From owner-freebsd-security Wed Sep 11 9:10:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAE5D37B400 for ; Wed, 11 Sep 2002 09:10:29 -0700 (PDT) Received: from antalya.lupe-christoph.de (pD9E880CA.dip0.t-ipconnect.de [217.232.128.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id C816C43E7B for ; Wed, 11 Sep 2002 09:10:27 -0700 (PDT) (envelope-from lupe@lupe-christoph.de) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 99A735E9; Wed, 11 Sep 2002 18:10:18 +0200 (CEST) Date: Wed, 11 Sep 2002 18:10:18 +0200 To: Greg Panula Cc: freebsd-security@freebsd.org Subject: Re: asmtp 587 - quickie faq submission Message-ID: <20020911161018.GE19536@lupe-christoph.de> References: <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020911153003.GD19536@lupe-christoph.de> User-Agent: Mutt/1.4i From: lupe@lupe-christoph.de (Lupe Christoph) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wednesday, 2002-09-11 at 17:30:03 +0200, lupe wrote: > We still need an explanation for sendmail! I found nothing better than > http://www.sendmail.org/~ca/email/auth.html which doesn't look very > /usr/friendly to me ;-) > The default sendmail in FreeBSD is not compiled with SASL and does not > do ASMTP. I suppose one must install the sendmail-sasl port for this. > I'm doing that next, but can't test very much with it, due to my setup. Ok, I've installed the port. First thing /usr/local/sbin/sendmail complains about: error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file Chmodding to 600 gives: error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied Sigh. But when I edit /etc/mail/sendmail.cf: -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 I get an offer for plaintext AUTH by sendmail. And *only* plaintext AUTH. The other mechanism have probably been disabled because of the problem with /usr/local/etc/sasldb.db. So I suppose one can say that installing the sendmail-sasl port, and editing /etc/mail/sendmail.cf will suffice to enable ASMTP. I would *very much* appreciate if anybody who is in a situation that allows to test this would do so. Until we have better data, I'd propose to put this in the FAQ: *) How do I enable ASMTP with sendmail? You must install the sendmail-sasl port, and replace the default sendmail with the one from that port. Either edit /etc/mail/sendmail.cf to allow PLAIN AUTH (change AuthMechanisms to contain PLAIN), or create a new sendmail.cf. Some help for this can be obtained from: http://www.sendmail.org/~ca/email/auth.html The FAQ authors would appreciate a report from somebody who has actually used sendmail with ASMTP to augment this entry. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message