Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Nov 2000 23:06:53 -0600 (CST)
From:      "Scot W. Hetzel" <hetzels@westbend.net>
To:        FreeBSD-gnats-submit@freebsd.org, hetzels@westbend.net
Subject:   ports/23149: security/cyrus-sasl update Sendmail.README (MAINTAINER)
Message-ID:  <200011280506.eAS56rt33864@mail.westbend.net>
next in thread | raw e-mail | index | archive | help 

>Number:         23149
>Category:       ports
>Synopsis:       Update Sendmail.README in security/cyrus-sasl (MAINTAINER)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 27 21:10:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     System Administrator
>Release:        FreeBSD 4.2-BETA i386
>Organization:
West Bend Internet
>Environment:


>Description:

	The port installs sasldb with permissins of 640 and owned by cyrus and group
	mail.  When sendmail is compiled with SASL it complains with:

	     error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file

	when trying to access the sasldb database.

>How-To-Repeat:

>Fix:

	The attached patch to the Sendmail.README instructions explains how to enable
	the GroupReadableSASLFile option for DONT_BLAME_SENDMAIL.

diff -ruN cyrus-sasl.orig/files/Sendmail.README cyrus-sasl/files/Sendmail.README
--- cyrus-sasl.orig/files/Sendmail.README	Tue Sep 19 20:34:45 2000
+++ cyrus-sasl/files/Sendmail.README	Mon Nov 27 22:14:43 2000
@@ -2,10 +2,10 @@
 
 1) Add the following to  /etc/make.conf:
 
-# Add SMTP AUTH support to Sendmail
-SENDMAIL_CFLAGS+=	-DSASL -I/usr/local/include/sasl
-SENDMAIL_LDFLAGS+=	-L/usr/local/lib
-SENDMAIL_LDADD+=	-lsasl
+    # Add SMTP AUTH support to Sendmail
+    SENDMAIL_CFLAGS+=	-I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL
+    SENDMAIL_LDFLAGS+=	-L/usr/local/lib
+    SENDMAIL_LDADD+=	-lsasl
 
 2) Rebuild FreeBSD (make buildworld, ...)
 
@@ -13,3 +13,28 @@
 
    pwcheck_method: pwcheck
 
+4) Add the following to your sendmail.mc file:
+
+   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl
+
+ ----
+
+   Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
+   These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
+   seperated list.  You may want to restrict LOGIN, and PLAIN authentication
+   methods for use with STARTTLS, as the password is not encrypted when
+   passed to sendmail.
+
+   LOGIN is required for Outlook Express users.  "My server requires
+   authentication" needs to be checked in the accounts properties to 
+   use SASL Authentication.
+
+   PLAIN is required for Netscape Communicator users.  By default Netscape
+   Communicator will use SASL Authentication when sendmail is compiled with
+   SASL.
+
+   The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you
+   are using cyrus-imapd and sendmail on the same server that requires access
+   to the sasldb database.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011280506.eAS56rt33864>