From owner-freebsd-isp Wed Nov 29 4:38: 7 2000 Delivered-To: freebsd-isp@freebsd.org Received: from colossus.invictanet.co.uk (colossus.invictanet.co.uk [62.232.18.118]) by hub.freebsd.org (Postfix) with ESMTP id 3FE4E37B400 for ; Wed, 29 Nov 2000 04:38:02 -0800 (PST) Received: from harryhome (modem392.netkonect.net [194.164.14.138]) by colossus.invictanet.co.uk (8.9.3/8.9.3) with SMTP id MAA20919; Wed, 29 Nov 2000 12:37:59 GMT From: "InvictaNet Customer Support" To: "Freebsd-ISP" Cc: "Scot W. Hetzel" Subject: RE: sendmail 8.11.1 and cyrus sasl Date: Wed, 29 Nov 2000 12:37:56 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <016101c05967$eafb1180$7d7885c0@genroco.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've done all this (apart from the make world at the bottom) but still get relaying denied. I run FreeBSD 3.4 and Sendmail 8.11.1, I really do need to get SMTP AUTH running, can anyone offer any suggestions of where to look. Martyn Routley ----------------------------------------------------- InvictaNet - The Internet in Plain English, Guaranteed http://www.invictanet.co.uk mailto:info@invictanet.co.uk phone: 0870 7402252 fax: +44 (0)1233 334001 ------------------------------------------------------ -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Scot W. Hetzel Sent: Tuesday, November 28, 2000 6:20 PM To: Dan Babb; freebsd-isp@FreeBSD.ORG Subject: Re: sendmail 8.11.1 and cyrus sasl From: "Dan Babb" > > i had sent this in under freebsd-questions orginally and also to the > comp.mail.sendmail group under the post (ld link error) but maybe this > will catch some more eyes and since i do work for an isp i thought i'd > give it a shot here since its isp-related. > > current software and o/s > > FreeBSD 4.2-STABLE > sendmail 8.11.1 > cyrus-sasl 1.5.24_4 > libtool-1.3.4_1 > m4-1.4 > db3-3.1.17 > autoconf-2.13 > automake-1.4 > > here is what my site.config.m4 looks like with the added cyrus sasl taken > from http://www.sendmail.org/~ca/email/auth.html > > APPENDDEF(`confENVDEF', `-DSASL') > APPENDDEF(`conf_sendmail_LIBS', `-lsasl') > APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') > APPENDDEF(`confINCDIRS', `-I/usr/local/include/') This should be: APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') > > i've had a problem trying to configure sendmail with cyrus sasl .. i've > tried installing two ways. > > one from the ports and modifying the ports site.config.m4 before building > so i can add the paths to find cyrus-sasl > > or i manually configure and install sendmail and cyrus sasl. no matter > which i do i always end up with this error: > Have you tried enabling SASL with Sendmail 8.11.1 included in FreeBSD 4.2 sources? First CVSUP your FreeBSD 4.2 sources to the latest, and then use the following updated instructions to Sendmail.README (security/cyrus-sasl): 1) Add the following to /etc/make.conf: # Add SMTP AUTH support to Sendmail SENDMAIL_CFLAGS+= -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl 2) Rebuild FreeBSD (make buildworld, ...) 3) Create /usr/local/lib/sasl/Sendmail.conf with the following. pwcheck_method: pwcheck NOTE: security/cyrus-sasl port does this for you. 4) Add the following to your sendmail.mc file: TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl ---- You may also add LOGIN, PLAIN, GSSAPI, KERBEROS_V4 to TRUST_AUTH_MECH and confAUTH_MECHANISMS (space seperated list). You may want to restrict LOGIN, and PLAIN authentication methods for use with STARTTLS only as the password is not encrypted when passed to sendmail. LOGIN is required for Outlook Express users. "My server requires authentication" needs to be checked in the accounts properties to use SASL Authentication. PLAIN is required for Netscape Communicator users. By default Netscape Communicator will use SASL Authentication when sendmail is compiled with SASL. The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you are using cyrus-imapd and sendmail on the same server that requires access to the sasldb database. Otherwise you could chown root the sasldb file. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message