Date: Sun, 15 Sep 2002 14:24:40 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: Greg Panula <greg.panula@dolaninformation.com>, freebsd-security@FreeBSD.ORG Subject: Re: asmtp 587 - quickie faq submission Message-ID: <20020915122440.GF23222@lupe-christoph.de> In-Reply-To: <008e01c25b58$2a2eb930$11fd2fd8@ADMIN00> References: <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de> <20020911161018.GE19536@lupe-christoph.de> <008e01c25b58$2a2eb930$11fd2fd8@ADMIN00>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, 2002-09-13 at 14:02:52 -0500, Scot W. Hetzel wrote: > From: "Lupe Christoph" <lupe@lupe-christoph.de> > > On Wednesday, 2002-09-11 at 17:30:03 +0200, lupe wrote: > > > We still need an explanation for sendmail! I found nothing better than > > > http://www.sendmail.org/~ca/email/auth.html which doesn't look very > > > /usr/friendly to me ;-) > > > The default sendmail in FreeBSD is not compiled with SASL and does not > > > do ASMTP. I suppose one must install the sendmail-sasl port for this. > > > I'm doing that next, but can't test very much with it, due to my setup. > Or you can compile the default sendmail w/SASL support during a buildworld. The latest version of this is: Q: Ok, how about with Sendmail? A: To implement ASMTP, you must install a sendmail with SASL compiled in. This requires the installation of the cyrus-sasl port. You can then either recompile the system's sendmail as detailed in /etc/defaults/make.conf (look for SASL) or install the sendmail-sasl port, and replace the default sendmail with the one from that port. Add the following to your config.mc and recreate your sendmail.cf define(`confAUTH_MECHANISMS', `PLAIN DIGEST-MD5')dnl This allow use of Plain-text and DIGEST-MD5. Valid options are: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN Some help for this can be obtained from: http://www.sendmail.org/~ca/email/auth.html More background is contained in http://www.sendmail.org/~gshapiro/security.pdf > > Ok, I've installed the port. First thing /usr/local/sbin/sendmail > > complains about: > > error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file > > Chmodding to 600 gives: > > error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied > > Sigh. > Read PREFIX/doc/cyrus-sasl/Sendmail.README, It has all the information you > need to setup Sendmail w/SASL, and to configure the *.mc file. Greg, can you modify thusly, please: A: To implement ASMTP, you must install a sendmail with SASL compiled in. This requires the installation of the cyrus-sasl port. After you have installed cyrus-sasl, documentation for the modification of sendmail can be found in /usr/local/share/doc/cyrus-sasl/Sendmail.README. Starting with Sendmail 8.12, you can also use the security/cyrus-sasl2 port. The documentation for this version ends up in .../doc/cyrus-sasl2. You can then either recompile the system's sendmail as described in /usr/local/share/doc/cyrus-sasl*/Sendmail.README or in /etc/defaults/make.conf (look for SASL) or install the sendmail-sasl port, and replace the default sendmail with the one from that port. > Scot W. Hetzel > Cyrus-SASL v1 Maintainer The definitive source ;-) Thanks, Scot! Lupe -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020915122440.GF23222>