Re: asmtp 587 - quickie faq submission

From: Lupe Christoph (lupe@lupe-christoph.de)
Date: 09/11/02


Date: Wed, 11 Sep 2002 18:10:18 +0200
To: Greg Panula <greg.panula@dolaninformation.com>
From: lupe@lupe-christoph.de (Lupe Christoph)

On Wednesday, 2002-09-11 at 17:30:03 +0200, lupe wrote:

> We still need an explanation for sendmail! I found nothing better than
> http://www.sendmail.org/~ca/email/auth.html which doesn't look very
> /usr/friendly to me ;-)

> The default sendmail in FreeBSD is not compiled with SASL and does not
> do ASMTP. I suppose one must install the sendmail-sasl port for this.
> I'm doing that next, but can't test very much with it, due to my setup.

Ok, I've installed the port. First thing /usr/local/sbin/sendmail
complains about:
error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file
Chmodding to 600 gives:
error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied
Sigh.

But when I edit /etc/mail/sendmail.cf:
-#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
+O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
I get an offer for plaintext AUTH by sendmail. And *only* plaintext
AUTH. The other mechanism have probably been disabled because of the
problem with /usr/local/etc/sasldb.db.

So I suppose one can say that installing the sendmail-sasl port, and
editing /etc/mail/sendmail.cf will suffice to enable ASMTP.

I would *very much* appreciate if anybody who is in a situation that
allows to test this would do so.

Until we have better data, I'd propose to put this in the FAQ:

*) How do I enable ASMTP with sendmail?
   You must install the sendmail-sasl port, and replace the default
   sendmail with the one from that port. Either edit
   /etc/mail/sendmail.cf to allow PLAIN AUTH (change AuthMechanisms to
   contain PLAIN), or create a new sendmail.cf.

   Some help for this can be obtained from:
   http://www.sendmail.org/~ca/email/auth.html

   The FAQ authors would appreciate a report from somebody who has
   actually used sendmail with ASMTP to augment this entry.

Lupe Christoph

-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages