binary actually be
able to support SMTP AUTH via these sasl libraries, you need to delete all
the symlinks in this directory and re-create them such that they actually
point to the real library files. For example, the follwing should do it.

  cd /usr/local/lib/sasl
  find . -type L -exec rm {} \;
  ln -s libanonymous.so.1.15 libanonymous.so
  ln -s libcrammd5.so.1.15 libcrammd5.so
  ln -s libdigestmd5.so.0.17 libdigestmd5.so
  ln -s libkerberos4.so.1.15 libkerberos4.so
  ln -s libplain.so.1.14 libplain.so

At this point, your sendmail binary and the SASL libraries it is dependant on
for SMPT AUTH support are all ready to rock. All you need to do now in order
to make use of SMTP AUTH is configure SASL and sendmail. Note that if you do
no additional
configuration from this point, your sendmail should continue to function
fine. It will just not have SMTP AUTH configured for use.

Creating a SASL Sendmail.conf file
You need to create a /usr/local/lib/sasl/Sendmail.conf file for sendmail. The
contents of mine is as folows, but your requirements may differ.

  pwcheck_method: sasldb

This makes SMTP AUTH use /etc/sasldb, the SASL database.

The possible arguments to pwcheck_method here are:

  sasldb         The user is looked up in sasldb with the realm
  passwd         The user is looked up via getpwnam()
  shadow         The user is looked up via getspnam()
  PAM            The user is looked up via PAM
  kerberos_v4    The user is looked up via KERBEROS V4
  pwcheck        The user/passwd combination is checked via a seperate daemon

Use whatever suits your need, but I am concentrating on sasldb here.

Configuring Users
To create users with associated passwords in /etc/sasldb, use the
'saslpasswd' command as follows:

  saslpasswd someuser

It will prompt you to enter the password twice and then create or modify the
specified user accordingly. Note that the /etc/sasldb file is created the
first time this command is used. Be sure the ownership and permissions are
appropriate upon creation
(ie. read and write by root only).

You can check the conents of /etc/sasldb with the 'sasldblistusers' command.

Configuring /etc/mail/sendmail.cf
In order to have relaying for authenticated users actually work, you will
need to make some additions to your /etc/mail/sendmail.cf file. Using the m4
configuration method, I added the following to my domain.m4 file and
regenerated senmdail.cf.

define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 GSSAPI KERBEROS_V4')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 GSSAPI KERBEROS_V4')dnl
define(`confDEF_AUTH_INFO', `/etc/mail/default-auth-info')dnl
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Name=MTA')
DAEMON_OPTIONS(`Port=587, Name=MSA, M=a')dnl

Your requirements may be different however, so I caution you to read the
relevant sections of the sendmail README file and whatever other resources
are necessary for you to have properly done your homework on this.

That's all I'm going to say about configuring sendmail because I figure that
if you don't already have a pretty darn good idea how to do it, you probably
aren't reading this.

Resources
Additional, relevant webpages that may be of interest:

  o  SMTP AUTH in sendmail 8.10/8.11

  o  Cyrus SASL for System Administrators

Additional, relevant RFCs that may be of interest:

  o  RFC 2595     Using TLS with IMAP, POP3 and ACAP

Why this Mini-HOWTO sucks
This sucks because I'm busy (sorry), but it is better that you found this
from a web search than nothing at all. :-)
Good Luck,

-- Kyle

--
带着永远的伤痛, 至少我还拥有自由

※ 来源:·BBS 水木清华站 smth.org·[FROM: 166.111.215.38]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店