Sendmail Question; unable to send mail as normal user

Frank Staals frankstaals at gmx.net
Tue Aug 8 08:26:06 UTC 2006 

Greg Groth wrote:
>> Hmm I guess that sould be the problem then:
>>
>> root at Fstaals$ telnet localhost 25
>> Trying ::1...
>> Trying 127.0.0.1...
>> Connected to localhost.eu.org
>> Escape character is '^]'.
>> 220 Fstaals.net ESMTP Sendmail 8.13.3/8.13.3; Mon, 7 Aug 2006 
>> 20:31:30 +0200 (CE
>> ST)
>> EHLO localhost
>> 250-Fstaals.net Hello localhost.eu.org [127.0.0.1], pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-8BITMIME
>> 250-SIZE
>> 250-DSN
>> 250-ETRN
>> 250-DELIVERBY
>> 250 HELP
>>
>> I compiled sendmail with the following options:
>>
>> root at Fstaals$ cat /etc/make.conf
>> # SASL (cyrus-sasl v2) sendmail build flags...
>> SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
>> SENDMAIL_LDFLAGS=-L/usr/local/lib
>> SENDMAIL_LDADD=-lsasl2
>> # Adding to enable alternate port (smtps) for sendmail...
>> SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL
>> # added by use.perl 2006-03-02 22:35:07
>> PERL_VER=5.8.8
>> PERL_VERSION=5.8.8
>>
>> What should I do fix this ? Appart from those lines in /etc/make.conf 
>> I didn't change anything regarding to the build of sendmail
>>
>> Regards,
>>
>
> Need more info.  How did you recompile Sendmail?  For instance, I did 
> a minimal install, updated my ports, installed cvsup-without-gui & 
> fastest-cvsup, cvsupped my sources, ran a buildworld to get the base 
> system up to date, then added the following to make.conf:
>
>
<snip> <Example>
>
> In the instances I had a screwup in which I could not resolve, I've 
> made the following bonehead moves:
>
> 1. Ran make installworld without dropping to single-user mode
> 2. cvsupped to the wrong source tree due to my ignorance of the tags 
> in the cvsup file.
>
> My latest misadventures with getting PLAIN LOGIN working were on 
> systems where I did everything correctly, but installed a number of 
> ports prior to messing with the MTA.  This included Apache, PHP, 
> MySQL, Squirrelmail, XOrg, KDE-lite, and whatever dependencies were 
> needed. The same issue occured with trying to get PLAIN AUTH working 
> with Postfix, and on a second box with Sendmail.  I ended up 
> reinstalling, and focused on getting the MTA and SASL2 working 
> immediately after getting the system up to date, and had no issues.
>
> IMHO, worry about getting PLAIN LOGIN working before messing with 
> compiling SSL support into Sendmail.  In my experience, configuring 
> SSL can be a pain, making sure everything is where it's supposed to be.
>
> Best regards,
> Greg Groth
>
>
Basically it would be the following:

Installed FreeBSD 5.3-RELEASE, minimal install ; manually added the 
extra stuff I wanted. Installed a lot of the usual stuff: Apache, php, 
smnmpd. Then some time ago I decided I also wanted to run a mailserver 
so Installed imap-uw and cyrus-sasl2-saslauthd. Added:

# SASL (cyrus-sasl v2) sendmail build flags...
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
# Adding to enable alternate port (smtps) for sendmail...
SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL

to /etc/make.conf rebuild world and updated to 5.4-STABLE, manually 
rebuild sendmail :

cd /usr/src/usr.sbin/sendmail

make clean
make depend
make
make install

Made SSL certificates:

mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -newkey dsa:dsa1024.pem -out mycert.pem -keyout 
mykey.pem
rm dsa1024.pem
chmod -R 600 /etc/mail/certs/*

Checked if 'pwcheck_method: saslauthd' was in my 
/usr/local/lib/sasl2/Sendmail.conf

then:

cd /etc/mail/
make all

added the following to HOSTNAME.mc :

define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

ran a  :

make all install restart

Then basically my mailserver thingy stopped for a while ( not enough 
time etc ) without realy finishing it up. When I continued last week I 
tested what worked; I found out I could send mail as root ( with mail 
<e-mail-address ) but not as user. I decided I also wanted spamassasin 
and that it would probably be best if I did that immediately so I 
Installed spamassasin ( spamass-milter ) and made sure both spamassasin 
and spamd started at boot. Manually started both daemons. Then added the 
following to /etc/mail/HOSTNAME.mc


INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, 
F=, T=C:15m;S:4m;R:4m;E:10m')

define(`confINPUT_MAIL_FILTERS', `spamassassin')

I also fixed a syntax error in my HOSTNAME.mc file ( something went 
wrong with the ` ) then ran a

make all install restart
/etc/rc.d/sendmail restart

tested if sasl was working ( which worked fine ) :

testsaslauthd -u <user> -p <password>

At this point I was able to send mail from localhost ( by using mail 
<mail-address> ) but still I wans't able to send e-mail from a remote 
host; so I googled and added the 'mech_list: login plain' to 
/usr/local/lib/sasl2/Sendmail.conf . Now I was able to send e-mail from 
a remote box to a user on my server but not to other people.

That would be my situation. Last: these are the references I used during 
my install:

http://www.puresimplicity.net/~hemi/freebsd/sendmail.html << For the 
part I did a long time ago
http://dfwlpiki.dfwlp.org/index.php/Deploying_a_FreeBSD_Server#Configuring_Mail_Services 
<< Mainly for the Spamassasin thing, the basic sendmail install and 
config was the same as on the first guide I used to install sendmail

I'm not sure what would be best; maybe I should completely reinstall 
sendmail, but if other daemons like apache etc. cause sendmail not to 
work correctly I would have to reinstall my intire server, what I would 
dislike.

Anyway, thanks for your help so far allready :)

Regards,

-- 
-Frank Staals

More information about the freebsd-questions mailing list