Sendmail and SMTP AUTH on RedHat Linux 9
Part 2 - Adding SMTP AUTH

Written by Tony Bhimani
December 5, 2004

Requirements
RedHat Linux 9
Sendmail 8.12.8
Cyrus SASL 2.1.10

Now we will add SMTP AUTH to the server. SMTP AUTH provides for a more secure server allowing only authorized users to send mail from it. Spammers use open relays to send unsolicited mail and SMTP AUTH prohibits them from doing it on your server. If we don't add the authentication and a spammer starts using your server, then you could get into trouble with your ISP or network host. Your IP could also end up on black lists and any legitimate coming from your server might be blocked by other mail servers.

We need to edit the sendmail.cf configuration file located in /etc/mail. Switch over to that directory and do a listing (ls).

cd /etc/mail
ls

As you can see there are quite a few files there. Right now we are only interested in sendmail.cf. In part 3 we will look at a couple others.

We will be using vi to edit the config file. Open sendmail.mc in vi and scroll down to the authentication mechanisms section.

vi sendmail.mc

Go into insert mode (press i) and add a few blank lines. Then add these three lines.
Note: For the first tick mark of each string, use the tick (it looks like a backwards apostrophe) on the tilde key.

TRUST_AUTH_MECH('LOGIN PLAIN')dnl
define('confAUTH_MECHANISMS', 'LOGIN PLAIN')dnl
define('confSMTP_LOGIN_MSG', '$j')dnl

The third line defines the SMTP login message. You can omit it if you want, but adding it effectively hides your mail server version. This is useful for making it hard to determine the version in case anyone is looking to run an exploit on it.

Scroll further down in the file and locate the line DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')dnl. We need to comment this line out so Sendmail will listen for remote connections. Add dnl to the beginning of the line.

We are done editing sendmail.mc. Save your changes and exit vi (press ESC, type :wq and press enter).

Now we have to rebuild the sendmail.mc file. Issue the following command.

make -C /etc/mail

For Sendmail to recognize the changes we made, we need to restart it.

service sendmail restart

Let's check if we can access the server remotely and if SMTP AUTH is enabled. If you have another system, then open telnet and connect to your mail server. Then issue the EHLO command to display the server's capabilities. I used Windows XP to run the test.

From the start menu, click Run and type cmd and press enter. From the command line, issue the following commands.

telnet 192.168.1.110 25
ehlo whatever
quit

Replace 192.168.1.110 with the IP address of your Sendmail server.

If everything works, then the server should accept your remote connection and list AUTH LOGIN PLAIN as one of its features.

Our next phase is to add a domain and email account to the server.

How would you rate the usefulness of this content? Poor 1 2 3 4 5 6 7 8 9 Outstanding Optional: Tell us why you rated the content this way. Characters remaining: 1024

Average rating: 5.25 out of 9. 1 2 3 4 5 6 7 8 9 4 people have rated this content.