From owner-freebsd-questions@FreeBSD.ORG Sat May 3 07:17:58 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B32537B401; Sat, 3 May 2003 07:17:58 -0700 (PDT) Received: from cheer.mahoroba.org (flets19-099.kamome.or.jp [218.45.19.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F56F43F3F; Sat, 3 May 2003 07:17:56 -0700 (PDT) (envelope-from ume@mahoroba.org) Received: from lyrics.mahoroba.org (IDENT:RSdRUEefMt/f3j7CTvVjiK1qe5PpclZ1oh3xxM11XGGAcu1nnPcTMZrPZFkpAHj+@[IPv6:2002:d2c4:6a6::1]) (user=ume mech=CRAM-MD5 bits=0)h43EHZ4n015360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 3 May 2003 23:17:44 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Sat, 03 May 2003 23:17:36 +0900 Message-ID: From: Hajimu UMEMOTO To: "Scot W. Hetzel" In-Reply-To: <005a01c31043$2b360680$13fd2fd8@Admin02> References: <20030428184857.V33294@rigel.orionsys.com> <005a01c31043$2b360680$13fd2fd8@Admin02> User-Agent: xcite1.38> Wanderlust/2.11.0 (Wonderwall) SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.4 Emacs/21.3 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 5.0-CURRENT MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) X-Spam-Status: No, hits=-19.6 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: gshapiro@FreeBSD.org cc: FreeBSD Questions List cc: freebsd-ports@freebsd.org Subject: Re: Cyrus-SASL + sendmail 8.12.9 + "group writable file" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2003 14:17:58 -0000 Hi, # I added CC: gshapiro who is the maintainer of sendmail. >>>>> On Thu, 1 May 2003 19:38:36 -0500 >>>>> "Scot W. Hetzel" said: hetzels> From: "David Babler" > Basic problem: sendmail errors with permissions/ownerships on > /usr/local/etc/sasldb > > Symptom: > maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group hetzels> readable file" > > hetzels> We found the problem, the initial sendmail mail submission program was hetzels> causing these errors to occur when sending mail from the local system. To Though I'm using SASL2 and not tested SASL1, I cannot see such problem. I think that MSP doesn't see sasldb2? unless you do enable SMTP AUTH in submit.mc, and you don't need to have such configuration by MSP. hetzels> solve this problem you need to put the following into the submit.mc file hetzels> that you use on your system (i.e. freebsd.submit.mc): hetzels> define(`confRUN_AS_USER',`smmsp:mail')dnl This is odd. The sendmail binary is not setuid to root, anymore. I believe sendmail as MSP cannot change its user unless invoking from root. hetzels> define(`confTRUSTED_USER',`smmsp')dnl hetzels> define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl hetzels> NOTE: You must define confTRUSTED_USER, otherwise you will get an error in hetzels> the log (readcf: option TrustedUser: unknown user smmsp:mail). This is hetzels> caused by FEATURE(msp) defines confTRUSTED_USER using the confRUN_AS_USER hetzels> value if not defined. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/