SASL and Your mc File

V8.10 sendmail and later offer macros for your mc configuration file that help with your SASL settings. We will cover them soon, but first we must describe two concepts central to SASL and its use: authorization and authentication.

Authorization refers to a user’s permission to perform certain actions. One form of authorization, for example, might be to allow a user to relay mail through your mail hub machine. In general, authorization is associated with a user’s identifier (userid), which may be the username or something more complex.

Authentication refers to the validation of a user or machine’s identity. One form of authentication, for example, might be the recognition that a laptop is a company-owned machine. Authentication is communicated inside credentials (more on this soon) and is associated with a client’s identifier (authid).

Your server requires AUTH

Your server can require AUTH for all connections only if it is not connected to the Internet for inbound email. For example, if your server functions as an outbound-only relay for machines behind a firewall, it might be appropriate to require AUTH for all connections.

For a normal server, one which functions as both an outbound relay and an inbound mail server, AUTH should be required only to enable relaying.

In general, the outbound role is handled by requiring AUTH upon connection, and the inbound role is based on the envelope sender. The two can, however, be combined, as when an AUTH mechanism (like CRAM-MD5 ...

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.