Category Archives: Sendmail

FreeBSD 10 source tree missing /usr/src/

I recently installed FreeBSD 10, as I broke my server by trying to install a 32bit ESET av, which is actually all they provide for FreeBSD. Anyway, I couldn’t see anything in the source /usr/src/ so I tried to install it using sysinstall.

# sysinstall
bash: sysinstall: command not found

sysinstall for FreeBSD 10 has been replaced by bsdinstall now, but looking at that it only provides facility to partition. After some reading I found this thread – http://forums.freebsd.org/viewtopic.php?t=29172

I also read this – https://www.freebsd.org/doc/handbook/svn.html

You need to install subversion first –

# cd /usr/ports/devel/subversion

# make install clean

Once you have this installed, you can do a checkout, but you need to find the version of FreeBSD first –

 

# uname -a

FreeBSD mymailfilter.richsphere.local 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

Check here for the link –

https://svn0.us-west.FreeBSD.org/base/releng/

Mine would be https://svn0.us-west.freebsd.org/base/releng/10.0/

So I ran this – svn checkout https://svn0.us-west.freebsd.org/base/releng/10.0/ /usr/src/

You will need to accept the security certificate on first go.

In my case I needed this to compile sendmail with ssl support, which is a post I created some time ago. You’re welcome to read that, if you need, here — http://richsphere.co.uk/?p=23

 

Thanks for reading!

 

Installing TLS for Sendmail on FreeBSD

Installing TLS on sendmail Freebsd  –

cd /usr/ports/security/cyrus-sasl2-saslauthd && make install

echo ‘saslauthd_enable=”YES”‘ >> /etc/rc.conf

Start the saslauthd –

/usr/local/etc/rc.d/saslauthd.sh start

Changing sendmail build options –

vi /etc/make.conf

#Add the following –

# SASL (cyrus-sasl v2) sendmail build flags…

SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2

SENDMAIL_LDFLAGS=-L/usr/local/lib

SENDMAIL_LDADD=-lsasl2

# Adding to enable alternate port (smtps) for sendmail…

SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL

 

Once you have all this in place, it’s time to recompile sendmail.

cd /usr/src/lib/libsmutil && make cleandir && make obj && make

cd /usr/src/lib/libsm && make cleandir && make obj && make

cd /usr/src/usr.sbin/sendmail && make cleandir && make obj && make && make install

 

I added my certificates in /etc/mail/certs.

So –

mkdir /etc/mail/certs

add your certificate files in here. A wildcard domain certificate is usually the best to grab.

chmod -R 600 /etc/mail/certs/*

Make sure sendmail is using saslauthd for authentication in /usr/local/lib/sasl2/Sendmail.conf –

pwcheck_method: saslauthd

 

We then need to add the following details on your fqdn.mc file located within /etc/mail/ directory –

 

define(`confAUTH_MECHANISMS’,`PLAIN LOGIN’)dnl

TRUST_AUTH_MECH(`PLAIN LOGIN’)dnl

define(`CERT_DIR’, `/etc/mail/certs’)dnl

define(`confCACERT_PATH’, `CERT_DIR’)dnl

define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)dnl

define(`confSERVER_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confSERVER_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

define(`confCLIENT_CERT’, `CERT_DIR/your_certificate.pem’)dnl

define(`confCLIENT_KEY’, `CERT_DIR/your_wildcard_key.key’)dnl

DAEMON_OPTIONS(`Port=smtp, Name=MTA’)dnl

DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s’)dnl

 

You want to download the ca-bundle.crt from google or here – http://certifie.com/ca-bundle/ca-bundle.crt.txt

cd /etc/mail && make all install restart