From owner-freebsd-stable@freebsd.org  Mon Nov  5 15:10:54 2018
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B1F3110401F
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Mon,  5 Nov 2018 15:10:54 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received: from webmail.dweimer.net (24-240-198-186.static.stls.mo.charter.com
 [24.240.198.186])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "dweimer.net", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7A18582BD6
 for <freebsd-stable@freebsd.org>; Mon,  5 Nov 2018 15:10:46 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received-SPF: pass (webmail.dweimer.net: authenticated connection)
 receiver=webmail.dweimer.net; client-ip=10.9.5.1; helo=www.dweimer.net;
 envelope-from=dweimer@dweimer.net;
 x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with
 libspf2-1.2.10; 
Received: from www.dweimer.net (pfSense.dweimer.me [10.9.5.1])
 (authenticated bits=0)
 by webmail.dweimer.net (8.15.2/8.15.2) with ESMTPSA id wA5Ewl3N033852
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <freebsd-stable@freebsd.org>; Mon, 5 Nov 2018 08:58:48 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Mon, 05 Nov 2018 08:58:42 -0600
From: "Dean E. Weimer" <dweimer@dweimer.net>
To: FreeBSD Stable <freebsd-stable@freebsd.org>
Subject: SMTP Authentication in 12.0 BETA
Reply-To: dweimer@dweimer.net
User-Agent: Roundcube Webmail/1.4-beta
Message-ID: <522c3b3bc32f63cdfe65b31edfdfcfef@dweimer.net>
X-Sender: dweimer@dweimer.net
Organization: dweimer.net
X-Rspamd-Queue-Id: 7A18582BD6
X-Spamd-Result: default: False [-1.34 / 200.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 HAS_REPLYTO(0.00)[dweimer@dweimer.net];
 R_SPF_ALLOW(-0.20)[+ip4:24.240.198.184/29];
 REPLYTO_ADDR_EQ_FROM(0.00)[]; HAS_ORG_HEADER(0.00)[];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[dweimer.net:+];
 DMARC_POLICY_ALLOW(-0.50)[dweimer.net,reject];
 MX_GOOD(-0.01)[dweimer.net.c2.mx1.ik2.com,dweimer.net.c2.mx2.ik2.io,dweimer.net.c2.mx1.ik2.com,dweimer.net.c2.mx2.ik2.io];
 FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-0.01)[country: US(-0.06)];
 ASN(0.00)[asn:20115, ipnet:24.240.196.0/22, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.65)[-0.650,0];
 R_DKIM_ALLOW(-0.20)[dweimer.net]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.33)[0.334,0];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_TWO(0.00)[2];
 RCVD_TLS_ALL(0.00)[]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2018 15:10:54 -0000

I have been running SMTP authentication and using ssl=libressl set as 
well. However in 12.0 BETA this fails to compile.

I have followed the settings from 
<https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.html> 
and placed the following in my /etc/make.conf

SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2

However instead of just recompiling the sendmail sections, I do all of 
my updates from for source buildworld and kernel. In my attempt to 
upgrade from 11.2-p4 to 12.0 svn revsion 340039 the buildworld failed. I 
had already done a couple of different builds with different src.conf 
options for host and jails. This build matched the jail src.conf with 
these additions to make.conf.

I then tried rebuilding openssl dependent ports with ssl=openssl after 
removing libressl and installing openssl from ports. Buildworld again 
failed, I had done a complete rebuild removed files under /usr/obj and 
ran make cleandir to make sure I pulled nothing from previous libressl 
build.

Finally I tried again with ssl=base set in make.conf. This succeeds, so 
there appears to be some work needed on the sasl inclusion when using 
OpenSSL from ports with either OpenSSL or LibreSSL instead of base.

Unfortunately I didn't capture my build output it was done -j 8 so it 
would have been hard to see for sure. If I hadn't had successful builds 
without the options for SMTP auth set I would have retired without the 
-j 8 and a -DNO_CLEAN to find the actual spot of failure.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/