SASL for sendmail 8.14.7
I have been running sendmail on Tiger Server for years. Incoming mail works fine. Outgoing mail works, too, but I have limited my use before now because I need to secure things. At the moment, I am trying to use StartTLS on port 25 or 587 along with SASL to allow relaying, so that I can send email from my iPhone or laptop in a coffee shop. I already have sendmail relaying from a private ip range that I know is secure, but in order to allow relaying for outgoing mail from dynamic ip or a non-registered ip, I need to get SASL working.
At the same time, I already have IMAP working (with SASL, I assume), and I can log in with my various user accounts to check incoming email.
I downloaded Cyrus SASL 2.1.18 for the headers, after determining that Tiger most likely has 2.1.18 installed (except for the headers). I then compiled sendmail 8.14.7 against these headers. sendmail seems to run fine, but all SASL accesses fail authentication.
I only installed Cyrus SASL 2.1.18 in /usr/local/lib/sasl2 without overriding the existing /usr/lib/sasl2 because I don't want to break anything that Apple might have customized.
Questions:
Does imapd use the same SASL database that sendmail would access?
Is it likely that I have the wrong "domain" or something for the SASL accesses, and that's why the authentication fails? If so, how can I change the domain for SASL? I've tried variations of account names like: "user" "user@host.com" and "user@fqdn.host.com" under the assumption that the text after the @ character can adjust the domain. Any hints?
Is sendmail really linking against the Apple SASL?
Is the Apple SASL really 2.1.18, or have significant changes been made?
Does Apple's Darwin source, or any other source, reflect changes to SASL 2.1.18 (and should I be looking for these changes)?
Where are the configuration files for Apple SASL?
Many documents for SASL mention that the database can be compromised, and recommend having different passwords - not the actual user account passwords - for SASL. Although IMAP seems to be happy with the actual user accounts passwords, should I actually be trying to create a separate SASL database for sendmail to use?
Basically, has anyone successfully deployed sendmail with SASL authentication for relaying on Tiger Server?
p.s. I have disable postfix
Xserve G5 (January 2005), Mac OS X (10.4.11)