AUTH Running As a Client

For V8.10 and V8.11, the default authorization information for the local machine acting as a client is contained in the file /etc/mail/default-auth-info. Beginning with V8.12, that information is contained in the access database, unless you tell sendmail otherwise by declaring the authinfo feature (FEATURE(authinfo) on page 616):

FEATURE(`authinfo')  ← V8.12 and later

The file or database, if present, must live in a safe directory and must be given secure permissions. It contains the information needed to authenticate a client (outbound) connection, and its contents are described in detail in DefaultAuthInfo on page 999. Note that the DefaultAuthInfo option is deprecated as of V8.12, and the information in that file is instead looked up by default in the access database.

If you wish to force all connections to be authenticated, you can do so by specifying the a key letter to the DaemonPortOptions option (DaemonPortOptions on page 993). But note that you must not do this on a publicly accessible MTA that serves the Internet. You should do it only on client machines on your internal network, where those client machines connect only to your Internet mail server:

define(`confDAEMON_OPTIONS',`a')     ← V8.9 only
DAEMON_OPTIONS(`M=a')                ← V8.10 and later

Authinfo and the access database (V8.12 and later)

Under V8.12, default client authentication information was moved out of the default-auth-info text file and into the access database. If you prefer a more secure database ...

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.