2002-11-15
|
Note: These instructions are useful if you need to build sendmail from source. If not you can simply install Sendmail by “cd /usr/ports/mail/sendmail” and using “make install SENDMAIL_WITH_SASL=yes”
|
I - Install cyrus-sasl from ports
# cd /usr/ports/security/cyrus-sasl # make install
A box will popup - select “pwcheck” and deselect everything else.
Note: One of the files has a bad MD5 signature, you should update it in the “distinfo” file. Or if you’re too lazy you can do a “make install NO_CHECKSUM=YES”
II - Install GnuPG (needed to verify Sendmail’s PGP signature)
# cd /usr/ports/security/gnupg # make install # gpg
III - Download Sendmail Source
# mkdir /usr/local/src # cd /usr/local/src # ftp ftp.sendmail.org User: anomymous Password: bob cd /pub/sendmail binary get sendmail.8.12.6.tar.sig get sendmail.8.12.6.tar.gz ascii get PGPKEYS bye
IV - Verify Sendmail’s PGP Signature
# gunzip sendmail.8.12.6.tar.gz # gpg --import PGPKEYS # gpg --verify sendmail.8.12.6.tar.sig sendmail.8.12.6.tar
If GPG says its a bad signature DO NOT INSTALL
Note: gpg will warn you about the signature not being trusted. That’s okay. Just make sure you see “good signature”
V - Install Sendmail
# cd /usr/local/lib/sasl # rm libkerb* # cd /usr/local/src # tar -xmf sendmail.8.12.6.tar # cd sendmail-8.12.6/devtools/Site # vi site.config.m4 APPENDDEF(`confENVDEF', `-DSASL') APPENDDEF(`conf_sendmail_LIBS', `-lsasl') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl')
Make sure you notice the difference between ` and ‘ in the site.config.m4 file.
# cd ../.. # sh Build
When building make sure you see “-DSASL” fly across the screen. If you don’t then something is probably wrong in the site.config.m4 file. If you made a mistake in the site.config.m4 file you’ll need to delete the ojb* folder inside /usr/local/src/sendmail-8.12.6 before building again.
# sh Build install
VI - Configure Sendmail
# cd /usr/local/src/sendmail-8.12.6/cf/cf # cp generic-bsd4.4.mc config.mc # vi config.mc
Add the following lines…
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl MODIFY_MAILER_FLAGS(`LOCAL', `+S') # sh Build config.cf # cp config.cf /etc/mail/sendmail.cf # vi /etc/mail/local-host-names mail mail.b3n.org
I had to fix some permissions on the sasldb.db to get authentication to work. Here’s the commands I issued:
# cd /usr/local/etc # chown root sasldb.db # chmod 600 sasldb.db # killall sendmail # /usr/sbin/sendmail -q30m -bd # telnet localhost 25 ehlo localhost
If you see “AUTH PLAIN LOGIN” it worked. Now you can use SMTP authentication to send email.
You’ll need to issue this command before anyone can recieve email…
# chmod u+s /usr/libexec/mail.local
And if you plan on using Pine it will complain about the default permissions (1770) on /var/mail. To make it hush use these permissions:
# chmod 1777 /var/mail
