From owner-freebsd-questions@FreeBSD.ORG Thu Mar 11 12:58:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2453616A4CE for ; Thu, 11 Mar 2004 12:58:16 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37E4843D2F for ; Thu, 11 Mar 2004 12:58:14 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i2BKw5QZ096439 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 11 Mar 2004 20:58:05 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i2BKw4GT096438; Thu, 11 Mar 2004 20:58:04 GMT (envelope-from matthew) Date: Thu, 11 Mar 2004 20:58:04 +0000 From: Matthew Seaman To: Chris Richards Message-ID: <20040311205804.GA76764@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Chris Richards , freebsd-questions@freebsd.org References: <6AE9C6286E5CEA4CB504C9BACCB487162F31@gir2.routemaster.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr" Content-Disposition: inline In-Reply-To: <6AE9C6286E5CEA4CB504C9BACCB487162F31@gir2.routemaster.net> User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk X-Virus-Scanned: clamd / ClamAV version devel-20040304, clamav-milter version 0.67j cc: freebsd-questions@freebsd.org Subject: Re: sendmail config query X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Mar 2004 20:58:16 -0000 --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 11, 2004 at 08:39:54AM +1100, Chris Richards wrote: > Hiya, > =20 > I am running FreeBSD 5.1-RELEASE-p10 and want to configure > SMTP-AUTH/TLS. A friend gave me some instructions on how to do it and > they talk about editing "$SRC/devtools/Site/site.config.m4" $SRC being > the sendmail source of course. My friend is not a FreeBSD user so I > can't ask him for help. > =20 > I just have a standard install of sendmail on a normal system build. Can > someone point me in the right direction as to where this file should be? > I have searched for it and it does not exist in the current system - Is > there a directory somewhere that I can add it to so it will be included > in a sendmail build? It's actually very easy. First, you need to install some SASL libraries that come with the cyrus-sasl-2.1.17_1 package: # portinstall -N security/cyrus-sasl2 Then make the system sendmail compile the SASL code and link against those libraries, by adding the following to /etc/make.conf: SENDMAIL_CFLAGS=3D-I/usr/local/include -DSASL=3D2 SENDMAIL_LDFLAGS=3D-L/usr/local/lib SENDMAIL_LDADD=3D-lsasl2 and do a normal build,installworld cycle as described in /usr/src/UPDATING and the Handbook and many other places. Now, enable the SASL capabilities in your sendmail config by adding the following to your /etc/mail/`hostname`.mc: dnl ## Set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl Then you need to generate yourself a suitable encryption key for the TLS encrypted sessions. In order to create a self-signed certificate and key in the appropriate format, follow the instructions here: http://www.sendmail.org/~ca/email/other/cagreg.html Then just build your sendmail configuration, install it and start testing: # cd /etc/mail # make # make install # make restart For further information, there's a section in the handbook which goes through setting up SMTP Auth using SASL version 1 in rather more detail, which you might find useful -- the procedure is very similar to what's required for SASL version 2: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html and also look at this page: http://www.ofb.net/%7Ejheiss/sendmail/tlsandrelay.shtml although you can ignore the linux specific instructions about how to get sendmail compiled with OpenSSL -- you get all that already with the system sendmail. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAUNLcdtESqEQa7a0RAnfLAJwIW/CbdozlMY6MKStvVJK2PnlbyQCgkcI+ CYDmGLGl1brfV7+CmTee4OE= =Fzof -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--