Installing TLS on sendmail Freebsd  –

cd /usr/ports/security/cyrus-sasl2-saslauthd && make install

echo ‘saslauthd_enable=”YES”‘ >> /etc/rc.conf

Start the saslauthd –

/usr/local/etc/rc.d/saslauthd.sh start

Changing sendmail build options –

vi /etc/make.conf

#Add the following –

# SASL (cyrus-sasl v2) sendmail build flags…

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2

SENDMAIL_LDFLAGS=-L/usr/local/lib

SENDMAIL_LDADD=-lsasl2

# Adding to enable alternate port (smtps) for sendmail…

SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL

Once you have all this in place, it’s time to recompile sendmail.

cd /usr/src/lib/libsmutil && make cleandir && make obj && make

cd /usr/src/lib/libsm && make cleandir && make obj && make

cd /usr/src/usr.sbin/sendmail && make cleandir && make obj && make && make install

I added my certificates in /etc/mail/certs.

So –

mkdir /etc/mail/certs

add your certificate files in here. A wildcard domain certificate is usually the best to grab.

chmod -R 600 /etc/mail/certs/*

Make sure sendmail is using saslauthd for authentication in /usr/local/lib/sasl2/Sendmail.conf –

pwcheck_method: saslauthd

We then need to add the following details on your fqdn.mc file located within /etc/mail/ directory –

define(`confAUTH_MECHANISMS’,`PLAIN LOGIN’)dnl

TRUST_AUTH_MECH(`PLAIN LOGIN’)dnl

define(`CERT_DIR’, `/etc/mail/certs’)dnl

define(`confCACERT_PATH’, `CERT_DIR’)dnl

define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)dnl

define(`confSERVER_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confSERVER_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

define(`confCLIENT_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confCLIENT_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl

You want to download the ca-bundle.crt from google or here – http://certifie.com/ca-bundle/ca-bundle.crt.txt

cd /etc/mail && make all install restart