Date: Wed, 11 Sep 2002 18:10:18 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: Greg Panula <greg.panula@dolaninformation.com> Cc: freebsd-security@freebsd.org Subject: Re: asmtp 587 - quickie faq submission Message-ID: <20020911161018.GE19536@lupe-christoph.de> In-Reply-To: <20020911153003.GD19536@lupe-christoph.de> References: <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 2002-09-11 at 17:30:03 +0200, lupe wrote: > We still need an explanation for sendmail! I found nothing better than > http://www.sendmail.org/~ca/email/auth.html which doesn't look very > /usr/friendly to me ;-) > The default sendmail in FreeBSD is not compiled with SASL and does not > do ASMTP. I suppose one must install the sendmail-sasl port for this. > I'm doing that next, but can't test very much with it, due to my setup. Ok, I've installed the port. First thing /usr/local/sbin/sendmail complains about: error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file Chmodding to 600 gives: error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied Sigh. But when I edit /etc/mail/sendmail.cf: -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 I get an offer for plaintext AUTH by sendmail. And *only* plaintext AUTH. The other mechanism have probably been disabled because of the problem with /usr/local/etc/sasldb.db. So I suppose one can say that installing the sendmail-sasl port, and editing /etc/mail/sendmail.cf will suffice to enable ASMTP. I would *very much* appreciate if anybody who is in a situation that allows to test this would do so. Until we have better data, I'd propose to put this in the FAQ: *) How do I enable ASMTP with sendmail? You must install the sendmail-sasl port, and replace the default sendmail with the one from that port. Either edit /etc/mail/sendmail.cf to allow PLAIN AUTH (change AuthMechanisms to contain PLAIN), or create a new sendmail.cf. Some help for this can be obtained from: http://www.sendmail.org/~ca/email/auth.html The FAQ authors would appreciate a report from somebody who has actually used sendmail with ASMTP to augment this entry. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020911161018.GE19536>