Adding SASL support to a running sendmail configuration.

My mail server is running smoothly at the moment but for a while I have had some thoughts about adding SASL support to my setup. I have read that you need to rebuild Sendmail to be able to add SASL support.

In Michael W. Lucas's excellent book "Absolute FreeBSD" he recommends installing the Sendmail port with the following custom options:

Code:
/usr/ports/mail/sendmail
make SENDMAIL_WITH_SASL2=YES all install clean

But if I read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html they recommend installing the ports:

Code:
security/cyrus-sasl2
security/cyrus-sasl2-saslauthd

and then running:

Code:
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install

If I were going to install a new fresh installation then I would have chosen whatever of the two above alternatives but now I´m going to add it to an already running system. Which of the two alternatives is the best to avail to an already running setup? I don't want to mess too much with my current setup. (I´m mostly thinking about current configuration files).

My setup:
Code:
FreeBSD 8.2-RELEASE-p3
dovecot-1.2.17 
sendmail 8.14.4
 
I have attempted the steps from the handbook as you have shown on my FreeBSD 9.0 RELEASE system. First I discovered there were no SRC files so I used FTP to get them and then gtar -C / -xvzf src.txz to extract them into /usr/src. I installed security/cyrus-sasl2 and security/cyrus-sasl2-saslauthd, edited sendmail.conf and rc.conf as directed and started saslauthd as directed. Then I started the make process. The third make make cleandir && make obj && make && make install failed with the error
Code:
stop cannot find lsasl2

I have searched for what to do to correct the error to no avail. I found several people have had similar problems but I have not found s solution. What should I do?
 
Did you edit /etc/make.conf as instructed in the handbook? Also do you have an up to date ports tree at /usr/ports (portsnap(8) recommended if you're not using it already)?
 
Thank you kpa.

I use portaudit and recently have been following the work done on perl to repair a security issue. I used portsnap and portupgrade for perl Feb 16. All the rest of the ports I use are up to date.

The following is the content of /etc/make.conf:

Code:
# added by use.perl 2012-02-16 00:43:56
PERL_VERSION=5.12.4
SENDMAIL_CFLAGES=-I/usr/local/include/sasl -DSASL
SENDMAIL-LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2

I notice there is a bit different form of the first SENDMAIL line of make.conf in the forum topic "Sendmail+procmail+imapuw+smtpauth+sasl+ssl+spamass assin". Here is the entry:

Code:
SENDMAIL_CFLAGES=-I/usr/local/include -DSASL=2

This version might be worth a try.
 
Are these typos in your post or what you actually have in /etc/make.conf?

Code:
SENDMAIL_CFLAGES=-I/usr/local/include/sasl -DSASL
SENDMAIL-LDFLAGS=-L/usr/local/lib

It should be:

Code:
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
 
In the latest FreeBSD 12, I get this issue when I followed the handbook: Anyone has a solution to this? I have security/openssl installed.

Code:
cc -O2 -pipe -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -DTCPWRAPPERS -I/usr/local/include/sasl -DSASL -D_FFR_SMTP_SSL -g -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -Qunused-arguments  -L/usr/local/lib  -o sendmail.full alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o version.o  -lsasl2 -L/usr/obj/usr/src/amd64.amd64/lib/libutil -lutil -L/usr/obj/usr/src/amd64.amd64/lib/libsm -L/usr/obj/usr/src/amd64.amd64/lib/libsm -lsm -L/usr/obj/usr/src/amd64.amd64/lib/libsmutil -lsmutil -L/usr/obj/usr/src/amd64.amd64/secure/lib/libssl -lssl -L/usr/obj/usr/src/amd64.amd64/secure/lib/libcrypto -lcrypto -L/usr/obj/usr/src/amd64.amd64/lib/libwrap -lwrap
/usr/bin/ld: error: undefined symbol: OpenSSL_version_num
>> referenced by main.c:653 (/usr/src/contrib/sendmail/src/main.c:653)
>>               main.o:(main)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_ssl
>> referenced by tls.c:368 (/usr/src/contrib/sendmail/src/tls.c:368)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_ssl
>> referenced by tls.c:369 (/usr/src/contrib/sendmail/src/tls.c:369)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_crypto
>> referenced by tls.c:370 (/usr/src/contrib/sendmail/src/tls.c:370)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: TLS_server_method
>> referenced by tls.c:967 (/usr/src/contrib/sendmail/src/tls.c:967)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: TLS_client_method
>> referenced by tls.c:968 (/usr/src/contrib/sendmail/src/tls.c:968)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: OpenSSL_version_num
>> referenced by tls.c:1202 (/usr/src/contrib/sendmail/src/tls.c:1202)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: OPENSSL_sk_num
>> referenced by ssl.h:946 (/usr/include/openssl/ssl.h:946)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: SSL_CTX_set_options
>> referenced by tls.c:1210 (/usr/src/contrib/sendmail/src/tls.c:1210)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: DH_set0_pqg
>> referenced by tls.c:152 (/usr/src/contrib/sendmail/src/tls.c:152)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: DH_set0_pqg
>> referenced by tls.c:93 (/usr/src/contrib/sendmail/src/tls.c:93)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: SSL_CTX_set_options
>> referenced by tls.c:1304 (/usr/src/contrib/sendmail/src/tls.c:1304)
>>               tls.o:(inittls)
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make: stopped in /usr/src/usr.sbin/sendmail
 
To get this to work in FreeBSD 12, you can't have the openssl version from ports installed. I was having the same issue until I uninstalled the openssl port, then it compiled just fine.
 
With openssl111 from ports also compiles fine. If you use thos version of openssl you should add to /etc/make.conf:
Code:
DEFAULT_VERSIONS+=ssl=openssl111
 
According to the latest UPDATING in ports:

"The openssl port was removed on 2019-12-31, subsequently the openssl111 port was renamed to openssl on 2020-01-01"

So from now on, following the instructions in the handbook should work just fine if you have this in /etc/make.conf:

Code:
DEFAULT_VERSIONS+=ssl=openssl

(at least it worked for me here upgrading from 11.3 to 12-STABLE)
 
Back
Top