Cyrus-SASL + sendmail 8.12.9 + "group writable file"

Hajimu UMEMOTO ume at
Sat May 3 07:17:58 PDT 2003


# I added CC: gshapiro who is the maintainer of sendmail.

>>>>> On Thu, 1 May 2003 19:38:36 -0500
>>>>> "Scot W. Hetzel" <hetzels at> said:

hetzels> From: "David Babler" <dbabler at>
> Basic problem: sendmail errors with permissions/ownerships on
> /usr/local/etc/sasldb
> Symptom:
>  maillog entry "error: safesasl(/usr/local/etc/sasldb) failed: Group
hetzels> readable file"
hetzels> We found the problem, the initial sendmail mail submission program was
hetzels> causing these errors to occur when sending mail from the local system.  To

Though I'm using SASL2 and not tested SASL1, I cannot see such
problem.  I think that MSP doesn't see sasldb2? unless you do enable
SMTP AUTH in, and you don't need to have such configuration
by MSP.

hetzels> solve this problem you need to put the following into the file
hetzels> that you use on your system (i.e.

hetzels>     define(`confRUN_AS_USER',`smmsp:mail')dnl

This is odd.  The sendmail binary is not setuid to root, anymore.  I
believe sendmail as MSP cannot change its user unless invoking from

hetzels>     define(`confTRUSTED_USER',`smmsp')dnl
hetzels>     define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

hetzels> NOTE:  You must define confTRUSTED_USER, otherwise you will get an error in
hetzels> the log (readcf: option TrustedUser: unknown user smmsp:mail).  This is
hetzels> caused by FEATURE(msp) defines confTRUSTED_USER using the confRUN_AS_USER
hetzels> value if not defined.


Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at  ume at  ume@{,jp.}

More information about the freebsd-questions mailing list