OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lupe Christoph (lupe_at_lupe-christoph.de)
Date: Wed Sep 11 2002 - 11:10:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Wednesday, 2002-09-11 at 17:30:03 +0200, lupe wrote:

    > We still need an explanation for sendmail! I found nothing better than
    > http://www.sendmail.org/~ca/email/auth.html which doesn't look very
    > /usr/friendly to me ;-)

    > The default sendmail in FreeBSD is not compiled with SASL and does not
    > do ASMTP. I suppose one must install the sendmail-sasl port for this.
    > I'm doing that next, but can't test very much with it, due to my setup.

    Ok, I've installed the port. First thing /usr/local/sbin/sendmail
    complains about:
    error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file
    Chmodding to 600 gives:
    error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied
    Sigh.

    But when I edit /etc/mail/sendmail.cf:
    -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
    +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
    I get an offer for plaintext AUTH by sendmail. And *only* plaintext
    AUTH. The other mechanism have probably been disabled because of the
    problem with /usr/local/etc/sasldb.db.

    So I suppose one can say that installing the sendmail-sasl port, and
    editing /etc/mail/sendmail.cf will suffice to enable ASMTP.

    I would *very much* appreciate if anybody who is in a situation that
    allows to test this would do so.

    Until we have better data, I'd propose to put this in the FAQ:

    *) How do I enable ASMTP with sendmail?
       You must install the sendmail-sasl port, and replace the default
       sendmail with the one from that port. Either edit
       /etc/mail/sendmail.cf to allow PLAIN AUTH (change AuthMechanisms to
       contain PLAIN), or create a new sendmail.cf.

       Some help for this can be obtained from:
       http://www.sendmail.org/~ca/email/auth.html

       The FAQ authors would appreciate a report from somebody who has
       actually used sendmail with ASMTP to augment this entry.

    Lupe Christoph 

    -- 
| lupelupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message