8.18. Using an SMTP Server from Arbitrary Clients

Problem

You want your SMTP server to relay mail from arbitrary places, without creating an open relay.

Solution

Use SMTP authentication. To set up the server:

  1. Find this line in /etc/mail/sendmail.mc:

    DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

    and change it to:

    DAEMON_OPTIONS(`Port=smtp, Name=MTA')

    The default setting restricts sendmail to accepting connections only from the same host, for security; now it will accept connections from elsewhere.

  2. Make sure this line in /etc/mail/sendmail.mc appears uncommented (i.e., it is not preceded by the comment symbol dnl):

    TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
  3. If you have changed /etc/mail/sendmail.mc, rebuild your sendmail configuration file[3] and restart sendmail.

    Rebuild the configuration:

    # m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

    Restart sendmail:

    # /etc/init.d/sendmail restart
  4. Establish an account for SMTP authentication, say, with username mailman:

    # /usr/sbin/saslpasswd -c mailman
    Password: ********
    Again (for verification): ********

Your mail server should now be ready to do SMTP authentication. To set up the email client:

  1. Configure your mail client to use SMTP authentication for outbound email, using either the DIGEST-MD5 (preferred) or CRAM-MD5 authentication types.

    Your client might also have an option nearby for a “secure connection” using SSL. Do not turn it on; that is a separate feature.

  2. Try sending a test message via relay: address it to a domain considered ...

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.