Re: asmtp 587 - quickie faq submission

From: Lupe Christoph (lupe@lupe-christoph.de)
Date: 09/11/02


Date: Wed, 11 Sep 2002 18:54:43 +0200
To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
From: lupe@lupe-christoph.de (Lupe Christoph)

On Wednesday, 2002-09-11 at 09:16:22 -0700, Gregory Neil Shapiro wrote:
> lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file
> lupe> Chmodding to 600 gives:
> lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied
> lupe> Sigh.

> It shouldn't, assuming it is owned by root (which is should be).

It's not:
-rw-r----- 1 cyrus mail 16384 Sep 11 17:32 /usr/local/etc/sasldb.db

> Instead of the chmod, you can also use this in your .mc file:

> define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl

... and sendmail will fall on it's face because of the ownership,
I'd guess.

> lupe> But when I edit /etc/mail/sendmail.cf:
> lupe> -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
> lupe> +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

> Don't hand edit a .cf file, use the .mc file. For example:

For small tweaks, I do. For bigger things (and in the end, ASMTP would
probably fall in this category), I don't.

> define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5')dnl

> lupe> I would *very much* appreciate if anybody who is in a situation that
> lupe> allows to test this would do so.

> You can visit http://test.smtp.org/ if you need a machine to test against.

Sorry, it's not lack of a host to speak ASMTP with, at least for the
client side, I can do this with my ISPs mail relay. It's because all the
FreeBSD boxen I have are Firewalls and I don't want to experiment too
much on them (my own firewall is OK for local tests). I was hoping
somebody had a desktop box or so to play with.

Lupe Christoph

-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message