For When You Can't Have The Real Thing
[ start | index | login ]
start > CentOS > 7 > Get Sendmail To Listen On 25, 425, and 587

Get Sendmail To Listen On 25, 425, and 587

Created by dave. Last edited by dave, 6 years and 319 days ago. Viewed 1,751 times. #4
[diff] [history] [edit] [rdf]
labels
attachments
(2017-05-03)

Problem

I want one sendmail.cf to control access to port 25 (no auth, access rules only), 425 (SSL-SMTP-AUTH), and 587 (TLS-SMTP-AUTH).

Solution

These are the changes I made to a stock sendmail.mc file:

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confDH_PARAMETERS', `1')dnl
dnl Disable default MSA port support
FEATURE(`no_default_msa')dnl
dnl Modifiers=E - disable ETRN support
dnl Modifiers=a - require SMTP authentication
dnl Modifiers=s - provide smtps
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, Modifiers=Ea')dnl
DAEMON_OPTIONS(`Family=inet,  Name=SMTPS-v4, Port=smtps, Modifiers=Eas')dnl

Thera are corresponding lines for IPv6 services as well, but we don't currently pass mail over IPv6.

Note

Note you'll also need cyrus-saslauthd and cyrus-saslauthd-plain installed and the saslauthd.service running.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt