SASL and Your mc File
V8.10 sendmail and later offer macros for your mc configuration file that help with your SASL settings. We will cover them soon, but first we must describe two concepts central to SASL and its use: authorization and authentication.
Authorization refers to a
user’s permission to perform certain actions. One
form of authorization, for example, might be to
allow a user to relay mail through your mail hub
machine. In general, authorization is associated
with a user’s identifier (userid), which may be the username or
something more complex.
Authentication refers to the
validation of a user or machine’s identity. One form
of authentication, for example, might be the
recognition that a laptop is a company-owned
machine. Authentication is communicated inside
credentials (more on this soon) and is associated
with a client’s identifier (authid).
Your server requires AUTH
Your server can require AUTH for all connections
only if it is not connected to the Internet for
inbound email. For example, if your server
functions as an outbound-only relay for machines
behind a firewall, it might be appropriate to
require AUTH
for all connections.
For a normal server, one which functions as
both an outbound relay and an inbound mail server,
AUTH should be
required only to enable relaying.
In general, the outbound role is handled by
requiring AUTH
upon connection, and the inbound role is based on
the envelope sender. The two can, however, be
combined, as when an AUTH mechanism (like CRAM-MD5 ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
