dnl $Id: site.config.m4,v 1.1 2004/01/22 19:27:35 jmates Exp $ dnl dnl Example sendmail compile configuration file for SMTP AUTH (and dnl STARTTLS) support on Mac OS X. dnl SMTP AUTH support APPENDDEF(`confENVDEF', `-DSASL=20113') APPENDDEF(`confLIBS', `-lsasl2.2.0.1') dnl allow relaying to those who authenticate properly via one of the dnl following methods define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN') dnl the _FFR_SASL_OPTS allows us to set AUTH_OPTIONS to disallow LOGIN dnl and PLAIN over non-TLS links (prevents plaintext password dnl exposure, unless you are using IPSec or something) APPENDDEF(`confENVDEF', `-D_FFR_SASL_OPTS') dnl to enable, uncomment the following, or set it in sendmail.mc dnl define(`confAUTH_OPTIONS', `p') dnl STARTTLS support (link integrity, privacy and security), requires dnl OpenSSL (and development headers) to be installed on system first. APPENDDEF(`confENVDEF', `-DSTARTTLS') APPENDDEF(`confLIBS', `-lssl -lcrypto') APPENDDEF(`confENVDEF', `-DHASURANDOMDEV') dnl _FFR_SMTP_SSL option allows use of 'smtps' for connections using dnl TLS without STARTTLS upwards-negotiation. You will also need to dnl configure a new daemon to live at "smtps" port APPENDDEF(`confENVDEF', `-D_FFR_SMTP_SSL') dnl for proper smtps support, you will need the following line in your dnl sendmail.mc file; placing it here is dangerous unless you also have dnl a default daemon to listen on port 25 in your .mc file! dnl DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s') dnl additional TLS options, like CipherList dnl http://www.sendmail.org/~ca/email/tricks.html has (sparse) details APPENDDEF(`confENVDEF', `-D_FFR_TLS_1') dnl for IPv6 support (requires Darwin 6.0 (e.g. OS X 10.2)) APPENDDEF(`confENVDEF', `-DNETINET6') dnl regex to support Header-parsing rules of various kinds, e.g. to do dnl quick-fix blocking on the latest Microsoft malware. APPENDDEF(`confMAPDEF', `-DMAP_REGEX') dnl tcp_wrappers support (could slow sendmail down, as libwrap has to dnl do it's own DNS queries to figure out whether the host is allowed dnl or not, and on a paranoid system forces the addition of a dnl dnl sendmail: ALL dnl dnl line to /etc/hosts.allow for mail to work. dnl APPENDDEF(`confENVDEF', `-DTCPWRAPPERS') dnl APPENDDEF(`conf_sendmail_LIBS', `-lwrap') dnl set these if libraries or headers installed outside of default dnl search paths dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib') dnl APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include')