mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-02-01 10:59:55 +00:00
Code Issues Releases Activity
bf9a70a856
freebsd-ports/security/cyrus-sasl2/files/Sendmail.README
Hajimu UMEMOTO 69ba81477e When sending mail localy on a system compiled woth SASL AUTH, the 
sendmail mail submission program may log the following error on the
sasldb file:

	error: safesasl(/usr/local/etc/sasldb) failed: Group readable file

Pine by default is using SMTP, and therfore SMTP AUTH if compiled
into sendmail.  To disable SMTP AUTH we need to define DAEMON_OPTIONS
for the loopback interface.

PR:		ports/51680
Submitted by:	Scot W. Hetzel <hetzels@westbend.net>
2003-05-06 12:32:14 +00:00

62 lines
2.3 KiB
Plaintext
Raw Blame History

How to enable SMTP AUTH with FreeBSD default Sendmail
1) Add the following to /etc/make.conf:
# Add SMTP AUTH support to Sendmail
SENDMAIL_CFLAGS+= -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl2
2) Rebuild FreeBSD (make buildworld, ...)
3) Make sure that the pwcheck_method is correct in Sendmail.conf.
Sendmail.conf (${PREFIX}/lib/sasl2/Sendmail.conf) is created by
the cyrus-sasl2 ports during installation. It may have
pwcheck_method set to saslauthd by default. Change this to what is
appropriate for your site.
4) Add the following to your sendmail.mc file:
dnl The group needs to be mail in order to read the sasldb2 file
define(`confRUN_AS_USER',`root:mail')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
5) Add the following before FEATURE(msp) in your submit.mc file:
DAEMON_OPTIONS(`Name=NoMTA, Addr=127.0.0.1, M=EA')dnl
This disables SMTP AUTH on the loopback interface. Otherwise you may get
the following error in the log:
error: safesasl(/usr/local/etc/sasldb2) failed: Group readable file
when sending mail locally (seen when using pine locally on same server).
----
Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
seperated list. You may want to restrict LOGIN, and PLAIN authentication
methods for use with STARTTLS, as the password is not encrypted when
passed to sendmail.
LOGIN is required for Outlook Express users. "My server requires
authentication" needs to be checked in the accounts properties to
use SASL Authentication.
PLAIN is required for Netscape Communicator users. By default Netscape
Communicator will use SASL Authentication when sendmail is compiled with
SASL and will cause your users to enter their passwords each time they
retreive their mail (NS 4.7).
The DONT_BLAME_SENDMAIL option GroupReadableSASLDBFile is needed when you
are using cyrus-imapd and sendmail on the same server that requires access
to the sasldb2 database.
SASLv2 support of Sendmail is starting with 8.12.4.
Reference in New Issue View Git Blame Copy Permalink