OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Raymond C. Rodgers (obsd_at_bbnk.dhs.org)
Date: Thu Jan 02 2003 - 00:35:23 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hmm... no comments on this? Theo? Beuller? Anyone?
    At 10:41 PM 12/27/2002, you wrote:
    >Hello everyone,
    > Today I started working on the challenge of getting my SendMail
    > installation configured to relay through my ISP's SMTP server which
    > requires authentication. I found tips here and there, and posted a
    > message to a pair of newsgroups about this, but I came up short.
    >
    > The apparent reason for its failure is that OpenBSD 3.2 by default
    > apparently doesn't include the SASL library which handles the SendMail
    > authentication support. I foolishly assumed that since OpenBSD 3.2
    > (-stable) includes SendMail 8.12.6 that the authentication support (and
    > all its libraries) would be included by default.
    >
    >So, I made an easy mistake. :-)
    >
    >So, I'd like to ask a few questions on this subject:
    >1. Why wasn't SASL included in OpenBSD 3.2? Did it not pass security
    >testing or something?
    >2. If it wasn't dropped for security reasons, why was it not included as
    >part of a compile time configuration option?
    >3. Why doesn't information on configuring SendMail for authentication
    >support appear in the OpenBSD faqs? Considering that OpenBSD is the secure
    >BSD, it seems to me that configuring SendMail to be a bit tighter should
    >be covered as part of the OpenBSD faqs, regardless of whether or not SASL
    >is included by default.
    >4. Assuming that SASL can pass the OpenBSD team's security screening, how
    >much interest would there need to be to get it included as part of the
    >default distribution? (Even if SendMail isn't configured by default to use it.)
    >
    >All of my questions are null and void if SASL isn't very security
    >conscious, but I found the whole situation frustrating. Would it be simple
    >for me to get SendMail's authentication going by installing the SASL port
    >in the ports tree? Or would I need to do a whole lot of compiling and
    >reconfiguring? (I've already broken somethings this week by compiling and
    >installing a newer version of PostgreSQL... I'd rather not break a lot
    >more... :-) )
    >
    >In any event, my thanks to the OpenBSD team for all the great work.
    >Raymond