From owner-freebsd-questions@FreeBSD.ORG Sat May 3 09:17:48 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29C1B37B401; Sat, 3 May 2003 09:17:48 -0700 (PDT) Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD16843F75; Sat, 3 May 2003 09:17:46 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from Admin02 (admin02.westbend.net [216.47.253.19]) by mail.westbend.net (8.12.9/8.12.9) with SMTP id h43GHcdR033759; Sat, 3 May 2003 11:17:42 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <016201c3118f$89ae1a70$13fd2fd8@Admin02> From: "Scot W. Hetzel" To: "Hajimu UMEMOTO" References: <20030428184857.V33294@rigel.orionsys.com><005a01c31043$2b360680$13fd2fd8@Admin02> Date: Sat, 3 May 2003 11:17:14 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-Spam-Status: No, hits=0.0 required=8.0 tests=QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_03_05, USER_AGENT_OE version=2.43 cc: gshapiro@freebsd.org cc: FreeBSD Questions List cc: freebsd-ports@freebsd.org Subject: Re: Cyrus-SASL + sendmail 8.12.9 + "group writable file" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2003 16:17:48 -0000 From: "Hajimu UMEMOTO" > >>>>> "Scot W. Hetzel" said: > > hetzels> From: "David Babler" > > Basic problem: sendmail errors with permissions/ownerships on > > /usr/local/etc/sasldb > > > > Symptom: > > maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group > > readable file" > > > > > hetzels> We found the problem, the initial sendmail mail submission program was > hetzels> causing these errors to occur when sending mail from the local system. To > So far I could only duplicate this problem when using PINE (mail/pine4) to send the e-mail. I was unable to get the problem to occur with the mail or sendmail commands. I also tried telneting to ports 25 & 587 to send a test message and the problem didn't occur either (I didn't use the AUTH mech command, as I wasn't sure how to enter the user name & password for the PLAIN or LOGIN mechs). > Though I'm using SASL2 and not tested SASL1, I cannot see such > problem. I think that MSP doesn't see sasldb2? unless you do enable > SMTP AUTH in submit.mc, and you don't need to have such configuration > by MSP. > No changes were made to the [freebsd.,]submit.mc files as installed from the FreeBSD sources. > hetzels> solve this problem you need to put the following into the submit.mc file > hetzels> that you use on your system (i.e. freebsd.submit.mc): > > hetzels> define(`confRUN_AS_USER',`smmsp:mail')dnl > > This is odd. The sendmail binary is not setuid to root, anymore. I > believe sendmail as MSP cannot change its user unless invoking from > root. > The feature/msp.m4 file by default defines confRUN_AS_USER to the smmsp user, we needed to add the group 'mail' so that we wouldn't get a permission error on the sasldb file, since this file is set cyrus:mail and perms 640. This is the only reason for specifing group mail. Scot