From owner-freebsd-isp@FreeBSD.ORG Sat Aug 23 20:42:49 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CCBD16A4BF for ; Sat, 23 Aug 2003 20:42:49 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E36643FD7 for ; Sat, 23 Aug 2003 20:42:45 -0700 (PDT) (envelope-from hetzelsw@westbend.net) Received: from ADMIN00 (admin00.westbend.net [216.47.253.17]) by mail.westbend.net (8.12.9/8.12.9) with SMTP id h7O3gbqP005691; Sat, 23 Aug 2003 22:42:38 -0500 (CDT) (envelope-from hetzelsw@westbend.net) Message-ID: <018e01c369f1$c439e830$11fd2fd8@westbend.net> From: "Scot W. Hetzel" To: "Sean Ellis" , References: <115133702237.20030823105257@telus.net> <00f801c369a6$2c3bf3c0$11fd2fd8@westbend.net> <21137037938.20030823114832@telus.net> <4151151969.20030823154344@telus.net> Date: Sat, 23 Aug 2003 22:42:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=0.0 required=8.0 tests=QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_03_05, USER_AGENT_OE version=2.43 Subject: Re: sendmail sasl configuration X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2003 03:42:49 -0000 From: "Sean Ellis" > >>> and the following log error appears when restarting sendmail: > >>> > >>> error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied > > Thanks for all the suggestions. > > I've made a huge leap forward after starting /usr/local/sbin/pwcheck, > which I'd missed in all the excitement. > You need to use either the pwcheck or the saslauthd to authenticate users from your password file. You should switch to the saslauthd, as the pwcheck daemon has been removed the Cyrus-SASL V2. > I get relaying now: > > Aug 23 16:09:29 XXX sm-mta[54776]: AUTH=server, relay=boi4263cy38nf.bc.hsia.telus.net [216.232.133.79], > authid=testuser, mech=LOGIN, bits=0 > > which I imagine indicates a plain text exchange. I still get the error below. > > error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied > > Is /usr/local/etc/sasldb.db required when authenticating against > /etc/passwd? > The sasldb.db file is not required for PLAIN or LOGIN mechs, but if you want to use DIGEST-MD5 or CRAM-MD5 for authentication, then you will need to use the saslpasswd program to add the users to the sasldb.db file. Add theses flags to your sendmail startup script: -O LogLevel=14 -d44.4 This will create additional output on each file and directories that sendmail tries to access. Check the permissions for the /usr, /usr/local/, /usr/local/etc/ directories. Making sure that sendmail has read access to these directories. Scot