SMTP_AUTH in sendmail 8.10

Last Update 2000-09-19

1. Introduction

ÀÌ ¼Ò½ºÈ­ÀÏÀº http://www.sendmail.org/~ca/email/auth.htmlÀ» ÂüÁ¶Çϸ鼭 ¾´ ±ÛÀÌ´Ù.

¼¾µå¸ÞÀÏ 8.10Àº SASL¿¡ ±âÃʸ¦ µÎ°í ÀÛ¼ºÇÑ RFC 2554¿¡¼­ Á¤ÇÏ°í ÀÖ´Â SMTP AUTH¸¦ Áö¿øÇÏ°í ÀÖ´Ù. ÀÌ ¹®¼­´Â ¼¾µå¸ÞÀÏ 8.10¹öÀü¿¡¼­ ÀÌ ±â´ÉÀ» Áö¿øÇϱâ À§ÇØ ¼³Ä¡ÇÏ°í ¿î¿µÇÏ´Â ÀýÂ÷¿¡ ´ëÇØ ±â¼úÇÏ°í ÀÖ´Ù.

¿ë¾îÁ¤ÀÇ
SASLÀº ÀÌ ¹®¼­¿¡¼­ Áß¿äÇÏ°Ô »ç¿ëÇÏ°í ÀÖ´Â µÎ°¡Áö ¿ë¾î authorization identifier °ú authentication identiferÀ» Á¤ÀÇÇÏ°í ÀÖ´Ù.

2. ¼³Ä¡

2.1 Cyrus SASL

cyrus-sasl ÇÁ·Î±×·¥À» °¡Á®¿Í¼­ ÄÄÆÄÀÏÇÑ´Ù. ¼Ò½º À§Ä¡´Â ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/¿¡ ÀÖÀ¸¸ç ÇöÀç (2000-7-19) ¹öÀüÀº 1.5.21 ¹öÀüÀÌ´Ù. ÀÌ ¹®¼­¿¡ Æ÷ÇԵǾî ÀÖ´Â README, INSTALLÀ» Àаí Cyrus SASL for System Administratorsµµ Àоî¶ó.

sasl¶óÀ̺귯¸®´Â /usr/local/lib, /usr/local/lib/sasl·Î ¼³Ä¡°¡ µÈ´Ù. ÀÌ´Â /etc/ld.so.conf¿¡ Á¤ÀÇÇÑ À§Ä¡°¡ ¾Æ´Ï¹Ç·Î sendmailÄÄÆÄÀϽà À§ ¶óÀ̺귯¸®¸¦ ãÁö ¸øÇϸç LD_LIBRARY_PATH¸¦ »ç¿ëÇÑ´Ù Çصµ sendmailÀÌ suidºñÆ®°¡ ÀÖÀ¸¹Ç·Î À̸¦ ¹«½ÃÇÏ¿© sendmailÀÌ ½ÇÇàµÇÁö ¸øÇÑ´Ù. µû¶ó¼­ /usr/lib¿¡ ln -s /usr/local/lib/sasl /usr/lib/sasl·Î ¸µÅ©½ÃÅ°°í /etc/ld.so.conf¿¡ /usr/local/lib¸¦ Ãß°¡ÇÑ ÈÄ /sbin/ldconfig ÇØµÎ´Â°Ô ÁÁ´Ù.

sasl ÄÁÇÇ±× È­ÀÏÀº /usr/local/lib/sasl¿¡ ÀÖÀ¸¸ç »ç¿ëÇÒ ÇÁ·Î±×·¥.conf¿Í °°Àº Çü½ÄÀ¸·Î ÁöÁ¤ÇÑ´Ù. ¼¾µå¸ÞÀÏÀÇ °æ¿ì /usr/local/lib/sasl¿¡ Sendmail.conf ¸¦ ¸¸µé¾î pwcheck_method: PAM ¸¦ Àû°í /etc/pam.d¿¡ smtpÈ­ÀÏÀ» ¸¸µé¾î ´ÙÀ½ ³»¿ëÀ» Àû´Â´Ù. 

	#%PAM-1.0
	auth       required     /lib/security/pam_pwdb.so shadow nullok
	account    required     /lib/security/pam_pwdb.so
¸¸ÀÏ Á¦°øÇÒ ÀÎÁõ¸ÞÄ«´ÏÁòÀÌ CRAM-MD5, DIGEST-MD5,PLAINÀ̶ó¸é Sendmail.conf¿¡ pwcheck_method: sasldb·ÎÇÏ°í /usr/local/sbin/saslpasswd¸¦ ÀÌ¿ëÇÏ¿© sasldb Æнº¿öµå È­ÀÏÀ» ÀÛ¼ºÇØ¾ß ÇÑ´Ù.

¾Æ¿ô·è ÀͽºÇÁ·¹½º 5.0, ³Ý½ºÄÉÀÌÇÁ 4.72¹öÀü¿¡¼­ SMTP AUTH±â´ÉÀ» Áö¿øÇÏ·Á¸é cyrus sasl¸¦ Ç®°í ./configure --enable-login °ú °°ÀÌ LOGIN ±â´ÉÀ» Æ÷ÇÔÇØ¾ß ÇÑ´Ù. LOGIN´Â rfc¿¡ ÀÖ´Â°Ô ¾Æ´Ï°í ¿¹ÀüºÎÅÍ Áö¿øÇÏ´ø ¾ÆÀ̵ð, Æнº¿öµå ÀÎÁõ ¹æ½ÄÀ» Áö¿øÇϱâ À§Çؼ­ Ãß°¡ÇÑ °ÍÀÌ´Ù.

2.2 ¼¾µå¸ÞÀÏ ÄÄÆÄÀÏ

¼¾µå¸ÞÀÏ ÄÄÆÄÀÏÇÒ¶§ devtools/Site¿¡ site.config.m4È­ÀÏÀ» ¸¸µé°í 
	APPENDDEF(`confENVDEF', `-DSASL')
	APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
	APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') 
	APPENDDEF(`confINCDIRS', `-I/usr/local/include')
Build, Build installÇÏ¸é ¼¾µå¸ÞÀÏÀÌ ¼³Ä¡µÈ´Ù.

sendmail.mcÈ­ÀÏÀº ±âÁ¸ mcÈ­ÀÏ¿¡ ´ÙÀ½ ³»¿ëÀ» Ãß°¡ÇÏ°í m4¸¦ ÅëÇØ sendmail.cf¸¦ ¸¸µé¸é µÈ´Ù. 

	include(`../m4/cf.m4')
	VERSIONID(`trade for smtp-only setup and procmail for Korean mail')dnl
	OSTYPE(linux)
	define(`confPRIVACY_FLAGS', ``authwarnings,noexpn,novrfy'')dnl
	FEATURE(nouucp,`reject')dnl
	FEATURE(always_add_domain)dnl
	FEATURE(use_cw_file)dnl
	FEATURE(local_procmail)dnl
	MAILER(local)dnl
	MAILER(smtp)dnl
	TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
	define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

2.3 Å×½ºÆ®

1. sendmail -d0.1 -bv root | grep SASL Çؼ­ SASLÀÌ ³ª¿À´ÂÁö È®ÀÎÇÑ´Ù.
2. sendmailÀ» ±âµ¿ÇÏ°í 25¹ø Æ÷Æ®·Î Á¢¼ÓÇؼ­ ehlo localhostÇÑÈÄ 250-AUTH°¡ ³ª¿À´ÂÁö È®ÀÎÇÑ´Ù. 

	% telnet localhost 25
	Trying 127.0.0.1...
	Connected to localhost.localdomain.
	Escape character is '^]'.
	220 trade.chonbuk.ac.kr ESMTP Sendmail 8.10.2/8.10.2; Thu, 20 Jul 2000 10:34:31 +0900
	EHLO trade
	250-trade.chonbuk.ac.kr Hello localhost.localdomain [127.0.0.1], pleased to meet you
	250-ENHANCEDSTATUSCODES
	250-EXPN
	250-VERB
	250-8BITMIME
	250-SIZE
	250-DSN
	250-ONEX
	250-ETRN
	250-XUSR
	250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
	250 HELP

3. Outlook, Netscape mail ¼³Á¤

3.1 Outlook

µµ±¸> °èÁ¤> º¸³»´Â ¸ÞÀϼ­¹ö¿¡¼­ ¾ÏÈ£ »ç¿ë - LOGIN id, passwd¼³Á¤

3.2 Netscape mail

Edit> Preference > Mail > Mail Server > Use Secure Socket Layer ...¿¡¼­ If Possible¸¦ ¼±ÅÃÇÑ´Ù.

4. telnet »ó¿¡¼­ È®ÀÎ (°¢ rfcÂüÁ¶)

4.1 http://www.sendmail.org/~ca/email/authrealms.html¸¦ ÂüÁ¶
4.2 LOGIN
4.3 PLAIN
4.4 DIGEST-MD5
4.5 CRAM-MD5

5. Ãß°¡ÇؾßÇÒ »çÇ×

5.1 ssl + plain,login

PLAIN, LOGINÀº ¾Ïȣȭ µÇÁö ¾ÊÀºÃ¤ Æнº¿öµå Á¤º¸¸¦ ¼­¹ö¿¡ ³Ñ±â¹Ç·Î º¸¾È»ó À§ÇèÇÏ´Ù. ÀÌ´Â SSL°ú ÇÔ²¾ »ç¿ëµÇ¾î¾ß ÇÑ´Ù.

5.2 smtp_auth¿Í ldap°áÇÕ