HPlogo Sendmail 8.13.3: Secure Mailing Solution

Using Sendmail 8.13.3 with AUTH
» 

Technical documentation

Complete book in PDF

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

This section discusses how to use Sendmail 8.13.3 with the AUTH feature.

Follow this procedure if you use Sendmail 8.13.3 only to transfer mail from your local computer to a mail server that requires SMTP AUTH authentication:

  1. Follow this procedure to generate the /etc/mail/sendmail.cf file:

    NOTE: Ensure that you obtain a backup of the existing Sendmail 8.13.3 configuration files (/etc/mail/sendmail.cf and /etc/mail/submit.cf) so that you can revert to the original state if you encounter any configuration issues and you do not loose any site-specific customized configuration.

    1. To change the directory to the /usr/newconfig/etc/mail/cf/cf directory, enter the following command:

      cd /usr/newconfig/etc/mail/cf/cf

    2. To copy the generic-hpux10.mc file to the generic-hpux10.mc.ORIG file, enter the following command:

      cp generic-hpux10.mc generic-hpux10.mc.ORIG

    3. Add the following entries to the generic-hpux10.mc file and enter the sendmail-sasl server name:

      define(`SMART_HOST',<` sendmail-sasl server name'>dnl 
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM
- MD5 LOGIN PLAIN')dnl
 FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl

    4. To generate the sendmail.cf.gen file, enter the following command and select the "5: Generate sendmail.cf" option in the main menu:

      ./gen_cf

    5. To copy the /etc/mail/sendmail.cf file to the /etc/mail/sendmail.cf.PREVIOUS file, enter the following command:

      cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.PREVIOUS

    6. To copy the sendmail.cf.gen file to the /etc/mail/sendmail.cf file, enter the following command:

      cp sendmail.cf.gen /etc/mail/sendmail.cf

    7. To restore the generic-hpux10.mc file, enter the following command:

      cp generic-hpux10.mc.ORIG generic-hpux10.mc

  2. Follow this procedure to set up Sendmail 8.13.3 as a SASL client:

    1. To change directory to the location where the Sendmail 8.13.3 configuration files are located (usually the /etc/mail/. directory), enter the following command:

      cd /etc/mail/

    2. To create a safe subdirectory called auth under the /etc/mail/ directory, enter the following commands:

      mkdir auth

      chmod 700 auth

    3. To create a file called client-info under the /etc/mail/auth directory, enter the following command:

      vi client-info

    4. Enter your authentication information in the client-info file using the following syntax:

      AuthInfo: <server_name> "U:root" "I: <username>" "P: <password>" “M: <auth_mech>”

      where:

      server_name

      Specifies the Sendmail 8.13.3 SASL server name.

      username

      Specifies the user name to which the authentication information applies.

      password

      Specifies the password that is configured using the saslpasswd2 command in the Sendmail 8.13.3 SASL server.

      auth_mech

      Specifies the list of client preferred authentication mechanisms in the ascending order.

      Example 2 Sample Authentication Information

      Following is a sample authentication information that you can enter in the client-info file:

      AuthInfo:hostname.domain-name "U:root" "I:root" "P:abc"
 "M:DIGEST-MD5 CRAM-MD5 PLAIN LOGIN"
      NOTE: In this example, the client first uses the DIGEST-MD5 mechanism. If this mechanism fails or the server does not support this mechanism, the client uses the CRAM-MD5 mechanism. Similarly, the client uses the subsequent authentication mechanisms if the current authentication mechanisms fail.

    5. To update the DefaultAuthInfo option in the /etc/mail/sendmail.cf file, use the following entry:

      #O DefaultAuthInfo=/etc/mail/auth/client-info

    6. To generate the authentication database and to provide readable permission only to the superuser, enter the following commands:

      # cd auth

      # makemap hash client-info

      # chmod 600 client-info*

      # cd ..

    7. To restart the Sendmail 8.13.3 server, enter the following commands:

      /sbin/init.d/sendmail stop

      /sbin/init.d/sendmail start

    NOTE: If you use the FEATURE(`authinfo') option, the hostname in the map entry must match exactly with the hostname of the ISP mailserver, as explained in the ../cf/README file.

    Sendmail 8.13.3 searches only for domain parts or IP nets if you use the access map. If you use the authinfo feature, Sendmail 8.13.3 performs only three lookups, one default and two exact matches.



Configuring Sendmail 8.13.3 with SASL
  		 


Verifying the Cyrus SASL Setup  
© Hewlett-Packard Development Company, L.P.