Well, after some tweaking, I finally have sendmail working with SASL.

Because I found almost nothing on this, I'll post it here so the search engines
will pick it up.

Getting the Software
--------------------
First, go get sendmail, I am using sendmail-8.11.0, it has better integration of
SASL then sendmail-8.10.x releases.

Second, get openssl 0.9.5a, this is very specific! It's the only version I could
get to work with sendmail and sasl.

Third, get cyrus-sasl-1.5.24. There is a bug in configure.in It detectes
openssl, but for some reason the logic selects -lcrypto then resets it to -ldes.
See the compile section for a patch.

Compiling the software
----------------------
First, compile openssl, you can do this by hand or get my RPM/SRPM. Make sure
you install the development package. It will be needed in the next steps.  

Second, compile cyrus-sasl, you can do this by hand or get my RPM/SRPM. If
you compile by hand, make sure you apply the below patch to fix the library
problem.

--- cyrus-sasl-1.5.24/configure.in      Thu Jul 20 21:35:01 2000
+++ cyrus-sasl-1.5.24.samurai/configure.in      Fri Aug 11 18:13:23 2000
@@ -378,7 +378,7 @@

 if test "$with_des" != no; then
   AC_DEFINE(WITH_DES)
-  LIB_DES="-ldes"
+#  LIB_DES="-ldes"
 fi

 AC_SUBST(LIB_DES)


Third, compile sendmail. I highly recommend getting my RPM/SRPM. If you compile
by hand you will need all of RedHat's patches (too many to list) and my patch to
activate SASL. Since my patch is based off of RedHat's patches there are some
dependancies that make this a whole lot easier if you just grab my RPMS.

If you don't trust me :-P, you can grab RedHat's base sendmail RPM, rev it up to
8.11.x and apply this patch.

--- sendmail-8.11.0.samurai/redhat.config.m4    Fri Aug 11 03:45:04 2000
+++ sendmail-8.11.0/redhat.config.m4    Fri Aug 11 03:48:21 2000
@@ -1,6 +1,6 @@
-define(`confMAPDEF', `-DNEWDB -DNIS')
-define(`confENVDEF', `$(RPM_OPT_FLAGS) -DXDEBUG=0')
-define(`confLIBS', `-lnsl')
+define(`confMAPDEF', `-DNEWDB -DNIS')
+define(`confENVDEF', `$(RPM_OPT_FLAGS) -DXDEBUG=0 -DSASL')
+define(`confLIBS', `-lnsl -lsasl')
 define(`confLDOPTS', `-s')
 define(`confMANOWN', `root')
 define(`confMANGRP', `root')

Configuring sendmail to use SASL
--------------------------------
At this point, sendmail's web site does a very good job explaining the details
of configuring sendmail to use SASL. 

Read these URLs over:

http://www.sendmail.org/~ca/email/auth.html
http://www.sendmail.org/~ca/email/starttls.html
http://www.sendmail.org/~ca/email/cyrus/sysadmin.html

The biggest test is the 'telnet mailserver 25' and the 'ehlo localhost' SMTP
conversion. Make sure you get the 'AUTH <support auth schemes>' listed. Here is
the output from my SMTP server:

% telnet mail 25
Trying 192.168.252.8...
Connected to mail.real-time.com.
Escape character is '^]'.
220 mail.real-time.com ESMTP Sendmail 8.11.0/8.10.2; Sat, 12 Aug 2000
18:34:42 -0500
ehlo localhost
250-mail.real-time.com Hello IDENT:tanner at mail.real-time.com
[192.168.252.7], pleased to meet you
250-ENHANCEDSTATUSCODES
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250-AUTH DIGEST-MD5 CRAM-MD5
250 HELP

Mail clients that support AUTH SMTP
----------------------------------
Sendmail's web site has a great list of MUA that are supported:

http://www.sendmail.org/~ca/email/mel/SASL_ClientRef.html

Drop the mailing list any questions so we can share the troubles AND the
solutions.

Thanks.

-- 
Bob Tanner <tanner at real-time.com>       | Phone : (612)943-8700
http://www.mn-linux.org                 | Fax   : (612)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org