Cyrus-SASL + sendmail 8.12.9 + "group writable file"
David Babler
dbabler at rigel.orionsys.com
Mon Apr 28 20:03:28 PDT 2003
Basic problem: sendmail errors with permissions/ownerships on
/usr/local/etc/sasldb
Symptom:
maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group readable file"
I'm getting pretty frustrated trying to find the secret handshake to
make this work. Searches of the archives for this problem produce lots
of hits, but few answers - and no answers that make this work.
OS: FreeBSD 4.8-RC
Sendmail: 8.12.9
/etc/make.conf
SENDMAIL_CFLAGS+= -I/usr/local/include/sasl1 -DSASL
SENDMAIL_LDFLAGS+= -L/usr/local/lib
SENDMAIL_LDADD+= -lsasl
And a CVSUP and make world was recently done (and repeated today for
good measure) after those options were set. Sendmail had also been built
prior to that with those options with the last patched 8.12.8 following
the CERT advisory.
Installed Cyrus-SASL 1.5.28 from the ports collection.
My sendmail.mc file contains (as per the ASMTP FAQ):
define(`confRUN_AS_USER',`root:mail')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN')dnl
And yes, the ODontBlameSendmail appears in the generated sendmail.cf
file. As appears in the various archived times this question has come
up, changing permissions and ownerships only move the error from group
read errors to access denied errors. For ownerships of the database
file, I've tried:
cyrus:mail (as installed by the port)
root:mail
root:wheel
smmsp:mail
cyrus:smmsp
both with and without group read permissions. In short, none of those
permutations work. The truly weird part is that the DontBlameSendmail
option is not being honored, and I have NO idea why not.
-Dave
More information about the freebsd-questions
mailing list