[root@host sasl2]# vi /usr/lib/sasl2/Sendmail.confpwcheck_method:saslauthd
1.3Restart SASL and Check installation
Start SASL with pam:[root@host sbin]# service saslauthdstopStopping saslauthd:[OK][root@host sbin]# saslauthd -a shadow pamTest installation:[root@host sasl2]# cat /usr/lib/sasl2/Sendmail.confpwcheck_method:saslauthd[root@host sasl2]# service saslauthd restartStopping saslauthd:[OK]Starting saslauthd:[OK] [root@host sasl2]# telnet mail.host.com 25Trying 10.56.233.59...Connected to mail.host.com (192.168.1.5).Escape character is '^]'.220 host.com ESMTP Sendmail 8.13.8/8.13.8; Wed, 17 Mar 2010 23:12:20 0800 ehlo localhost250-host.com Hello host [192.168.1.5], pleased to meet you250-ENHANCEDSTATUSCODES250-PIPELINING250-8BITMIME250-SIZE250-DSN250-ETRN250-AUTH LOGIN PLAIN250-DELIVERBY250 HELPquit 221 2.0.0 host.com closing connectionConnection closed by foreign host.[root@host sasl2]# sendmail -d0.1 -bv root | grep SASLNETUNIX NEWDB <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
2.Configuration for SSl
2.1vi /etc/pki/dovecot/dovecot-openssl.cnf
[root@host mail]# vi /etc/pki/dovecot/dovecot-openssl.cnf[ req ]default_bits = 1024encrypt_key = yesdistinguished_name = req_dnx509_extensions = cert_typeprompt = no[ req_dn ]# country (2 letter code)#C=FI# State or Province Name (full name)#ST= # Locality Name (eg. city)#L=Helsinki# Organization (eg. company)#O=Dovecot# Organizational Unit Name (eg. section)OU=IMAP server# Common Name (*.example.com is also possible)CN=mail.host.com# E-mail contactemailAddress=bill@host.com[ cert_type ]nsCertType = server
2.2Create new dovecot.pem
[root@host dovecot]# rm /etc/pki/dovecot/certs/dovecot.pem[root@host dovecot]# rm /etc/pki/dovecot/private/dovecot.pem[root@host dovecot]# cd /usr/share/doc/dovecot-1.0.7/examples[root@host examples]# ./mkcert.shGenerating a 1024 bit RSA private key........................................ ............. writing new private key to '/etc/pki/dovecot/private/dovecot.pem'-----subject= /OU=IMAP server/CN=imap.example.com/emailAddress=postmaster@example.comSHA1 Fingerprint=5C:DB:2E:7B:A8:A0:4B:B9:43:88:C7:D9:26:AB:70:EF:FA:2C:2D:53
[root@host mail]# cd /etc/pki/tls/certs[root@host certs]# make sendmail.pemumask 77 ; \PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \cat $PEM1 >sendmail.pem ; \echo "">> sendmail.pem ; \cat $PEM2 >> sendmail.pem ; \rm -f $PEM1 $PEM2Generating a 1024 bit RSA private key......... .......... writing new private key to '/tmp/openssl.xC2939'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [GB]:CNState or Province Name (full name) [Berkshire]:sichuanLocality Name (eg, city) [Newbury]:chengduOrganization Name (eg, company) [My Company Ltd]:nokiaOrganizational Unit Name (eg, section) []:nbgCommon Name (eg, your name or your server's hostname) []:mail.host.com Email Address []:bill@host.com[root@host certs]# lsca-bundle.crtlocalhost.crtmake-dummy-certMakefilesendmail.pem
[root@host mail]# service dovecot restartStopping Dovecot Imap:[OK]Starting Dovecot Imap:[OK][root@host mail]# service sendmail restartShutting down sm-client:[OK]Shutting down sendmail:[OK]Starting sendmail:[OK]Starting sm-client:[OK]