PMDF has the ability to configure the TCP/IP channel client to use SASL via the SMTP AUTH command when sending mail out from the PMDF MTA to a remote MTA. This is primarily needed by home users who are running PMDF on their home systems and have an ISP that requires a username and password to be able to send out mail through the ISP's MTA.

The username and password to use for authentication is configured in a section in the security.cnf file called CLIENT_AUTH. For details see Section 14.2. An example default CLIENT_AUTH section is as follows:

[CLIENT_AUTH=default] USER=remote-username PASSWORD=remote-password

The TCP/IP channel also needs to be configured to enable client-side SASL. This is done with one of the following channel keywords: maysaslclient, mustsaslclient, maysasl, or mustsasl. For details see Section 2.3.4.43.

By default, the [CLIENT_AUTH=default] section in the security.cnf file is used to get the username and password. To use a different CLIENT_AUTH section, specify its name using the client_auth channel keyword.

This example channel definition is used to send mail out to a system called 'alpha' on the SMTP submission port (587) using SASL and TLS.

tcp_alpha smtp mx port 587 daemon router maysaslclient allowswitchchannel \ maytls client_auth alpha alpha.example.edu TCP-ALPHA