Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 20862

Summary: Cyrus and Sendmail
Product: [Retired] Red Hat Powertools Reporter: Need Real Name <rvargo>
Component: cyrus-imapdAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: kisch
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-11-14 19:56:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2000-11-14 19:56:46 UTC 
Background:
1. Cyrus-Imapd-2.0.6 recompiled without the SSL patch so that cyradm works
2. Sendmail 8.11.0 recompiled  with "DONTBLAMESENDMAIL GROUPREADABLESASLDB"
so that sendmail doesn't complain that /etc/sasldb is group readable.
3. Latest version of the cyrus-sasl 1.5.24
4. /etc/sasldb is owned by root with the group of mail and is group
readable
5. Cyrus is a member of the mail group

Using Cyrus and Sendmail (with SMTP authentication enabled) results in the
problem that both programs want ownership of the /etc/sasldb.  This means
that only one or another can access it. 

Neither program can read the sasl db unless they own it even through they
are both members of the mail group.

In older versions of Cyrus-imapd (1.6.x) this worked fine, people could
authenticate because cyrus could read the sasl db.
Comment 1 Need Real Name 2000-11-17 19:30:37 UTC 
I was unaware that Senmail runs as root.root, I had assumed root.mail. You do
have to compile Sendmail with the _FFR_UNSAFE_SASL option, enable it in your
(sendmail.mc) conf file define like so:

(`confDONT_BLAME_SENDMAIL',`GROUPREADABLESASLFILE')

and have the ownership as so below to use Cyrus IMAPD and Sendmail SMTP
authentication together.

-rw-r-----    1 cyrus    root        12288 Nov 13 18:00 /etc/sasldb

See http://www.sendmail.org/~ca/email/tricks.html on how to compile Sendmail
with this option.

I hope this helps somebody else out in the same boat!