Solved sendmail on 15-0-RELEASE

[Paul Floyd]

I've been trying to setup sendmail on a laptop running 15.0-RELEASE amd64. I've used the same config that I have been using on previous versions of FreeBSD but it's not working.

The lines that I've added to my `hostname`.mc are

< dnl SMART HOST CONFIG
< define(`SMART_HOST', `{my ISP address}')dnl
< define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
< define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
< FEATURE(`authinfo',`hash /etc/mail/authinfo.db')dnl
< TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

The first thing that I don't understand is that on 14.3 /etc/mail/mailer.conf is the dma version yet 14.3 uses sendmail (mail gets written to /var/spool/mqueue, I see messages referring to sendmail and sm-mta in /var/log/maillog). With the dma mailer.conf on 15.0 the mail gets put in /var/spool/dma and maillog gets messages referring to dma.

It seems to me that 15.0 is doing the right thing. Why is 14.3 not taking mailer.conf into account?

When 15.0 uses dma maillog contains messages like "IP blocked by Abusix" and "can not bounce a bounce message, discarding". Since I've done no configuration for dma I'm surprised that it even manages to connect to my ISP.

If I stop sendmail, switch to the sendmail version of mailer.conf and restart sendmail I get

Warning: Option: AuthMechanisms requires SASL support (-DSASL)

That's not good and I don't get that on 14.3. I've tried both the pkg and built from ports versions of sendmail, same thing. In both cases they definitely are built with SASL.

pkg info sendmail includes

SASL : on

and I could see the option was on when I built the port version.

I can also confirm that with "sendmail -d0.1 < /dev/null"

When I try to send a mail, the mail -v output looks good but (as expected) maillog contains "Authentication Required" messages.

Further confirmation of this. procstat-v shows me that on 14.3 sendmail loads the sasl libs but not on 15.0. I don't know how to trace sendmail and I don't even know exactly what the flow is. My guess here is that there is a library compatibility issue and sendmail is failing to dlopen the sasl libs (missing symbol?) or it's a sasl config issue (SASL_PATH or something?).

So to summarise, 2 questions

1. For my peace of mind, why is 14.3 using sendmail even though /etc/mail/mailer.conf is configured for dma?
2. How can I get sendmail to use SASL correctly?

Second thoughts. I just did some tracing with ktrace.

In 14.3 I see that mail/mailwrapper is using /usr/local/etc/mail/mailer.conf not /etc/mail/mailer.conf. On 15.0 it is /etc/mail/mailer.conf that gets used. That clears up the first mystery.

So to resummarise, just one question

1. How can I get sendmail to use SASL correctly?

 

[SirDice]

In 14.3 I see that mail/mailwrapper is using /usr/local/etc/mail/mailer.conf not /etc/mail/mailer.conf. On 15.0 it is /etc/mail/mailer.conf that gets used. That clears up the first mystery.

Not exactly, mailwrapper(8) can use /usr/local/etc/mail/mailer.conf but that file does not come with the base OS, only /etc/mail/mailer.conf does. Your /usr/local/etc/mail/mailer.conf has to have been added later on (by installing mail/sendmail perhaps?). And it would overrule whatever was set in /etc/mail/mailer.conf.

     The mailwrapper program is designed to replace /usr/sbin/sendmail and to
     invoke an appropriate MTA based on configuration information placed in
     ${LOCALBASE}/etc/mail/mailer.conf falling back on /etc/mail/mailer.conf.
     This permits the administrator to configure which MTA is to be invoked on
     the system at run time.

and I could see the option was on when I built the port version.

Yes, that option is on by default. So the package should have it too. Not sure why it's claiming not to support it though.

 

[covacat]

to use base sendmail with sasl you need
SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl2
in make.conf and then rebuild
but its rather painful because you need to rebuild sendmail everytime you upgrade minor or major version (also keep src around)

 

[Paul Floyd]

to use base sendmail with sasl you need
SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl2
in make.conf and then rebuild
but its rather painful because you need to rebuild sendmail everytime you upgrade minor or major version (also keep src around)

I must have had similar issues in the dim and distant past. My amd64 14.3 make.conf contains

SENDMAIL_CF_DIR= /usr/local/share/sendmail/cf
#SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
#SENDMAIL_LDADD=/usr/local/lib/libsasl2.so

That was a good while ago and both my main workstation and my RPi (on 14.3) are now using the latest pkg version.

The pkg version is linked with libsasl2. E.g. on the RPi

paulf> ldd /usr/local/sbin/sendmail
/usr/local/sbin/sendmail:
libwrap.so.6 => /usr/lib/libwrap.so.6 (0x749453670000)
libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x749453b62000)
libblacklist.so.0 => /usr/lib/libblacklist.so.0 (0x74945430a000)
libssl.so.30 => /usr/lib/libssl.so.30 (0x7494547a7000)
libcrypto.so.30 => /lib/libcrypto.so.30 (0x749455cbc000)
libutil.so.9 => /lib/libutil.so.9 (0x749455862000)
libc.so.7 => /lib/libc.so.7 (0x749456c38000)
libdl.so.1 => /usr/lib/libdl.so.1 (0x749457052000)

It's the same on 15.0

I just checked _which_ sendmail is running on 15.0 and it is

/usr/libexec/sendmail/sendmail

That looks like it is 8.18.1 _not_linked with sasl2.

On the 14.3 machines it is

/usr/local/sbin/sendmail

which is linked with sasl2.

Also on the 14.3 systems there is /usr/local/etc/mail/mailer.conf that refers to the /usr/local/bin version ; not on 15.0.

That leads me to SirDice's answer.

I just copied
/usr/local/etc/mail/mailer.conf.sendmail to mailer.conf, restarted sendmail and it is now working on 15.0.

I don't remember having done that on previous systems (but then I'm getting old and often forget things).