saslauthd with sendmail
Greetings! This is my first posting to this list, ive been using FreeBSD for about 5 days now. I come from a fairly extensive linux background, so I have a pretty good handle on compiling and configuring things. Im actually doing a project for myself to see if I can configure an exact services replica of my production linux servers, but on FreeBSD (and then ill switch it over!!). I have a couple dev boxes im using for my experimentation. One, I did a minimal install. The other, I did the developer install (install option 4 I believe it was). The other, I did a full/complete install, but so far, ive not used that one in any of my testing. Its just there. I am having terrible trouble with sendmail and saslauthd! Ive spent at least 48 hours compiling or pkg_add'ing things to try to get it to work. Each time I give the command: sendmail -d0.1 -bv root, this is what I get: fbsd60-3# sendmail -d0.1 -bv root Version 8.13.4 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG Warning: Option: AuthMechanisms requires SASL support (-DSASL) I also get that last warning line when sendmail starts too. Ive tried pkg_install sendmail+tls+sasl2+ldap, then sendmail+tls+sasl2, then even sendmail and cyrus-sasl-saslauthd. Same thing as above. Still complains of no SASL. Then ive tried using ports. cd /usr/ports/security/sasl2 make install distclean cd /usr/ports/security/sasl2-saslauthd make install distclean then, cd /usr/src/lib/libsm make obj make depend make cd /usr/src/lib/libsmutil make obj make depend make cd /usr/src/usr.sbin/sendmail make obj make depend make make install and always, with each attempt, I have the proper lines in /etc/rc.conf, such as saslauthd_enable=YES, and the make.conf contains: SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl2 I can get Sendmail to recievemails for local [EMAIL PROTECTED] no problem, like I said, I have a general handle on the configuration of sendmail. I just cant get saslauthd to play nice on freebsd for the life of me! Help!!! Thanks, Jonathan Horne ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: saslauthd with sendmail
On 2006-03-17 13:44, Jonathan Horne [EMAIL PROTECTED] wrote: Warning: Option: AuthMechanisms requires SASL support (-DSASL) I also get that last warning line when sendmail starts too. Ive tried pkg_install sendmail+tls+sasl2+ldap, then sendmail+tls+sasl2, then even sendmail and cyrus-sasl-saslauthd. Same thing as above. Still complains of no SASL. Then ive tried using ports. cd /usr/ports/security/sasl2 make install distclean cd /usr/ports/security/sasl2-saslauthd make install distclean then, cd /usr/src/lib/libsm make obj make depend make cd /usr/src/lib/libsmutil make obj make depend make cd /usr/src/usr.sbin/sendmail make obj make depend make make install and always, with each attempt, I have the proper lines in /etc/rc.conf, such as saslauthd_enable=YES, and the make.conf contains: Probably not very helpful for the saslauthd problems, but... I usually run the following script *two* times to rebuild Sendmail when cyrus-sasl is updated: % [EMAIL PROTECTED] /home/build]$ cat -n rebuild-sendmail.sh % 1 #!/bin/sh % 2 % 3 DIRS= % 4 DIRS=${DIRS} ./bin/rmail % 5 DIRS=${DIRS} ./lib/libmilter % 6 DIRS=${DIRS} ./lib/libsm % 7 DIRS=${DIRS} ./lib/libsmdb % 8 DIRS=${DIRS} ./lib/libsmutil % 9 DIRS=${DIRS} ./libexec/mail.local % 10 DIRS=${DIRS} ./libexec/smrsh % 11 DIRS=${DIRS} ./usr.bin/vacation % 12 DIRS=${DIRS} ./usr.sbin/editmap % 13 DIRS=${DIRS} ./usr.sbin/mailstats % 14 DIRS=${DIRS} ./usr.sbin/makemap % 15 DIRS=${DIRS} ./usr.sbin/praliases % 16 DIRS=${DIRS} ./usr.sbin/sendmail % 17 % 18 export MAKEOBJDIRPREFIX=/home/build/obj % 19 % 20 for dname in ${DIRS} ; do % 21 ( cd ${dname} \ % 22make cleandir make cleandir make obj \ % 23make make install ) % 24 if test $? -ne 0 ; then % 25 echo % 26 echo FAILED while rebuilding ${dname} % 27 exit 1 % 28 fi % 29 done % [EMAIL PROTECTED] /home/build]$ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Need help with Saslauthd and Sendmail
I'm using this guide http://www.puresimplicity.net/~hemi/freebsd/sendmail.html to install a secure mail server. The imap-uw part is working fine, but the sendmail part isn't. == My system: FreeBSD 4.7 STABLE Sendmail 8.12.10 Saslauthd 2.1.19 I just updated all ports before installing what's described in the guide above. I'm also using Spamassassin to filter out spam. == My Sendmail.conf: # cat /usr/local/lib/sasl2/Sendmail.conf pwcheck_method: saslauthd == My /etc/rc.conf file looks like this: # -- sysinstall generated deltas -- # Sun Sep 16 17:49:22 2001 # Created: Sun Sep 16 17:49:22 2001 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. defaultrouter=xxx.xxx.xxx.xxx font8x14=iso-8x14 font8x16=iso-8x16 font8x8=iso-8x8 hostname=server.hostname.net ifconfig_xl0=inet xxx.xxx.xxx.xxx netmaskxxx.xxx.xxx.xxx #ifconfig_xl0=inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx media 100baseTX mediaopt full-duplex kern_securelevel_enable=NO keymap=norwegian.iso moused_enable=NO nfs_reserved_port_only=NO #sendmail_enable=YES sshd_program=/usr/local/sbin/sshd sshd_enable=YES usbd_enable=NO portmap_enable=NO lpd_enable=NO # sasl_pwcheck_enable=YES # sasl_pwcheck_program=/usr/local/sbin/pwcheck saslauthd_runpath=/var/state/saslauthd # Working directory saslauthd_program=/usr/local/sbin/saslauthd # Location of saslauthd sasl_saslauthd_enable=YES == The bottom of my /etc/make.conf: # Setting SENDMAIL_SET_USER_ID will install the sendmail binary as a # set-user-ID root binary instead of a set-group-ID smmsp binary and will # prevent the installation of /etc/mail/submit.cf. # This is a deprecated mode of operation. See etc/mail/README for more # information. # #SENDMAIL_SET_USER_ID= # # The permissions to use on alias and map databases generated using # /etc/mail/Makefile. Defaults to 0640. # #SENDMAIL_MAP_PERMS= #SENDMAIL_CFLAGS=-I/usr/local/include/sasl1 -DSASL #SENDMAIL_LDFLAGS=-L/usr/local/lib #SENDMAIL_LDADD=-lsasl # SASL (cyrus-sasl v2) sendmail build flags... SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 # Adding to enable alternate port (smtps) for sendmail... SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL Sendmail has been rebuilt/restarted according to the guide. == # ls -la /etc/mail/certs total 5 drwxr-xr-x 2 root wheel 512 Oct 6 14:51 . drwxr-xr-x 4 root wheel 512 Oct 8 00:21 .. -rw--- 1 root wheel 1460 Oct 6 14:51 mycert.pem -rw--- 1 root wheel 672 Oct 6 14:51 mykey.pem == My sendmail.mc file (FQDN.mc): divert(-1) # # Copyright (c) 1983 Eric P. Allman # [snip] divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 16:57:30 gshapiro Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') # [snip] # define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl # define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBroken') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) == If I telnet to my mailserver on port 25 the mailserver gives this back: ehlo localhost 250-server.hostname.net Hello server.hostname.net [xxx.xxx.xxx.xxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP == Anyway, I've been looking into the saslauthd and I just saw an error message in my logfile (/var/log/messages): Oct 7 23:45:20
Re: Need help with Saslauthd and Sendmail
On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote: Wow. Excellent problem report. I try to start saslauthd manually by doing a /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens. Have you put: saslauthd_enable=YES into /etc/rc.conf? You need to do that (or the equivalent) for any port that uses rc.subr (a.k.a rcNG) for it's startup script or else that service won't be started. Otherwise, everything you show looks good to me. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpFk3RlUncMY.pgp Description: PGP signature
Re: Need help with Saslauthd and Sendmail
At 13:01 08.10.2004, Matthew Seaman wrote: On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote: Wow. Excellent problem report. I try to start saslauthd manually by doing a /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens. Have you put: saslauthd_enable=YES into /etc/rc.conf? Yes, but now I see they are slightly different. What I have is this: sasl_saslauthd_enable=YES Would your suggestion be better? /Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help with Saslauthd and Sendmail
On Fri, Oct 08, 2004 at 01:14:10PM +0200, Andreas Widerøe Andersen wrote: At 13:01 08.10.2004, Matthew Seaman wrote: On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote: Wow. Excellent problem report. I try to start saslauthd manually by doing a /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens. Have you put: saslauthd_enable=YES into /etc/rc.conf? Yes, but now I see they are slightly different. What I have is this: sasl_saslauthd_enable=YES Would your suggestion be better? Put it this way: it works on my system. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpUH81SSsI96.pgp Description: PGP signature
Re: Need help with Saslauthd and Sendmail
At 14:43 08.10.2004, Matthew Seaman wrote: On Fri, Oct 08, 2004 at 01:14:10PM +0200, Andreas Widerøe Andersen wrote: At 13:01 08.10.2004, Matthew Seaman wrote: On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote: Wow. Excellent problem report. I try to start saslauthd manually by doing a /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens. Have you put: saslauthd_enable=YES into /etc/rc.conf? Yes, but now I see they are slightly different. What I have is this: sasl_saslauthd_enable=YES Would your suggestion be better? Put it this way: it works on my system. Cheers, Matthew Youuhooo!!! It worked! Thanks Matthew!!! For the record: /etc/rc.conf should contain saslauthd_enable=YES and NOT this: sasl_saslauthd_enable=YES. When you do a ps -aux | grep saslauthd after rebooting you should see this (or many of these): # ps -aux | grep saslauthd root 173 0.0 0.1 1080 704 ?? Is4:38PM 0:00.01 /usr/local/sbin/saslauthd -a pam -m /var/state/saslauthd /Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need help with Saslauthd and Sendmail
On Fri, Oct 08, 2004 at 12:01:38PM +0100, Matthew Seaman wrote: On Fri, Oct 08, 2004 at 12:30:51PM +0200, Andreas Widerøe Andersen wrote: Wow. Excellent problem report. I try to start saslauthd manually by doing a /usr/local/etc/rc.d/saslauthd.sh start, but nothing happens. Have you put: saslauthd_enable=YES into /etc/rc.conf? You need to do that (or the equivalent) for any port that uses rc.subr (a.k.a rcNG) for it's startup script or else that service won't be started. Otherwise, everything you show looks good to me. Cheers, Matthew Page is updated. When I originally wrote the page the rc var was sasl_saslauthd_enable=YES. I didn't notice the change when the script got updated for rcNG. Thanks, Josh -- Josh Tolbert [EMAIL PROTECTED] || http://www.puresimplicity.net/~hemi/ If your sysadmin's not being fascist, you're paying him too much. --Sam Greenfield ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]