June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
8.18. Using an SMTP Server from Arbitrary Clients
Problem
You want your SMTP server to relay mail from arbitrary places, without creating an open relay.
Solution
Use SMTP authentication. To set up the server:
Find this line in /etc/mail/sendmail.mc:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
and change it to:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
The default setting restricts sendmail to accepting connections only from the same host, for security; now it will accept connections from elsewhere.
Make sure this line in /etc/mail/sendmail.mc appears uncommented (i.e., it is not preceded by the comment symbol
dnl):TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
If you have changed /etc/mail/sendmail.mc, rebuild your sendmail configuration file[3] and restart sendmail.
Rebuild the configuration:
# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Restart sendmail:
# /etc/init.d/sendmail restart
Establish an account for SMTP authentication, say, with username mailman:
# /usr/sbin/saslpasswd -c mailman Password:
********Again (for verification):********
Your mail server should now be ready to do SMTP authentication. To set up the email client:
Configure your mail client to use SMTP authentication for outbound email, using either the
DIGEST-MD5(preferred) orCRAM-MD5authentication types.Your client might also have an option nearby for a “secure connection” using SSL. Do not turn it on; that is a separate feature.
Try sending a test message via relay: address it to a domain considered ...