From owner-freebsd-isp Tue Nov 28 10:21: 4 2000 Delivered-To: freebsd-isp@freebsd.org Received: from gifw.genroco.com (genroco.com [205.254.195.202]) by hub.freebsd.org (Postfix) with ESMTP id A5C7637B400 for ; Tue, 28 Nov 2000 10:20:46 -0800 (PST) Received: from gi2.genroco.com (IDENT:root@gi2.genroco.com [192.133.120.3]) by gifw.genroco.com (8.9.3/8.9.3) with ESMTP id MAA18466; Tue, 28 Nov 2000 12:20:43 -0600 Received: from scot.genroco.com (scot.genroco.com [192.133.120.125]) by gi2.genroco.com (8.9.3/8.9.3) with SMTP id MAA04782; Tue, 28 Nov 2000 12:20:35 -0600 Message-ID: <016101c05967$eafb1180$7d7885c0@genroco.com> From: "Scot W. Hetzel" To: "Dan Babb" , References: Subject: Re: sendmail 8.11.1 and cyrus sasl Date: Tue, 28 Nov 2000 12:19:40 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Dan Babb" > > i had sent this in under freebsd-questions orginally and also to the > comp.mail.sendmail group under the post (ld link error) but maybe this > will catch some more eyes and since i do work for an isp i thought i'd > give it a shot here since its isp-related. > > current software and o/s > > FreeBSD 4.2-STABLE > sendmail 8.11.1 > cyrus-sasl 1.5.24_4 > libtool-1.3.4_1 > m4-1.4 > db3-3.1.17 > autoconf-2.13 > automake-1.4 > > here is what my site.config.m4 looks like with the added cyrus sasl taken > from http://www.sendmail.org/~ca/email/auth.html > > APPENDDEF(`confENVDEF', `-DSASL') > APPENDDEF(`conf_sendmail_LIBS', `-lsasl') > APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') > APPENDDEF(`confINCDIRS', `-I/usr/local/include/') This should be: APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') > > i've had a problem trying to configure sendmail with cyrus sasl .. i've > tried installing two ways. > > one from the ports and modifying the ports site.config.m4 before building > so i can add the paths to find cyrus-sasl > > or i manually configure and install sendmail and cyrus sasl. no matter > which i do i always end up with this error: > Have you tried enabling SASL with Sendmail 8.11.1 included in FreeBSD 4.2 sources? First CVSUP your FreeBSD 4.2 sources to the latest, and then use the following updated instructions to Sendmail.README (security/cyrus-sasl): 1) Add the following to /etc/make.conf: # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl 2) Rebuild FreeBSD (make buildworld, ...) 3) Create /usr/local/lib/sasl/Sendmail.conf with the following. pwcheck_method: pwcheck NOTE: security/cyrus-sasl port does this for you. 4) Add the following to your sendmail.mc file: TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl ---- You may also add LOGIN, PLAIN, GSSAPI, KERBEROS_V4 to TRUST_AUTH_MECH and confAUTH_MECHANISMS (space seperated list). You may want to restrict LOGIN, and PLAIN authentication methods for use with STARTTLS only as the password is not encrypted when passed to sendmail. LOGIN is required for Outlook Express users. "My server requires authentication" needs to be checked in the accounts properties to use SASL Authentication. PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with SASL. The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb database. Otherwise you could chown root the sasldb file. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message