יום ראשון, אוגוסט 23, 2009

HOWTO: Sendmail authentication against your ISP

After the trouble I had with incoming mail, I decided to migrate my sendmail configuration to use the big ISP mail server -- this documents establishing SMTP authentication against an ISP.

What I already had:
  • SMART_HOST configured in my /etc/mail/sendmail.mc:

  • define(`SMART_HOST',`smtp:mail.actcom.co.il')

  • Masquerade definitions, as I use a fictitious domain on my internal network.

  • MASQUERADE_AS(`actcom.co.il')dnl The domain of my ISP
    ... some optional features...
    FEATURE(masquerade_entire_domain)dnl
    ... The domains that are masqueraded
    MASQUERADE_DOMAIN(localhost.localdomain)dnl
    MASQUERADE_DOMAIN(my.internal.domain)dnl

  • The sendmail m4 macro package installed. In Fedora it is packaged
    as sendmail-cf
The only changes in /etc/mail/sendmail.mc were:
  • Updating the SMART_HOST to the new mail server (out.bezeqint.net).
  • I did not need to update the MASQUERADE_AS, since my mail address remained the same.
  • Adding a new FEATURE:

  • FEATURE(authinfo)dnl


Now I had to create a new file /etc/mail/authinfo and make it readable only by root:
cd /etc/mail && touch authinfo && chmod 600 authinfo
The content of this file (for my ISP) is:
AuthInfo:server "R:realm" "U:user" "P:pass" "M:mechanisms"
Details:
  • server - the name or IP of your ISP mail server (out.bezeqint.net for my ISP)
  • realm - the domain of your ISP (bezeqint.net for my ISP). I first didn't set it and it caused obvious auth failures, as the default was my fictitious internal domain.
  • user - for me it was different than 'oron' because the ISP modified the internal names of the users when it acquired Actcom.
  • pass - guess what?
  • mechanisms -- the default is a list of secure mechanisms (GSSAPI, etc.) obviously my ISP doesn't use anything like that so I had to give it explicitly as: "M:LOGIN PLAIN"
  • The quotes around each items are mandatory!
For anyone who want the gory details, just make sure you have the sendmail-cf package installed and search authinfo (ignoring case)
in /usr/share/sendmail-cf/README.

Last but not least. They seem to be using Postfix, but don't support TLS, which means the users password is transmitted in the clear every time she send mail. Please don't tell this to Wietse_Venema so he won't get a heart attack.

אין תגובות:

הוסף רשומת תגובה