On Thursday 17 January 2008, Douglas A. Tutty wrote:
> However, there have been threads here detailing the recompilation
> necessary for sendmail to handle SSL Auth (or whatever its called).
> If you have to recompile sendmail (as opposed to changing a config),
> presumably you'd have to make the same changes to the source and
> recompile whenever the source is changed by an update/upgrade. Is
> this correct?
As the person who got the original SASL2 port working, I can say needing
to recompile sendmail for SASL2 support was true 4 *years* ago. My
hands blew out shortly after I got that port working, and I've been
partially crippled ever since. I posted what I had to ports@, and my
SASL2 port was then cleaned up, tested further, eventually committed
and since maintained by others. I haven't touched it since but from a
quick read, it seems the situation hasn't changed.
Most of the stuff below is for Aaron...
As Josh Grosse mentioned, read your source:
/usr/src/gnu/usr.sbin/sendmail/sendmail/Makefile
You'll find this comment:
# To build with SASL support define WANT_SMTPAUTH in /etc/mk.conf
In short, the above means you make a one line addition to
your /etc/mk.conf file (which is not molested by upgrades or updates)
and every time you build your system, sendmail will compile correctly
with SASL support without any changes required to your source tree.
It's easy to see you're trying to run a mail server in a professional
manner, so you *REALLY* should have a build/test machine rather than
making unknown/untested changes to a production box.
As for general system maintenance, do yourself a favor and read:
$ man release
Also read the FAQ section on making your own releases.
http://www.openbsd.org/faq/faq5.html#Release
You can compile your own release on your test box, test it, and maybe
even use the test box as a temporary stand-in for a few minutes while
you're installing the update/upgrade on your mail real server. Using
carp(4) might be interesting for you; since once your test box is
tested to be working properly, you might want to leave it attached as a
backup in case your main server melts into a pile of slag.
Lastly, you're probably wondering about rolling out packages when doing
a full upgrade (i.e. version change like from 4.1 to 4.2). The answer,
once again, is your test box, rolling your own releases, and learning
to use the siteXY.tgz file with your customizations. Your changes like
sendmail configuration files, any changes you want to do to your /etc
files (pf, spamd), and any packages you want, SASL, tmda, clamav, and
whatever else you fancy) can be added to your siteXY.tgz and
automatically installed during your upgrade.
Lucky for you, Mike Erdely (merdely@) just did a write up on using the
siteXY.tgz file:
http://www.undeadly.org/cgi?action=article&sid=20080111200305&mode=expanded&c
ount=8
Your fears of users yelling about their email being down are well
founded, but your fears of maintaining OpenBSD are on the edge of
completely irrational. :-)
