From owner-freebsd-hackers Fri Dec 21 16:20:34 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from arnold.neland.dk (0x3ef31288.albnxx2.adsl.tele.dk [62.243.18.136]) by hub.freebsd.org (Postfix) with ESMTP id D2E0A37B421 for ; Fri, 21 Dec 2001 16:20:18 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.11.6/8.11.6) with ESMTP id fBM0Lgd99328; Sat, 22 Dec 2001 01:21:46 +0100 (CET) (envelope-from leifn@neland.dk) Date: Sat, 22 Dec 2001 01:21:42 +0100 (CET) From: Leif Neland To: Leo Bicknell Cc: Subject: Re: sendmail + auth + ssl + freebsd In-Reply-To: <20011220022654.GA78232@ussenterprise.ufp.org> Message-ID: <20011222011106.F95956-100000@arnold.neland.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 19 Dec 2001, Leo Bicknell wrote: > > After searching the archives and looking at the source, I find > myself more confused. I've been asked to set up sendmail + ssl + > SMTP auth on a FreeBSD host. > > A quick "strings" on the sendmail binary shows a number of SSL > functions, so I'm thinking the SSL bits are in there, but I'm not > quite sure how to take advantage of them. Issuing "AUTH" to a > stock -STABLE sendmail gets command unrecognized though, so I don't > think that is there. > Do you have this in /etc/make.conf? # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl In sendmail.mc: TRUST_AUTH_MECH(`PLAIN LOGIN DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`PLAIN LOGIN DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl in /usr/local/lib/sasl/Sendmail.conf: pwcheck_method: shadow This will at least give you AUTH. (I think you need to install ports/security/cyrus-sasl to make it work, but I'm not sure). > If no one else has figured this mess out, I'll do it and write a > page for the handbook. If someone else has, please clue me in, and > if necessary I'll still write that handbook page. :-) It would be > very nice if it was simple to make FreeBSD sendmail SSL and > authenticate against the password file. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message