Basic Outbound Authentication for Sendmail



 

 


One of the problems I have had recently is that many ISPs are no longer providing outbound email servers for various reasons. So outbound email for some of my own devices as well as some of my customers has been blocked.

Authentication

It is possible to use a number of different forms of authentication so that mobile users can authenticate with their own sendmail server in order to allow email relaying. It has taken a lot of work to figure this out.

This particular method is fairly insecure, but is does work and is OK so long as no one is eavesdropping on your internet connection, especially if you are using wireless.

On the Server

Install the cyrus-sasl package.

yum -y install cyrus-sasl

Then start and enable the saslauthd service. The following sequence works on Fedora 15 and above.

systemctl enable saslauthd.service
systemctl start saslauthd.service

Use chkconfig and service commands on CentOS and prior to Fedora 15.

service saslauthd start
chkconfig saslauthd on

In order to protect your personal passwords, create a new user which will be used only for SMTP authentication. Be sure to make this a nologin user to prevent hackers from logging in to the account even if they obtain the password.

useradd -c “Sendmail authentication user” smauth -s /usr/sbin/nologin

Now create a password for the new user.

On the Client

Most clients support some form of outbound SMTP authentication. So go to your client configuration for account settings for the outbound server and, in the appropriate places, select or add the following information. These fields are specifically for Firefox.

Connection Security None
Authentication Method Password Transmitted insecurely
User Name The user name you created above. For this example, smauth.

The first time you attempt to send an email after configuring this, you will be asked for a password. Enter the password you created for the user on the server, above.