Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 03 May 2003 23:17:36 +0900
From:      Hajimu UMEMOTO <ume@mahoroba.org>
To:        "Scot W. Hetzel" <hetzels@westbend.net>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: Cyrus-SASL + sendmail 8.12.9 + "group writable file"
Message-ID:  <yged6j0dshr.wl%ume@mahoroba.org>
In-Reply-To: <005a01c31043$2b360680$13fd2fd8@Admin02>
References:  <20030428184857.V33294@rigel.orionsys.com> <005a01c31043$2b360680$13fd2fd8@Admin02>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

# I added CC: gshapiro who is the maintainer of sendmail.

>>>>> On Thu, 1 May 2003 19:38:36 -0500
>>>>> "Scot W. Hetzel" <hetzels@westbend.net> said:

hetzels> From: "David Babler" <dbabler@rigel.orionsys.com>
> Basic problem: sendmail errors with permissions/ownerships on
> /usr/local/etc/sasldb
>
> Symptom:
>  maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group
hetzels> readable file"
>
>
hetzels> We found the problem, the initial sendmail mail submission program was
hetzels> causing these errors to occur when sending mail from the local system.  To

Though I'm using SASL2 and not tested SASL1, I cannot see such
problem.  I think that MSP doesn't see sasldb2? unless you do enable
SMTP AUTH in submit.mc, and you don't need to have such configuration
by MSP.

hetzels> solve this problem you need to put the following into the submit.mc file
hetzels> that you use on your system (i.e. freebsd.submit.mc):

hetzels>     define(`confRUN_AS_USER',`smmsp:mail')dnl

This is odd.  The sendmail binary is not setuid to root, anymore.  I
believe sendmail as MSP cannot change its user unless invoking from
root.

hetzels>     define(`confTRUSTED_USER',`smmsp')dnl
hetzels>     define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

hetzels> NOTE:  You must define confTRUSTED_USER, otherwise you will get an error in
hetzels> the log (readcf: option TrustedUser: unknown user smmsp:mail).  This is
hetzels> caused by FEATURE(msp) defines confTRUSTED_USER using the confRUN_AS_USER
hetzels> value if not defined.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yged6j0dshr.wl%ume>