difficulty installing sendmail+tls+sasl2 package

[William Dudley]

I've been running my own sendmail based server for many years.

I'm currently running FreeBSD 10.3, with base sendmail.

It works, but lacks SASL support.

I found a mention of package sendmail+tls+sasl2 and thought I'd try that.
After all, I have a running sendmail, how hard could it be?

HAH!

pkg install sendmail+tls+sasl2 "worked", in that it installed stuff and
didn't
report any error messages.

I follow the first instruction:

you should add in /etc/make.conf:
SENDMAIL_CF_DIR= /usr/local/share/sendmail/cf

So far, so good.

Later, in the printed instructions, it says:

To activate sendmail as your default mailer, call the target 'mailer.conf':
$ cd /usr/ports/mail/sendmail && make mailer.conf

Your '/etc/mail/mailer.conf' should look like this:
#
# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail /usr/local/sbin/sendmail

I didn't do the make mailer.conf, because I don't understand why
stuff in the ports tree is being referenced. This is a pkg, not
a port.

And then there's this:

ls -l /usr/local/bin/sendmail
ls: /usr/local/bin/sendmail: No such file or directory

So that's kind of worrying.


I go to /usr/local/share/sendmail/cf and read the README.

It says to do this:


This email is free of malware because I run Linux.
_______________________________________________
freebsd-...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"

[William Dudley]

Damn! I hit Send before I was finished.

Read on below . . .

This email is free of malware because I run Linux.

> cd ${CONFDIR}/cf && ./Build config.cf

So I do:

cd /usr/local/share/sendmail/cf/cf
./Build config.cf
cannot open ../../devtools/bin/find_m4.sh: No such file or directory

Which isn't a good sign.

Since this is my only mail server, and this is rapidly going pear-shaped, I
uninstalled
sendmail+tsl+sasl, undid the change to /etc/make.conf, and restarted my
stock sendmail.

Questions:

What am I doing wrong?

What (apparently secret) dependencies am I missing?

If I get this working, will that be sufficient to get imap to work with
modern smart phones, that
expact SSL and TLS and all kinds of other acrynyms to work?

Thanks,
Bill Dudley
New Jersey, USA

[Matthias Apitz]

Here is what I (always on any update) run to get sendmail working with
SASL; and note: regarding your last question about imap and smartphones:
this has nothing todo with running sendmail as an outbound server.

HIH

matthias

$Id: sendmail.txt,v 1.5 2017/03/07 16:37:50 guru Exp $

how to enable AUTH in SMTP (required since 2010 for my outbound mail):

we need the follwing ports and a recompiled 'sendmail' with some config;
details are described here:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html

- install port security/cyrus-sasl2

- config line in /usr/local/lib/sasl2/Sendmail.conf

pwcheck_method: saslauthd

- install port security/cyrus-sasl2-saslauthd,

- edit /etc/rc.conf:

saslauthd_enable="YES"

- restart daemon with

# /usr/local/etc/rc.d/saslauthd start

- recompile sendmail with /etc/make.conf set to

SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2

# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install

- configure sendmail with the lines in /etc/mail/current.Sisis.de.mc:

# added by guru
#
define(`SMART_HOST', `smtp.1blu.de')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`masquerade_envelope')
FEATURE(`accept_unresolvable_domains')
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
#
MAILER(local)
MAILER(smtp)
# added by guru
#
MASQUERADE_AS(`unixarea.de')
#
dnl set SASL options
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
#
# end of adds

- run make and move the config as:

# mv current.Sisis.de.cf sendmail.cf
# mv current.Sisis.de.submit.cf submit.cf
# /etc/rc.d/sendmail onerestart

AUTH for SMTP is described in http://www.sendmail.org/~ca/email/auth.html

- config AUTH in (create) /etc/mail/auth/client-info as:

AuthInfo:smtp.1blu.de "U:root" "I:w51XXXXXXXXXX" "P:XXXXXXXXXXXXX"

see: http://www.sendmail.org/documentation/configurationReadme
The RHS for an AuthInfo: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes). T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:

U user (authorization) id
I authentication id
P password
R realm
M list of mechanisms delimited by spaces

- build the database

# cd /etc/mail/auth
# makemap hash client-info < client-info
# chmod 0600 client-info

all should be fine now;

- to test SSL:

# /etc/rc.d/sendmail restart

# printf "To: gu...@unixarea.de\nSubject: r314251 test\n\ntest\n" | /usr/sbin/sendmail -t

# tail -f /var/log/maillog
Oct 5 16:46:13 unixarea sm-mta[2805]: STARTTLS=client, relay=smtp.1blu.de., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Oct 5 16:46:14 unixarea sm-mta[2805]: s95Ek5j4002803: to=<gu...@unixarea.de>, ctladdr=<gu...@unixarea.DDR.dd> (1001/0), delay=00:00:08, xdelay=00:00:08, mailer=relay, pri=30342, relay=smtp.1blu.de. [178.254.4.101], dsn=2.0.0, stat=Sent (OK id=1Xan4f-0007Lv-Qu)

--
Matthias Apitz, ✉ gu...@unixarea.de, ⌂ http://www.unixarea.de/ 📱 +49-176-38902045