Bug 20862 - Cyrus and Sendmail
Cyrus and Sendmail
Status: CLOSED WORKSFORME
Product: Red Hat Powertools
Classification: Retired
Component: cyrus-imapd (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-14 14:56 EST by Need Real Name
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-14 14:56:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-11-14 14:56:46 EST
Background:
1. Cyrus-Imapd-2.0.6 recompiled without the SSL patch so that cyradm works
2. Sendmail 8.11.0 recompiled  with "DONTBLAMESENDMAIL GROUPREADABLESASLDB"
so that sendmail doesn't complain that /etc/sasldb is group readable.
3. Latest version of the cyrus-sasl 1.5.24
4. /etc/sasldb is owned by root with the group of mail and is group
readable
5. Cyrus is a member of the mail group

Using Cyrus and Sendmail (with SMTP authentication enabled) results in the
problem that both programs want ownership of the /etc/sasldb.  This means
that only one or another can access it. 

Neither program can read the sasl db unless they own it even through they
are both members of the mail group.

In older versions of Cyrus-imapd (1.6.x) this worked fine, people could
authenticate because cyrus could read the sasl db.
Comment 1 Need Real Name 2000-11-17 14:30:37 EST
I was unaware that Senmail runs as root.root, I had assumed root.mail. You do
have to compile Sendmail with the _FFR_UNSAFE_SASL option, enable it in your
(sendmail.mc) conf file define like so:

(`confDONT_BLAME_SENDMAIL',`GROUPREADABLESASLFILE')

and have the ownership as so below to use Cyrus IMAPD and Sendmail SMTP
authentication together.

-rw-r-----    1 cyrus    root        12288 Nov 13 18:00 /etc/sasldb

See http://www.sendmail.org/~ca/email/tricks.html on how to compile Sendmail
with this option.

I hope this helps somebody else out in the same boat!

Note You need to log in before you can comment on or make changes to this bug.