The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,160 other followers

Managing sendmail TLS authenticated users

Posted by jpluimers on 2020/02/03

A few notes for managing the users that should be allowed to send mail via sendmail using TLS authentication.

Most of it is derived/summarised for [WayBack] SMTP AUTH in sendmail 8.10-8.13 and [WayBack] Creating Users for a Postfix-Based Mail Relay – Scott’s Weblog – The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

  1. Verify your sendmail allows TLS:
    # sendmail -d0.1 -bv | grep SASL
    NETUNIX NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF SOCKETMAP
  2. The list of TLS authentication users differs from the ones in /etc/passwd
  3. The tools and files manage if  the output is SASLv2 or older. For SASLv2 they are:
    • /etc/sasldb2 has the users/passwords
    • sasldblistusers2 lists the users
    • saslpasswd2 manages users

For instance, this commands creates a new user for use with sendmail:

# saslpasswd2 -c -u example.org firstname.lastname
Password:
Again (for verification):

sasldblistusers2

firstname.lastname@example.org: userPassword

cat /etc/sasldb2

....................firstname.lastname@example.orguserPassword

For future reading:

I thought I needed this so I could add an alias @pluimers.com to my gmail box, as I read only the accepted answer at [WayBack] Add new alias to Gmail without SMTP (forwarding-only address) – Web Applications Stack Exchange pointing to:

I should have read the second answer at [WayBack] Add new alias to Gmail without SMTP (forwarding-only address) – Web Applications Stack Exchange:

As of writing, however, you can simply use the Gmail SMTP server, as long as you use [WayBackGoogle two-step authentication.

So just for completeness, the full steps:

  1. Gmail settings, Accounts and Import tab.
  2. Add another email address you own
  3. Type name and email address to be added.
  4. For SMTP Server, put smtp.gmail.com
  5. For Username, your full Gmail address including @gmail.com
  6. For password, provide an App Password generated in Google Accounts at https://security.google.com/settings/security/apppasswords
  7. Leave Secured connection using TLS selected as is.
  8. Add Account

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: