I think the domains in the relay file only come into play when its not localhost. If you are connecting to the SMTP port on your server and the email is going to a user on that server I don't beleive that file even comes into play. However if you are connecting to the SMTP port on your server and you want to send it from there to another server then the relay file is checked to see if your allowed. Of course Authen bypasses the relay file, but I don't know what order as in if you are allowed to relay is Authen still required? Or is one or the other good enough?
I don't have the relay file created on this test box and it allows me to mail the server but not use the server as a relay point.... unless of course I authen:> My current work horse server which is doing all the districts email doesn't have localhost in the relay file either. I only list the IP ranges of those who are allowed to relay through the server which would be our local users on the 10.0.X.X range.
As of current I only had to change two files to get this to work. I originally copied /usr/share/sendmail/cf/cf/sendmail-slackware-tls-sasl.mc to gator-custom.mc and then just addded all my extras. For whatever reason that didn't work quite the way I intended it to. I went back looked at a could different sources and this is what I have currently in my custom.mc file which relates to Auth:
Code:
dnl# You will need to create the certificates below with OpenSSL first:
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl# Allow SASL authentication/relaying:
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=E')dnl
I beleive those are the only parts which go in there in relation to SASL and all that stuff. Everything else in my config is DNSBL, BitDefender AV Milter stuff, and the common settings.
This part is what TOTALLY screwed me for a day or two. I orignally started this thinking SASL, Sendmail and the configs all came with Slack so I shouldn't have to do much to them:> Yeah bad assumption in some cases. Anyhow I had to create a file at /usr/lib/sasl2/ called Sendmail.conf (Take note of the upper case 'S' in that name) Inside that file I just have these two lines:
Code:
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN
Without the above file in place and case'd properly I was getting all sorts of different Auth error messages.
With all that in place I stopped SASL and Sendmail then started SASL followed by Sendmail and as of current things are still working properly.