Red Hat Bugzilla – Bug 20862
Cyrus and Sendmail
Last modified: 2008-05-01 11:37:59 EDT
1. Cyrus-Imapd-2.0.6 recompiled without the SSL patch so that cyradm works
2. Sendmail 8.11.0 recompiled with "DONTBLAMESENDMAIL GROUPREADABLESASLDB"
so that sendmail doesn't complain that /etc/sasldb is group readable.
3. Latest version of the cyrus-sasl 1.5.24
4. /etc/sasldb is owned by root with the group of mail and is group
5. Cyrus is a member of the mail group
Using Cyrus and Sendmail (with SMTP authentication enabled) results in the
problem that both programs want ownership of the /etc/sasldb. This means
that only one or another can access it.
Neither program can read the sasl db unless they own it even through they
are both members of the mail group.
In older versions of Cyrus-imapd (1.6.x) this worked fine, people could
authenticate because cyrus could read the sasl db.
I was unaware that Senmail runs as root.root, I had assumed root.mail. You do
have to compile Sendmail with the _FFR_UNSAFE_SASL option, enable it in your
(sendmail.mc) conf file define like so:
and have the ownership as so below to use Cyrus IMAPD and Sendmail SMTP
-rw-r----- 1 cyrus root 12288 Nov 13 18:00 /etc/sasldb
See http://www.sendmail.org/~ca/email/tricks.html on how to compile Sendmail
with this option.
I hope this helps somebody else out in the same boat!