Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Sep 2002 18:54:43 +0200
From:      lupe@lupe-christoph.de (Lupe Christoph)
To:        Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
Cc:        Greg Panula <greg.panula@dolaninformation.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: asmtp 587 - quickie faq submission
Message-ID:  <20020911165443.GG19536@lupe-christoph.de>
In-Reply-To: <15743.27734.838400.235126@horsey.gshapiro.net>
References:  <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de> <20020911161018.GE19536@lupe-christoph.de> <15743.27734.838400.235126@horsey.gshapiro.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 2002-09-11 at 09:16:22 -0700, Gregory Neil Shapiro wrote:
> lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file
> lupe> Chmodding to 600 gives:
> lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied
> lupe> Sigh.

> It shouldn't, assuming it is owned by root (which is should be).

It's not:
-rw-r-----  1 cyrus  mail  16384 Sep 11 17:32 /usr/local/etc/sasldb.db

> Instead of the chmod, you can also use this in your .mc file:

> define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl

... and sendmail will fall on it's face because of the ownership,
I'd guess.

> lupe> But when I edit /etc/mail/sendmail.cf:
> lupe> -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
> lupe> +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

> Don't hand edit a .cf file, use the .mc file.  For example:

For small tweaks, I do. For bigger things (and in the end, ASMTP would
probably fall in this category), I don't.

> define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5')dnl

> lupe> I would *very much* appreciate if anybody who is in a situation that
> lupe> allows to test this would do so.

> You can visit http://test.smtp.org/ if you need a machine to test against.

Sorry, it's not lack of a host to speak ASMTP with, at least for the
client side, I can do this with my ISPs mail relay. It's because all the
FreeBSD boxen I have are Firewalls and I don't want to experiment too
much on them (my own firewall is OK for local tests). I was hoping
somebody had a desktop box or so to play with.

Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020911165443.GG19536>