Date: Wed, 11 Sep 2002 18:54:43 +0200 From: lupe@lupe-christoph.de (Lupe Christoph) To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> Cc: Greg Panula <greg.panula@dolaninformation.com>, freebsd-security@FreeBSD.ORG Subject: Re: asmtp 587 - quickie faq submission Message-ID: <20020911165443.GG19536@lupe-christoph.de> In-Reply-To: <15743.27734.838400.235126@horsey.gshapiro.net> References: <002b01c25930$f4627270$0100a8c0@soap> <3D7F3726.958781C8@dolaninformation.com> <20020911153003.GD19536@lupe-christoph.de> <20020911161018.GE19536@lupe-christoph.de> <15743.27734.838400.235126@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 2002-09-11 at 09:16:22 -0700, Gregory Neil Shapiro wrote: > lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file > lupe> Chmodding to 600 gives: > lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied > lupe> Sigh. > It shouldn't, assuming it is owned by root (which is should be). It's not: -rw-r----- 1 cyrus mail 16384 Sep 11 17:32 /usr/local/etc/sasldb.db > Instead of the chmod, you can also use this in your .mc file: > define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl ... and sendmail will fall on it's face because of the ownership, I'd guess. > lupe> But when I edit /etc/mail/sendmail.cf: > lupe> -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 > lupe> +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 > Don't hand edit a .cf file, use the .mc file. For example: For small tweaks, I do. For bigger things (and in the end, ASMTP would probably fall in this category), I don't. > define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5')dnl > lupe> I would *very much* appreciate if anybody who is in a situation that > lupe> allows to test this would do so. > You can visit http://test.smtp.org/ if you need a machine to test against. Sorry, it's not lack of a host to speak ASMTP with, at least for the client side, I can do this with my ISPs mail relay. It's because all the FreeBSD boxen I have are Firewalls and I don't want to experiment too much on them (my own firewall is OK for local tests). I was hoping somebody had a desktop box or so to play with. Lupe Christoph -- | lupe@lupe-christoph.de | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020911165443.GG19536>