dnl $Id: site.config.m4,v 1.1 2004/01/22 19:27:47 jmates Exp $ dnl dnl The author disclaims all copyrights and releases this document dnl into the public domain. dnl dnl Sample site.config.m4 file for building sendmail 8.12 on *BSD. dnl (Readily adaptible to other sendmail versions and systems.) dnl dnl This file adds support for various random features I like to enable dnl in my sendmail, plus documentation and links. More comprehensive dnl site.config.m4's can be found in the comp.mail.sendmail usenet list dnl archives. Consider this document a starting point for compiling dnl sendmail for your system. dnl dnl To use this file, copy it into the devtools/Site/ directory under dnl your Sendmail's source directory, then run the commands necessary to dnl build & install sendmail (see INSTALL file in source directory) dnl dnl Updated versions of this file can be found at: dnl http://sial.org/sendmail/ dnl systems that randomize PIDs need this (e.g. OpenBSD) APPENDDEF(`confENVDEF', `-DFAST_PID_RECYCLE') dnl for IPv6 support... APPENDDEF(`confENVDEF', `-DNETINET6') dnl external filter support (for 8.12) APPENDDEF(`confENVDEF', `-DMILTER') APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE') dnl MILTER does not pass the {verify} macro by default for checking dnl on the status of TLS encrypted email in milter programs, uncomment dnl this to get access to {verify} dnl define(`confMILTER_MACROS_HELO', ``{tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}, {verify}'') dnl Load Average support. see sendmail/README for more details, dnl and the sendmail/conf.h for platform defaults. dnl dnl this is for *BSD systems. use LA_PROCSTR on Linux. APPENDDEF(`confENVDEF', `-DLA_TYPE=LA_SUBR') dnl regex to support Header-parsing rules of various kinds, e.g. to do dnl quick-fix blocking on the latest Microsoft email worms. dnl dnl regex is optional, and needs a regex library to build against, dnl which the modern *BSD and (major?) Linux distributions ship with. APPENDDEF(`confMAPDEF', `-DMAP_REGEX') dnl sfio-1999 support in order to support STARTTLS on sendmail dnl releases prior to 8.12. On *BSD systems, enable the dnl -D_FFR_TLS_TOREK option to build TLS support for sendmail 8.11 dnl instead of using sfio: dnl http://www.sendmail.org/~ca/email/tricks.html dnl dnl APPENDDEF(`confINCDIRS', `-I/usr/local/include/sfio') dnl define(`confSTDIO_TYPE', `portable') dnl APPENDDEF(`confENVDEF', `-DSFIO') dnl APPENDDEF(`confLIBS', `-lsfio') dnl SMTP AUTH support (users good, spammers bad), requires cyrus-sasl dnl to be installed on the system first. dnl http://www.sendmail.org/~ca/email/auth.html APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl') APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl') APPENDDEF(`confENVDEF', `-DSASL') APPENDDEF(`confLIBS', `-lsasl') dnl Linux tends to need following instead to avoid OpenSSL functions dnl from co-opting SASL ones... dnl APPENDDEF(`confLIBS', `-lsasl -lcrypt') dnl the _FFR_SASL_OPTS allows us to set AUTH_OPTIONS to disallow LOGIN dnl and PLAIN over non-TLS links (prevents plaintext password dnl exposure, unless you are using IPSec or something) APPENDDEF(`confENVDEF', `-D_FFR_SASL_OPTS') define(`confAUTH_OPTIONS', `p') dnl STARTTLS support (link integrity, privacy and security), requires dnl OpenSSL to be installed on system first. dnl http://www.sendmail.org/~ca/email/starttls.html APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib') APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include') APPENDDEF(`confENVDEF', `-DSTARTTLS') APPENDDEF(`confLIBS', `-lssl -lcrypto') dnl _FFR_SMTP_SSL option allows use of 'smtps' for connections using dnl TLS without STARTTLS upwards-negotiation. You will also need to dnl configure a new daemon to live at "smtps" port APPENDDEF(`confENVDEF', `-D_FFR_SMTP_SSL') dnl DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s') dnl additional TLS options, like CipherList dnl http://www.sendmail.org/~ca/email/tricks.html has (sparse) details APPENDDEF(`confENVDEF', `-D_FFR_TLS_1') dnl tcp_wrappers support (could slow sendmail down, as libwrap has to dnl do it's own DNS queries to figure out whether the host is allowed dnl or not, and on a paranoid system forces the addition of a dnl dnl sendmail: ALL dnl dnl line to /etc/hosts.allow for mail to work. APPENDDEF(`confENVDEF', `-DTCPWRAPPERS') APPENDDEF(`conf_sendmail_LIBS', `-lwrap') dnl LDAP support dnl APPENDDEF(`confENVDEF', `-DLDAPMAP') dnl APPENDDEF(`confLIBS', `-lldap') dnl APPENDDEF(`confLIBS', `-llber') dnl check if your system have /dev/urandom remove this if you don't dnl have urandom(4) dnl dnl safe to leave this commented out on *BSD/Linux systems; will need dnl it on systems that do not detect /dev/urandom properly dnl (e.g. Mac OS X, Solaris) dnl APPENDDEF(`confENVDEF', `-DHASURANDOMDEV') dnl misc library and include paths... APPENDDEF(`confLIBDIRS', `-L/opt/lib') APPENDDEF(`confLIBDIRS', `-L/usr/lib') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib') APPENDDEF(`confINCDIRS', `-I/opt/include') APPENDDEF(`confINCDIRS', `-I/usr/include') APPENDDEF(`confINCDIRS', `-I/usr/local/include')