Created: 2014-08-25 — modified: 2014-09-04 — tags: e-mail
By default sendmail is configured in such a way that any program running on localhost can send an email without password, and none from another computer can do that. But what if you want to change that?
On Ubuntu server 12.04 most required packages are already installed, and only authentication modules for SASL are missing (SASL is a library used to check username and password). To install them, just type:
apt-get install libsasl2-modules
First, to make sendmail use SASL, add this line somewhere in the middle of the
Next, to allow incoming connections, remove
DAEMON_OPTIONS lines in the same file, to make them look like this:
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea')dnl
/etc/mail/sendmail.mc file, rebuild sendmail config by issuing the following command:
Passwordless access from localhost
Now sendmail would relay (send email to foreign hosts) only when provided a password.
If you want to return the ability to send email from localhost without a password, first edit
comment out everything but
localhost and issue the following command to rebuild access database:
makemap hash access < access
After that, add this line somewhere to
Files and settings
Settings are scattered in these files:
/etc/mail/sasl/sasl.m4 defines how sendmail uses SASL library: settings
show what authentication methods are supported and authorize user, respectively
(that's about methods to transfer password from e-mail client to sendmail).
/usr/lib/sasl2/Sendmail.conf shows how SASL checks if the password is correct.
By default it says
what means that it uses SASL auth demon.
Configuration for this demon is stored in
file, which by default has a line
which means "use system method" (by default, username+password for local account).
These settings can be changed, but that's out of scope of this article, sorry.
To better secure your email (and its password!), you probably want to setup SSL connections, too. To do that, you need an SSL certificate (you can get one from Start SSL for free) and just perform first three steps from official guide.