You will also need to generate a certificate, for TLS. Quick version of that is:
PATH=$PATH:/usr/local/ssl/bin:/usr/local/ssl/misc mkdir /etc/mail/certs && cd /etc/mail/certs CA.pl -newca CA.pl -newreq [ BE SURE to put something in as "common name"] CA.pl -signreq mv newcert.pem sendmailcert.pem #this next step removes the password protection as well as renaming openssl rsa -in newreq.pem -out sendmailkey.pem
Important: M$-outhouse needs 'AUTH LOGIN' support. So you'll need to
use "configure --enable-login" because it is disabled by
default, for some reason.
APPENDDEF(`confENVDEF', `-DSASL') APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include') APPENDDEF(`confLIBS', `-L/usr/local/lib/sasl -L/opt/sfw/lib -L/usr/local/lib -R/u sr/local/lib/sasl:/opt/sfw/lib:/usr/local/lib ') APPENDDEF(`confLIBS', `-lsasl') APPENDDEF(`confENVDEF', `-DSTARTTLS') APPENDDEF(`confENVDEF', `-DHASURANDOMDEV') APPENDDEF(`confLIBS', `-L/usr/local/ssl/lib -lssl -lcrypto')
Now you need to create cf/cf/sendmail.mc
The following mojo was started from 'solaris-generic.mc', with additional stuff added to the bottom.
divert(-1)
#
# adjusted from generic-solaris.mc,v 8.13
#
# sample auth login:
# AUTH PLAIN dGVzdAB0ZXN0AHRFc3Q0Mg==
#
#Decoded:
#
#test\000test\000tEst42
#
divert(0)dnl
VERSIONID(`sendmail.mc, created by Phil Brown')
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/cacert.pem')
define(`confSERVER_CERT', `/etc/mail/certs/sendmailcert.pem')
define(`confSERVER_KEY', `/etc/mail/certs/sendmailkey.pem')
define(`confTLS_SRV_OPTIONS', `V')
define(`confAUTH_MECHANISMS', `DIGEST-MD5 PLAIN LOGIN')
TRUST_AUTH_MECH(`DIGEST-MD5 PLAIN LOGIN')
LOCAL_RULESETS
SLocal_check_rcpt
# check to see if either recip is local, or sender has been AUTHed
R$* $: $&{auth_type}
R$+ $@ OKSOFAR
R$* $#error $: 551 $&f not allowed to send to recipient
Critical resources: