From owner-freebsd-questions@FreeBSD.ORG Mon Apr 28 20:03:27 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD82337B401; Mon, 28 Apr 2003 20:03:27 -0700 (PDT) Received: from rigel.orionsys.com (rigel.orionsys.com [64.7.181.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F3D343F75; Mon, 28 Apr 2003 20:03:26 -0700 (PDT) (envelope-from dbabler@rigel.orionsys.com) Received: from rigel.orionsys.com (dbabler@localhost [127.0.0.1]) by rigel.orionsys.com (8.12.9/8.12.9) with ESMTP id h3T33Ofp058130; Mon, 28 Apr 2003 20:03:24 -0700 (PDT) (envelope-from dbabler@rigel.orionsys.com) X-Envelope-From: dbabler@rigel.orionsys.com X-Envelope-To: freebsd-questions@freebsd.org X-Envelope-Host: freebsd.org. Received: from localhost (dbabler@localhost)h3T33NRZ058127; Mon, 28 Apr 2003 20:03:24 -0700 (PDT) (envelope-from dbabler@rigel.orionsys.com) Date: Mon, 28 Apr 2003 20:03:23 -0700 (PDT) From: David Babler To: FreeBSD Questions List Message-ID: <20030428184857.V33294@rigel.orionsys.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-ports@freebsd.org Subject: Cyrus-SASL + sendmail 8.12.9 + "group writable file" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2003 03:03:28 -0000 Basic problem: sendmail errors with permissions/ownerships on /usr/local/etc/sasldb Symptom: maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group readable file" I'm getting pretty frustrated trying to find the secret handshake to make this work. Searches of the archives for this problem produce lots of hits, but few answers - and no answers that make this work. OS: FreeBSD 4.8-RC Sendmail: 8.12.9 /etc/make.conf SENDMAIL_CFLAGS+= -I/usr/local/include/sasl1 -DSASL SENDMAIL_LDFLAGS+= -L/usr/local/lib SENDMAIL_LDADD+= -lsasl And a CVSUP and make world was recently done (and repeated today for good measure) after those options were set. Sendmail had also been built prior to that with those options with the last patched 8.12.8 following the CERT advisory. Installed Cyrus-SASL 1.5.28 from the ports collection. My sendmail.mc file contains (as per the ASMTP FAQ): define(`confRUN_AS_USER',`root:mail')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN')dnl And yes, the ODontBlameSendmail appears in the generated sendmail.cf file. As appears in the various archived times this question has come up, changing permissions and ownerships only move the error from group read errors to access denied errors. For ownerships of the database file, I've tried: cyrus:mail (as installed by the port) root:mail root:wheel smmsp:mail cyrus:smmsp both with and without group read permissions. In short, none of those permutations work. The truly weird part is that the DontBlameSendmail option is not being honored, and I have NO idea why not. -Dave