freebsd + ssl + sasl + auth + sendmail 安装手册

[1] 准备文件
openssl-0.9.7c.tar.gzhttp://www.openssl.org/source/
cyrus-sasl-1.5.28.tar.gzftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
sendmail.8.12.9.tar.gz

[2]安装openssl
# tar -zxvf openssl-0.9.7c.tar.gz
# cd openssl-0.9.7c
# ./config --prefix=/usr --openssldir=/etc/ssl shared
# make
# make test
# make install
# strip /usr/bin/openssl /usr/lib/libcrypto.a /usr/lib/libssl.a
# cp -fR /etc/ssl/man /usr
# rm -rf /etc/ssl/man
# ldconfig -v

[3]安装sasl
# tar -zxvf cyrus-sasl-1.5.28.tar.gz
# cd cyrus-sasl-1.5.28.tar.gz
# ./configure -prefix=/usr --enable-login --enable-plain --enable-cram --enable-digest --with-pwcheck --disable-krb4 --disable-gssapi --disable-anon --disable-otp
# make
# make install
# echo "/usr/lib/sasl" >> /etc/ld.so.conf
# ldconfig -v
# mkdir /var/pwcheck
# vi /usr/lib/sasl/Sendmail.conf
pwcheck_method:sasldb

[4]添加安全认证用户
# /usr/sbin/saslpasswd zhangfl

[5]安装sendmail
# tar -zxvf sendmail.8.12.9.tar.gz
# cd sendmail-8.12.9
# vi devtools/Site/site.config.m4
APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL -DSTARTTLS')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl -lssl -lcrypto')
APPENDDEF(`confENVDEF',`-DSASL')
APPENDDEF(`confLIBDIRS',`-L/usr/lib/sasl')
APPENDDEF(`confINCDIRS',`-I/usr/include')
# sh Build -c
# cd cf/cf
# cp /etc/mail/freebsd.mc sendmail.mc
# vi sendmail.mc
TRUST_AUTH_MECH(`LOGIN PLAIN CRAM-MD5 DIGEST-MD5')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN CRAM-MD5 DIGEST-MD5')dnl
dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info')
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=25, Name=MSA, M=Ea')dnl
define(`confCACERT_PATH', `/etc/ssl/certs')dnl
define(`confCACERT', `/etc/ssl/certs/certificate-authority.crt')dnl
define(`confSERVER_CERT', `/etc/ssl/certs/server.crt')dnl
define(`confSERVER_KEY', `/etc/ssl/certs/server.key')dnl
define(`confPRIVACY_FLAGS', `goaway')dnl
# sh Build sendmail.cf
# sh Build install-cf
# cd ../..
# sh Build install

[6]服务器配置证书
# openssl req -new -text -out cert.req
# openssl rsa -in privkey.pem -out cert.pem
# openssl req -x509 -in cert.req -text -key cert.pem -out cert.cert
# cp cert.pem $PGDATA/server.key
# cp cert.cert $PGDATA/server.crt