Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to turn off SMTP AUTH?

1,229 views
Skip to first unread message

Johann

unread,
Oct 5, 2002, 7:56:50 AM10/5/02
to
Hello,
I'm using SMTP AUTH as a client and want to turn off the SMTP AUTH
server-functionality. The only workaround to avoid the annoying error
message

sm-mta[238]: error: safesasl(/usr/local/etc/sasldb.db) failed: Group
readable file

on every sendmail startup is to follow the documentation and put

define(`confRUN_AS_USER',`root:mail')
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')

in my sendmail configuration. But that's not what I want, I dont need
*any* of the SMTP AUTH server functionality I just want to be able to
authenticate as a client. How can I *completely* disable the rest of
the SASL stuff?

I'm using the native sendmail 8.12.3 that comes with FreeBSD 4.6.2
just recompiled to utilize the Cyrus-SASL 1.5.27 port.

TIA,

Jo

Claus Aßmann

unread,
Oct 5, 2002, 11:16:29 AM10/5/02
to
Johann wrote:

> I'm using SMTP AUTH as a client and want to turn off the SMTP AUTH
> server-functionality. The only workaround to avoid the annoying error
> message

> sm-mta[238]: error: safesasl(/usr/local/etc/sasldb.db) failed: Group
> readable file

> on every sendmail startup is to follow the documentation and put

> define(`confRUN_AS_USER',`root:mail')

You shouldn't need that.

> define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')

That should be ok.

> in my sendmail configuration. But that's not what I want, I dont need
> *any* of the SMTP AUTH server functionality I just want to be able to
> authenticate as a client. How can I *completely* disable the rest of
> the SASL stuff?

Why? What's the problem?

You can:
- disable SMTP AUTH per daemon (DaemonPortOptions, M=A)
- disable SMTP AUTH per connection (Srv_Features, A)
- edit the source code.

For the former two see doc/op/op.* and cf/README.

--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/ Before you ask.

Johann

unread,
Oct 6, 2002, 6:36:08 PM10/6/02
to
Claus Aßmann <ca+sendmail(-no-copies-please)@mine.informatik.uni-kiel.de> wrote in message news:<anmvod$maj$1...@zardoc.esmtp.org>...

> > define(`confRUN_AS_USER',`root:mail')
>
> You shouldn't need that.

I also find this kinda strange but when I leave it out I get

sm-mta[308]: error: safesasl(/usr/local/etc/sasldb.db) failed:
Permission denied

The security/cyrus_sasl-port installs the sasldb.db like this:
-rw-r----- 1 cyrus mail 16384 4 Okt 18:34 /usr/local/etc/sasldb.db

What's wrong here?

> > authenticate as a client. How can I *completely* disable the rest of
> > the SASL stuff?
>
> Why? What's the problem?
>
> You can:
> - disable SMTP AUTH per daemon (DaemonPortOptions, M=A)
> - disable SMTP AUTH per connection (Srv_Features, A)
> - edit the source code.
>
> For the former two see doc/op/op.* and cf/README.

OK, I tried to disable it via DAEMON_OPTIONS(`Name=MTA, M=A') in my
sendmail.mc but it still tries to read sasldb.db and I get that
annoying error message when I don't have
define(`confRUN_AS_USER',`root:mail') in my configuration.
I'm just trying to run sendmail as a local MTA which relays all its
mail trough my ISPs smarthost which now requires SMTP AUTH. I
originally thought configuration would be less of a hassle if there
was a way to completely disable the server functionality of SASL which
I do not use anyway. But now I just want to know how to configure it
the "right way".

Claus Aßmann

unread,
Oct 6, 2002, 11:06:27 PM10/6/02
to
Johann wrote:
> Claus Aßmann

> > > authenticate as a client. How can I *completely* disable the rest of
> > > the SASL stuff?

> > Why? What's the problem?

> > You can:
> > - disable SMTP AUTH per daemon (DaemonPortOptions, M=A)
> > - disable SMTP AUTH per connection (Srv_Features, A)
> > - edit the source code.

> > For the former two see doc/op/op.* and cf/README.

> OK, I tried to disable it via DAEMON_OPTIONS(`Name=MTA, M=A') in my
> sendmail.mc but it still tries to read sasldb.db and I get that
> annoying error message when I don't have
> define(`confRUN_AS_USER',`root:mail') in my configuration.
> I'm just trying to run sendmail as a local MTA which relays all its
> mail trough my ISPs smarthost which now requires SMTP AUTH. I
> originally thought configuration would be less of a hassle if there
> was a way to completely disable the server functionality of SASL which
> I do not use anyway. But now I just want to know how to configure it
> the "right way".


Use Sendmail.conf (for Cyrus-SASL) to "lie" about the location
of sasldb or change the pwcheck_method. In the former case,
sendmail will only complain at LogLevel > 10.

0 new messages