saslauthd with sendmail

2006-03-17 Thread Jonathan Horne 
Greetings!  This is my first posting to this list, ive been using FreeBSD
for about 5 days now.  I come from a fairly extensive linux background, so I
have a pretty good handle on compiling and configuring things.  Im actually
doing a project for myself to see if I can configure an exact services
replica of my production linux servers, but on FreeBSD (and then ill switch
it over!!).

 

I have a couple dev boxes im using for my experimentation.  One, I did a
minimal install.  The other, I did the developer install (install option 4 I
believe it was).  The other, I did a full/complete install, but so far, ive
not used that one in any of my testing.  Its just there.

 

I am having terrible trouble with sendmail and saslauthd!  Ive spent at
least 48 hours compiling or pkg_add'ing things to try to get it to work.
Each time I give the command: sendmail -d0.1 -bv root, this is what I get:

 

fbsd60-3# sendmail -d0.1 -bv root

Version 8.13.4

 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7

NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SCANF

STARTTLS TCPWRAPPERS USERDB XDEBUG

Warning: Option: AuthMechanisms requires SASL support (-DSASL)

 

I also get that last warning line when sendmail starts too.  Ive tried
pkg_install sendmail+tls+sasl2+ldap,  then sendmail+tls+sasl2, then even
sendmail and cyrus-sasl-saslauthd.  Same thing as above.  Still complains of
no SASL.  Then ive tried using ports.  

 

cd /usr/ports/security/sasl2

make install distclean

cd /usr/ports/security/sasl2-saslauthd

make install distclean

 

then,

 

cd /usr/src/lib/libsm 

make obj  make depend  make 

cd /usr/src/lib/libsmutil 

make obj  make depend  make 

cd /usr/src/usr.sbin/sendmail 

make obj  make depend  make  make install

 

and always, with each attempt, I have the proper lines in /etc/rc.conf, such
as saslauthd_enable=YES, and the make.conf contains:

 

SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2

SENDMAIL_LDFLAGS+= -L/usr/local/lib

SENDMAIL_LDADD+= -lsasl2

 

I can get Sendmail to recievemails for local [EMAIL PROTECTED] no problem,
like I said, I have a general handle on the configuration of sendmail.  I
just cant get saslauthd to play nice on freebsd for the life of me!  Help!!!

 

Thanks,

Jonathan Horne

 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: saslauthd with sendmail

2006-03-17 Thread Giorgos Keramidas 
On 2006-03-17 13:44, Jonathan Horne [EMAIL PROTECTED] wrote:
 Warning: Option: AuthMechanisms requires SASL support (-DSASL)

 I also get that last warning line when sendmail starts too.  Ive tried
 pkg_install sendmail+tls+sasl2+ldap,  then sendmail+tls+sasl2, then even
 sendmail and cyrus-sasl-saslauthd.  Same thing as above.  Still complains of
 no SASL.  Then ive tried using ports.

 cd /usr/ports/security/sasl2

 make install distclean

 cd /usr/ports/security/sasl2-saslauthd

 make install distclean

 then,

 cd /usr/src/lib/libsm
 make obj  make depend  make
 cd /usr/src/lib/libsmutil
 make obj  make depend  make
 cd /usr/src/usr.sbin/sendmail
 make obj  make depend  make  make install

 and always, with each attempt, I have the proper lines in /etc/rc.conf, such
 as saslauthd_enable=YES, and the make.conf contains:

Probably not very helpful for the saslauthd problems, but...

I usually run the following script *two* times to rebuild Sendmail when
cyrus-sasl is updated:

% [EMAIL PROTECTED] /home/build]$ cat -n rebuild-sendmail.sh
%  1  #!/bin/sh
%  2
%  3  DIRS=
%  4  DIRS=${DIRS} ./bin/rmail
%  5  DIRS=${DIRS} ./lib/libmilter
%  6  DIRS=${DIRS} ./lib/libsm
%  7  DIRS=${DIRS} ./lib/libsmdb
%  8  DIRS=${DIRS} ./lib/libsmutil
%  9  DIRS=${DIRS} ./libexec/mail.local
% 10  DIRS=${DIRS} ./libexec/smrsh
% 11  DIRS=${DIRS} ./usr.bin/vacation
% 12  DIRS=${DIRS} ./usr.sbin/editmap
% 13  DIRS=${DIRS} ./usr.sbin/mailstats
% 14  DIRS=${DIRS} ./usr.sbin/makemap
% 15  DIRS=${DIRS} ./usr.sbin/praliases
% 16  DIRS=${DIRS} ./usr.sbin/sendmail
% 17
% 18  export MAKEOBJDIRPREFIX=/home/build/obj
% 19
% 20  for dname in ${DIRS} ; do
% 21  ( cd ${dname}  \
% 22make cleandir  make cleandir  make obj  \
% 23make  make install )
% 24  if test $? -ne 0 ; then
% 25  echo 
% 26  echo  FAILED while rebuilding ${dname}
% 27  exit 1
% 28  fi
% 29  done
% [EMAIL PROTECTED] /home/build]$

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Need help with Saslauthd and Sendmail

2004-10-08 Thread Andreas Widerøe Andersen 
I'm using this guide 
http://www.puresimplicity.net/~hemi/freebsd/sendmail.html to install a 
secure mail server. The imap-uw part is working fine, but the sendmail part 
isn't.

==
My system:
FreeBSD 4.7 STABLE
Sendmail 8.12.10
Saslauthd 2.1.19
I just updated all ports before installing what's described in the guide above.
I'm also using Spamassassin to filter out spam.
==
My Sendmail.conf:
# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
==
My /etc/rc.conf file looks like this:
# -- sysinstall generated deltas -- # Sun Sep 16 17:49:22 2001
# Created: Sun Sep 16 17:49:22 2001
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter=xxx.xxx.xxx.xxx
font8x14=iso-8x14
font8x16=iso-8x16
font8x8=iso-8x8
hostname=server.hostname.net
ifconfig_xl0=inet xxx.xxx.xxx.xxx netmaskxxx.xxx.xxx.xxx
#ifconfig_xl0=inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx media
100baseTX mediaopt full-duplex
kern_securelevel_enable=NO
keymap=norwegian.iso
moused_enable=NO
nfs_reserved_port_only=NO
#sendmail_enable=YES
sshd_program=/usr/local/sbin/sshd
sshd_enable=YES
usbd_enable=NO
portmap_enable=NO
lpd_enable=NO
# sasl_pwcheck_enable=YES
# sasl_pwcheck_program=/usr/local/sbin/pwcheck
saslauthd_runpath=/var/state/saslauthd   # Working directory
saslauthd_program=/usr/local/sbin/saslauthd   # Location of saslauthd
sasl_saslauthd_enable=YES
==
The bottom of my /etc/make.conf:
# Setting SENDMAIL_SET_USER_ID will install the sendmail binary as a
# set-user-ID root binary instead of a set-group-ID smmsp binary and will
# prevent the installation of /etc/mail/submit.cf.
# This is a deprecated mode of operation.  See etc/mail/README for more
# information.
#
#SENDMAIL_SET_USER_ID=
#
# The permissions to use on alias and map databases generated using
# /etc/mail/Makefile.  Defaults to 0640.
#
#SENDMAIL_MAP_PERMS=
#SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL
#SENDMAIL_LDFLAGS=-L/usr/local/lib
#SENDMAIL_LDADD=-lsasl
# SASL (cyrus-sasl v2) sendmail build flags...
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# Adding to enable alternate port (smtps) for sendmail...
SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
Sendmail has been rebuilt/restarted according to the guide.
==
# ls -la /etc/mail/certs
total 5
drwxr-xr-x  2 root  wheel   512 Oct  6 14:51 .
drwxr-xr-x  4 root  wheel   512 Oct  8 00:21 ..
-rw---  1 root  wheel  1460 Oct  6 14:51 mycert.pem
-rw---  1 root  wheel   672 Oct  6 14:51 mykey.pem
==
My sendmail.mc file (FQDN.mc):
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# [snip]
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 
16:57:30 gshapiro Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)

FEATURE(access_db, `hash -o -TTMPF /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, 
F=, T=C:15m;S:4m;R:4m;E:10m')

# [snip]
# define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
# define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl
define(`confBIND_OPTS', `WorkAroundBroken')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
==
If I telnet to my mailserver on port 25 the mailserver gives this back:
ehlo localhost
250-server.hostname.net Hello server.hostname.net [xxx.xxx.xxx.xxx], pleased
to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP
==
Anyway, I've been looking into the saslauthd and I just saw an error
message in my logfile (/var/log/messages):
Oct  7 23:45:20

Re: Need help with Saslauthd and Sendmail

2004-10-08 Thread Matthew Seaman 
On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote:

Wow.  Excellent problem report.
 
 I try to start saslauthd manually by doing a 
 /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens.

Have you put:

saslauthd_enable=YES

into /etc/rc.conf?  You need to do that (or the equivalent) for any
port that uses rc.subr (a.k.a rcNG) for it's startup script or else
that service won't be started.

Otherwise, everything you show looks good to me.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpFk3RlUncMY.pgp
Description: PGP signature

Re: Need help with Saslauthd and Sendmail

2004-10-08 Thread Andreas Widerøe Andersen 
At 13:01 08.10.2004, Matthew Seaman wrote:
On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote:
Wow.  Excellent problem report.
 I try to start saslauthd manually by doing a
 /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens.
Have you put:
saslauthd_enable=YES
into /etc/rc.conf?
Yes, but now I see they are slightly different. What I have is this:
sasl_saslauthd_enable=YES
Would your suggestion be better?
/Andreas
---
Andreas Wideroe Andersen [EMAIL PROTECTED]
Mobile: (+47) 90 92 61 21
http://www.filmshooting.com 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Need help with Saslauthd and Sendmail

2004-10-08 Thread Matthew Seaman 
On Fri, Oct 08, 2004 at 01:14:10PM +0200, Andreas Widerøe Andersen wrote:
 At 13:01 08.10.2004, Matthew Seaman wrote:
 On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote:
 
 Wow.  Excellent problem report.
 
  I try to start saslauthd manually by doing a
  /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens.
 
 Have you put:
 
 saslauthd_enable=YES
 
 into /etc/rc.conf?
 
 Yes, but now I see they are slightly different. What I have is this:
 
 sasl_saslauthd_enable=YES
 
 Would your suggestion be better?

Put it this way: it works on my system.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgpUH81SSsI96.pgp
Description: PGP signature

Re: Need help with Saslauthd and Sendmail

2004-10-08 Thread Andreas Widerøe Andersen 
At 14:43 08.10.2004, Matthew Seaman wrote:
On Fri, Oct 08, 2004 at 01:14:10PM +0200, Andreas Widerøe Andersen wrote:
 At 13:01 08.10.2004, Matthew Seaman wrote:
 On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote:
 
 Wow.  Excellent problem report.
 
  I try to start saslauthd manually by doing a
  /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens.
 
 Have you put:
 
 saslauthd_enable=YES
 
 into /etc/rc.conf?

 Yes, but now I see they are slightly different. What I have is this:

 sasl_saslauthd_enable=YES

 Would your suggestion be better?
Put it this way: it works on my system.
Cheers,
Matthew

Youuhooo!!! It worked!
Thanks Matthew!!!
For the record: /etc/rc.conf should contain saslauthd_enable=YES and NOT 
this: sasl_saslauthd_enable=YES.

When you do a ps -aux | grep saslauthd after rebooting you should see this 
(or many of these):

# ps -aux | grep saslauthd
root 173  0.0  0.1  1080  704  ??  Is4:38PM   0:00.01 
/usr/local/sbin/saslauthd -a pam -m /var/state/saslauthd

/Andreas
---
Andreas Wideroe Andersen [EMAIL PROTECTED]
Mobile: (+47) 90 92 61 21
http://www.filmshooting.com 

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Need help with Saslauthd and Sendmail

2004-10-08 Thread Josh Tolbert 
On Fri, Oct 08, 2004 at 12:01:38PM +0100, Matthew Seaman wrote:
 On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote:
 
 Wow.  Excellent problem report.
  
  I try to start saslauthd manually by doing a 
  /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens.
 
 Have you put:
 
 saslauthd_enable=YES
 
 into /etc/rc.conf?  You need to do that (or the equivalent) for any
 port that uses rc.subr (a.k.a rcNG) for it's startup script or else
 that service won't be started.
 
 Otherwise, everything you show looks good to me.
 
   Cheers,
 
   Matthew

Page is updated. When I originally wrote the page the rc var was
sasl_saslauthd_enable=YES. I didn't notice the change when the script got
updated for rcNG.

Thanks,
Josh
-- 
Josh Tolbert
[EMAIL PROTECTED]  ||  http://www.puresimplicity.net/~hemi/

If your sysadmin's not being fascist, you're paying him too much.
   --Sam Greenfield
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]