-
Install security/cyrus-sasl2 from the ports. You can find this port in
security/cyrus-sasl2. The security/cyrus-sasl2 port supports a number of compile-time
options. For the SMTP Authentication method we will be using here, make sure that the
LOGIN
option is not disabled.
-
After installing security/cyrus-sasl2, edit /usr/local/lib/sasl2/Sendmail.conf (or create it if it does not
exist) and add the following line:
pwcheck_method: saslauthd
-
Next, install security/cyrus-sasl2-saslauthd, edit /etc/rc.conf to add the following line:
saslauthd_enable="YES"
and finally start the saslauthd daemon:
# /usr/local/etc/rc.d/saslauthd start
This daemon serves as a broker for sendmail to authenticate
against your FreeBSD passwd database. This saves the trouble of
creating a new set of usernames and passwords for each user that needs to use SMTP authentication, and keeps the login and mail password the
same.
-
Now edit /etc/make.conf and add the following lines:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
These lines will give sendmail the proper configuration
options for linking to cyrus-sasl2 at compile time. Make sure that cyrus-sasl2 has been installed before recompiling sendmail.
-
Recompile sendmail by executing the following commands:
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install
The compile of sendmail should not have any problems if /usr/src has not been changed extensively and the shared libraries
it needs are available.
-
After sendmail has been compiled and reinstalled, edit your
/etc/mail/freebsd.mc file (or whichever file you use as your
.mc file. Many administrators choose to use the output from hostname(1) as the .mc file for uniqueness). Add these lines to it:
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
These options configure the different methods available to sendmail for authenticating users. If you would like to use a
method other than pwcheck, please see the included
documentation.
-
Finally, run make(1) while in /etc/mail. That will run your new .mc
file and create a .cf file named freebsd.cf (or whatever name you have used for your .mc file). Then use the command make install
restart, which will copy the file to sendmail.cf, and will
properly restart sendmail. For more information about this
process, you should refer to /etc/mail/Makefile.