# Adding SASL support to a running sendmail configuration.



## JackOfAllTrades (Feb 11, 2012)

My mail server is running smoothly at the moment but for a while *I* have had some thoughts about adding SASL support to my setup. I have read that you need to rebuild Sendmail to be able to add SASL support. 

In Michael W. Lucas's excellent book "Absolute FreeBSD" he recommends installing the Sendmail port with the following custom options:


```
/usr/ports/mail/sendmail
make SENDMAIL_WITH_SASL2=YES all install clean
```

But if *I* read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html they recommend installing the ports:


```
security/cyrus-sasl2
security/cyrus-sasl2-saslauthd
```

and then running:


```
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install
```

If *I* were going to install a new fresh installation then *I* would have chosen whatever of the two above alternatives but now *I*Â´m going to add it to an already running system. Which of the two alternatives is the best to avail to an already running setup? I don't want to mess too much with my current setup. (IÂ´m mostly thinking about current configuration files).

My setup:

```
FreeBSD 8.2-RELEASE-p3
dovecot-1.2.17 
sendmail 8.14.4
```


----------



## ccrupp (Feb 27, 2012)

I have attempted the steps from the handbook as you have shown on my FreeBSD 9.0 RELEASE system. First I discovered there were no SRC files so I used FTP to get them and then *gtar -C / -xvzf src.txz* to extract them into /usr/src. I installed security/cyrus-sasl2 and security/cyrus-sasl2-saslauthd, edited sendmail.conf and rc.conf as directed and started saslauthd as directed. Then I started the make process. The third make *make cleandir && make obj && make && make install* failed with the error 
	
	



```
stop cannot find lsasl2
```

I have searched for what to do to correct the error to no avail. I found several people have had similar problems but I have not found s solution. What should I do?


----------



## kpa (Feb 27, 2012)

Did you edit /etc/make.conf as instructed in the handbook? Also do you have an up to date ports tree at /usr/ports (portsnap(8) recommended if you're not using it already)?


----------



## kpa (Feb 27, 2012)

@JackOfAllTrades The builtin sendmail(8) works just as well, I would say that recompiling the base system sendmail(8) to support SASL authentication is a bit cleaner alternative than using the port.


----------



## ccrupp (Feb 28, 2012)

Thank you kpa.

I use portaudit and recently have been following the work done on perl to repair a security issue. I used portsnap and portupgrade for perl Feb 16. All the rest of the ports I use are up to date.

The following is the content of /etc/make.conf:


```
# added by use.perl 2012-02-16 00:43:56
PERL_VERSION=5.12.4
SENDMAIL_CFLAGES=-I/usr/local/include/sasl -DSASL
SENDMAIL-LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
```

I notice there is a bit different form of the first SENDMAIL line of make.conf in the forum topic "Sendmail+procmail+imapuw+smtpauth+sasl+ssl+spamass assin". Here is the entry:


```
SENDMAIL_CFLAGES=-I/usr/local/include -DSASL=2
```

This version might be worth a try.


----------



## kpa (Feb 28, 2012)

Are these typos in your post or what you actually have in /etc/make.conf? 


```
SENDMAIL_CFLAGES=-I/usr/local/include/sasl -DSASL
SENDMAIL-LDFLAGS=-L/usr/local/lib
```

It should be: 


```
SENDMAIL_CFLAGS=-I/usr/local/include/sasl -DSASL
SENDMAIL_LDFLAGS=-L/usr/local/lib
```


----------



## ccrupp (Feb 29, 2012)

-><) palm slap to head. Thanks.


----------



## ahgu (Feb 10, 2019)

In the latest FreeBSD 12, I get this issue when I followed the handbook:  Anyone has a solution to this?  I have security/openssl installed.


```
cc -O2 -pipe -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -DTCPWRAPPERS -I/usr/local/include/sasl -DSASL -D_FFR_SMTP_SSL -g -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -Qunused-arguments  -L/usr/local/lib  -o sendmail.full alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o deliver.o domain.o envelope.o err.o headers.o macro.o main.o map.o mci.o milter.o mime.o parseaddr.o queue.o ratectrl.o readcf.o recipient.o savemail.o sasl.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o version.o  -lsasl2 -L/usr/obj/usr/src/amd64.amd64/lib/libutil -lutil -L/usr/obj/usr/src/amd64.amd64/lib/libsm -L/usr/obj/usr/src/amd64.amd64/lib/libsm -lsm -L/usr/obj/usr/src/amd64.amd64/lib/libsmutil -lsmutil -L/usr/obj/usr/src/amd64.amd64/secure/lib/libssl -lssl -L/usr/obj/usr/src/amd64.amd64/secure/lib/libcrypto -lcrypto -L/usr/obj/usr/src/amd64.amd64/lib/libwrap -lwrap
/usr/bin/ld: error: undefined symbol: OpenSSL_version_num
>> referenced by main.c:653 (/usr/src/contrib/sendmail/src/main.c:653)
>>               main.o:(main)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_ssl
>> referenced by tls.c:368 (/usr/src/contrib/sendmail/src/tls.c:368)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_ssl
>> referenced by tls.c:369 (/usr/src/contrib/sendmail/src/tls.c:369)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: OPENSSL_init_crypto
>> referenced by tls.c:370 (/usr/src/contrib/sendmail/src/tls.c:370)
>>               tls.o:(init_tls_library)

/usr/bin/ld: error: undefined symbol: TLS_server_method
>> referenced by tls.c:967 (/usr/src/contrib/sendmail/src/tls.c:967)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: TLS_client_method
>> referenced by tls.c:968 (/usr/src/contrib/sendmail/src/tls.c:968)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: OpenSSL_version_num
>> referenced by tls.c:1202 (/usr/src/contrib/sendmail/src/tls.c:1202)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: OPENSSL_sk_num
>> referenced by ssl.h:946 (/usr/include/openssl/ssl.h:946)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: SSL_CTX_set_options
>> referenced by tls.c:1210 (/usr/src/contrib/sendmail/src/tls.c:1210)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: DH_set0_pqg
>> referenced by tls.c:152 (/usr/src/contrib/sendmail/src/tls.c:152)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: DH_set0_pqg
>> referenced by tls.c:93 (/usr/src/contrib/sendmail/src/tls.c:93)
>>               tls.o:(inittls)

/usr/bin/ld: error: undefined symbol: SSL_CTX_set_options
>> referenced by tls.c:1304 (/usr/src/contrib/sendmail/src/tls.c:1304)
>>               tls.o:(inittls)
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** Error code 1

Stop.
make: stopped in /usr/src/usr.sbin/sendmail
```


----------



## faded (Mar 15, 2019)

To get this to work in FreeBSD 12, you can't have the openssl version from ports installed.   I was having the same issue until I uninstalled the openssl port, then it compiled just fine.


----------



## marcinkk (Jun 19, 2019)

With openssl111 from ports also compiles fine. If you use thos version of openssl you should add to /etc/make.conf:

```
DEFAULT_VERSIONS+=ssl=openssl111
```


----------



## MrWu (Jan 8, 2020)

According to the latest UPDATING in ports:

_"The openssl port was removed on 2019-12-31, subsequently the openssl111 port was renamed to openssl on 2020-01-01"_

So from now on, following the instructions in the handbook should work just fine if you have this in /etc/make.conf:


```
DEFAULT_VERSIONS+=ssl=openssl
```

(at least it worked for me here upgrading from 11.3 to 12-STABLE)


----------

