I’ve been wanting to setup my OpenSolaris server at home to be able to send me email notifications when a disk fails, service dies, etc. Like most people though, my ISP requires authentication in order to send mail through their SMTP gateway. So these are the steps I took to get the sendmail service setup with SMTP Auth. A basic overview can be found over at sendmail.org here. I’m working on build 134, but these instructions should be good for the last official release (2009.06) as well.
Note: It appears that this setup will only work if the config/local_only property of the sendmail service is set to false. So set that to false before proceeding by:
$ pfexec svccfg -s sendmail setprop config/local_only = false $ pfexec svcadm restart sendmail
If someone smarter than I could tell me how to compile sendmail to support this ‘local_only’ mode (via sendmail -bl) I would appreciate it.
Unfortunately the sendmail included in OpenSolaris does not include SASL support (which is needed for SMTP Auth). So we’ll have to install some libs and re-build the sendmail library. First things first, get a C compiler if you don’t already have one:
$ pfexec pkg install gcc-3
Get the SASL library installed. I used the Cyrus SASL library found here. There is also a GNU SASL library that I have not tested. I configured it to install at /usr/sfw for simplicity but change that if you so desire. Also note the use of gtar to extract the archive, not tar.
$ gunzip cyrus-sasl-2.1.23.tar.gz $ gtar xf cyrus-sasl-2.1.23.tar $ cd cyrus-sasl-2.1.23 $ ./configure --prefix=/usr/sfw $ make $ pfexec make install
Create a symbolic link to the new SASL libs (not sure if this is needed but it was recommended):
$ pfexec ln -s /usr/sfw/lib/sasl2 /usr/lib/sasl2
Next up install DB support. This is so sendmail can read the db file with your authentication info in it. For this I used Berkely DB which you can get from Oracle here.
$ gunzip db-4.7.25.NC.tar.gz $ tar xf db-4.7.25.NC.tar $ cd db-4.7.25.NC/build_unix/ $ ../dist/configure --prefix=/usr/sfw $ make $ pfexec make install
Now we can compile sendmail with support for the SASL and DB that we just installed. For compatibility I would recommend getting the same version of sendmail your system is currently running. To check that run:
$ sendmail -d0.1 Version 8.14.4+Sun
So I got sendmail v8.14.4. Extract it and create a config file from the example provided.
$ gunzip sendmail.8.14.4.tar.gz $ tar xf sendmail.8.14.4.tar $ cd sendmail-8.14.4/ $ cp devtools/Site/site.config.m4.sample devtools/Site/site.config.m4
Edit the config file and if you don’t need phclient comment out the following lines (put dnl at the beginning of each line). If you don’t know what this is you probably don’t need it.
APPENDDEF(`confMAPDEF',`-DPH_MAP') APPENDDEF(`confLIBS', `-lphclient') APPENDDEF(`confINCDIRS', `-I/opt/nph/include') APPENDDEF(`confLIBDIRS', `-L/opt/nph/lib')
Next change the following lines under STARTTLS support:
APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib -R/usr/local/ssl/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include')
to:
APPENDDEF(`confLIBDIRS', `-L/usr/lib -R/usr/lib') APPENDDEF(`confINCDIRS', `-I/usr/include/openssl')
Now add the following to the config file. If you changed the install location for SASL and DB be sure to update their locations here.
dnl ### SASL support APPENDDEF(`confENVDEF', `-DSASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confINCDIRS', `-I/usr/sfw/include/sasl') dnl ### Berkley DB support APPENDDEF(`confENVDEF', `-DNEWDB') APPENDDEF(`confINCDIRS', `-I/usr/sfw/include') APPENDDEF(`confLIBDIRS', `-L/usr/sfw/lib')
Build sendmail
$ ./Build
Now we could go about doing a full install but the easiest thing to do in this case is just replace the system’s current sendmail binary with the one we just built. This is why it’s a good idea to use the same version the system is already running. Be sure to disable any running sendmail services first.
$ pfexec svcadm disable sendmail-client $ pfexec svcadm disable sendmail $ pfexec mv /usr/lib/sendmail /usr/lib/sendmail_orig $ pfexec cp obj.SunOS.5.10.i86pc/sendmail/sendmail /usr/lib/sendmail
Then apply the correct permissions to the new file:
$ pfexec chgrp smmsp /usr/lib/sendmail $ pfexec chmod +s /usr/lib/sendmail
Now’s a good time to check your new binary by enabling the sendmail service:
$ pfexec svcadm enable sendmail
If everything looks good then disable it again and proceed. Ok great, sendmail now has the capability of using SMTP Auth! Now all you have to do is tell it to do so…
You’ll need to create a DB file of your authentication info for sendmail to look at. First, start with a normal text file (I made mine at /etc/mail/auth/client-info).
$ pfexec mkdir /etc/mail/auth $ cd /etc/mail/auth $ pfexec vi client-info
Put your authentication info in it with the following format:
AuthInfo:smtp.your-isp.net "U:root" "I:your-isp-user" "P:your-isp-password"
Substitute in your ISP’s smtp server, and your user/pass. Use makemap to turn that file into a hashed db. Then upgrade the resulting .db file to a format acceptable by the DB libs you installed earlier.
$ pfexec makemap hash client-info < client-info $ pfexec /usr/sfw/bin/db_upgrade client-info.db
You’ll probably want to keep these files private:
$ pfexec chmod 600 client-info*
Finally, tell sendmail to use the auth db you just created by building the sendmail config file. Create a sendmail.mc file at sendmail-8.14.4/cf/cf/. This of course can be customized to your heart’s content but here’s what I used:
VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro Exp $') OSTYPE(solaris8)dnl DOMAIN(generic)dnl dnl define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl define(`SMART_HOST',`smtp.your-isp.net')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info.db')dnl MAILER(`local')dnl MAILER(`smtp')dnl
Be sure to fill in your ISP’s smtp server in the SMART_HOST define. Also, if you stored your auth db file at a location other than the one I did, update the path here. You may or may not need this but if you want to specify the domain mail is sent from add the following line to submit.mc:
define(`confDOMAIN_NAME',`domain-to-send-from.com')
Now build the config files and copy them into place:
$ ./Build sendmail.cf $ ./Build submit.cf $ pfexec mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf_orig $ pfexec mv /etc/mail/submit.cf /etc/mail/submit.cf_orig $ pfexec cp sendmail.cf /etc/mail/ $ pfexec cp submit.cf /etc/mail/
Ok, enable the sendmail and sendmail-client services again and you should be able to send mail via the sendmail or mailx command like so (end with a ^D:
$ mailx -s "Mail Subject" you@youraddress.com This is a test mail from my new SMTP Auth sendmail! EOT
Leave a comment if you run into any issues!
Comments are closed.