sendmail AUTH_OPTIONS
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Jun 4 00:09:21 PDT 2003
On Tue, Jun 03, 2003 at 07:47:54PM -0400, Scott Hiemstra wrote:
> Noah,
>
> I'm no sendmail expert, I prefer qmail myself but with some creative
> googling I found this which I believe will answer your question.
>
> http://www.sendmail.org/m4/tweaking_config.html#confAUTH_OPTIONS
That is a good resource (essentially a HTML-ized version of
/usr/share/sendmail/cf/README), but the original poster might find
this chunk out of /usr/share/doc/smm/08.sendmailop/paper.ascii.gz more
useful:
AuthOptions
[no short name] List of options for SMTP
AUTH consisting of single characters with
intervening white space or commas.
A Use the AUTH= parameter for the MAIL FROM
command only when authentication succeeded.
This can be used as a workaround for broken
MTAs that do not implement RFC 2554 correctly.
a protection from active (non-dictionary) attacks
during authentication exchange.
c require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials
to do so.
d don't permit mechanisms susceptible to passive
dictionary attack.
f require forward secrecy between sessions
(breaking one won't help break next).
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y don't permit mechanisms that allow anonymous login.
The first option applies to sendmail as a
client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism
and would allow PLAIN and LOGIN only if a
security layer (e.g., provided by STARTTLS)
is already active. The options 'a', 'c',
'd', 'f', 'p', and 'y' refer to properties
of the selected SASL mechanisms. Explana-
tions of these properties can be found in
[...]
the Cyrus SASL documentation.
So the OP's sendmail.mc file extract:
define(`confAUTH_OPTIONS', `A p')dnl
is absolutely fine. Either commas or spaces can be used to separate
the options, so he could use the equivalent:
define(`confAUTH_OPTIONS', `A,p')dnl
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030604/116de7f1/attachment.bin
More information about the freebsd-questions
mailing list