Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Nov 2000 12:19:40 -0600
From:      "Scot W. Hetzel" <hetzels@westbend.net>
To:        "Dan Babb" <bdan@c-zone.net>, <freebsd-isp@FreeBSD.ORG>
Subject:   Re: sendmail 8.11.1 and cyrus sasl
Message-ID:  <016101c05967$eafb1180$7d7885c0@genroco.com>
References:  <Pine.BSF.4.21.0011280838040.48594-100000@flux.c-zone.net>

next in thread | previous in thread | raw e-mail | index | archive | help
From: "Dan Babb" <bdan@c-zone.net>
>
> i had sent this in under freebsd-questions orginally and also to the
> comp.mail.sendmail group under the post (ld link error) but maybe this
> will catch some more eyes and since i do work for an isp i thought i'd
> give it a shot here since its isp-related.
>
> current software and o/s
>
> FreeBSD 4.2-STABLE
> sendmail 8.11.1
> cyrus-sasl 1.5.24_4
> libtool-1.3.4_1
> m4-1.4
> db3-3.1.17
> autoconf-2.13
> automake-1.4
>
> here is what my site.config.m4 looks like with the added cyrus sasl taken
> from http://www.sendmail.org/~ca/email/auth.html
>
> APPENDDEF(`confENVDEF', `-DSASL')
> APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
> APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl')
> APPENDDEF(`confINCDIRS', `-I/usr/local/include/')

This should be:

    APPENDDEF(`confENVDEF', `-DSASL -D_FFR_UNSAFE_SASL')
    APPENDDEF(`conf_sendmail_LIBS', `-lsasl')
    APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
    APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl')

>
> i've had a problem trying to configure sendmail with cyrus sasl .. i've
> tried installing two ways.
>
> one from the ports and modifying the ports site.config.m4 before building
> so i can add the paths to find cyrus-sasl
>
> or i manually configure and install sendmail and cyrus sasl.  no matter
> which i do i always end up with this error:
>
Have you tried enabling SASL with Sendmail 8.11.1 included in FreeBSD 4.2
sources?

First CVSUP your FreeBSD 4.2 sources to the latest, and then use the
following updated instructions to Sendmail.README (security/cyrus-sasl):

1) Add the following to  /etc/make.conf:

    # Add SMTP AUTH support to Sendmail
    SENDMAIL_CFLAGS+=   -I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL
    SENDMAIL_LDFLAGS+=  -L/usr/local/lib
    SENDMAIL_LDADD+=    -lsasl

2) Rebuild FreeBSD (make buildworld, ...)

3) Create /usr/local/lib/sasl/Sendmail.conf with the following.

   pwcheck_method: pwcheck

    NOTE: security/cyrus-sasl port does this for you.

4) Add the following to your sendmail.mc file:

   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl

 ----

   You may also add LOGIN, PLAIN, GSSAPI, KERBEROS_V4 to TRUST_AUTH_MECH
   and confAUTH_MECHANISMS (space seperated list).  You may want to restrict
   LOGIN, and PLAIN authentication methods for use with STARTTLS only as the
   password is not encrypted when passed to sendmail.

   LOGIN is required for Outlook Express users.  "My server requires
   authentication" needs to be checked in the accounts properties to
   use SASL Authentication.

   PLAIN is required for Netscape Communicator users.  By default Netscape
   Communicator will use SASL Authentication when sendmail is compiled with
   SASL.

   The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you
   are using cyrus-imapd and sendmail on the same server that requires
access
   to the sasldb database.  Otherwise you could chown root the sasldb file.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016101c05967$eafb1180$7d7885c0>