Sendmail 8.13.3 Securing Mailing Solution
1. Uncomment the following entries in the /etc/mail/sendmail.cf file:
C{TrustAuthMech}GSSAPI DIGEST-MD5 LOGIN PLAIN
O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
LOGIN PLAIN EXTERNAL
O DefaultAuthInfo=/etc/mail/default-auth-info
O AuthOptions=A
NOTE: If these entries are already uncommented, ensure that you assign the
previously mentioned values to the TrustAuthMech, AuthMechanisms,
DefaultAuthInfo, and AuthOptions options.
2. Create the /usr/lib/sasl2/Sendmail.conf file with following entries:
pwcheck_method: auxprop mech_list:
login plain cram-md5 digest-md5
Ensure that you have provided permission only for the superuser to access the
/usr/lib/sasl2/Sendmail.conf file, as follows:
# cd /usr/lib/sasl2/
# chmod 600 Sendmail.conf
3. To set the SASL password of the user for server programs and SASL mechanisms
that use the standard libsasl database of user secrets, enter the following
command:
saslpasswd2 -a appname -c [–u] <server_domain_name> userid
The saslpasswd2 command prompts and accepts the SASL password, and creates
the /etc/sasldb2 file.
Example 1 Sample saslpasswd2 Command
Following is a sample saslpasswd2 command:
saslpasswd2 -a Sendmail -c –u <domain-name> root
where:
Sendmail Specifies the application name.
<domain-name> Specifies the domain name of the Sendmail 8.13.3 server.
root Specifies the user ID.
4. To restart the Sendmail 8.13.3 server, enter the following commands:
/sbin/init.d/sendmail stop
/sbin/init.d/sendmail start
Verifying the SASL Configuration
Follow this procedure to ensure that SASL is set up properly on the Sendmail 8.13.3
server:
24