[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SendMail Authentication via SASL

Hmm... no comments on this? Theo? Beuller? Anyone?
At 10:41 PM 12/27/2002, you wrote:
>Hello everyone,
>  Today I started working on the challenge of getting my SendMail 
> installation configured to relay through my ISP's SMTP server which 
> requires authentication. I found tips here and there, and posted a 
> message to a pair of newsgroups about this, but I came up short.
>
>  The apparent reason for its failure is that OpenBSD 3.2 by default 
> apparently doesn't include the SASL library which handles the SendMail 
> authentication support. I foolishly assumed that since OpenBSD 3.2 
> (-stable) includes SendMail 8.12.6 that the authentication support (and 
> all its libraries) would be included by default.
>
>So, I made an easy mistake. :-)
>
>So, I'd like to ask a few questions on this subject:
>1. Why wasn't SASL included in OpenBSD 3.2? Did it not pass security 
>testing or something?
>2. If it wasn't dropped for security reasons, why was it not included as 
>part of a compile time configuration option?
>3. Why doesn't information on configuring SendMail for authentication 
>support appear in the OpenBSD faqs? Considering that OpenBSD is the secure 
>BSD, it seems to me that configuring SendMail to be a bit tighter should 
>be covered as part of the OpenBSD faqs, regardless of whether or not SASL 
>is included by default.
>4. Assuming that SASL can pass the OpenBSD team's security screening, how 
>much interest would there need to be to get it included as part of the 
>default distribution? (Even if SendMail isn't configured by default to use it.)
>
>All of my questions are null and void if SASL isn't very security 
>conscious, but I found the whole situation frustrating. Would it be simple 
>for me to get SendMail's authentication going by installing the SASL port 
>in the ports tree? Or would I need to do a whole lot of compiling and 
>reconfiguring? (I've already broken somethings this week by compiling and 
>installing a newer version of PostgreSQL... I'd rather not break a lot 
>more... :-) )
>
>In any event, my thanks to the OpenBSD team for all the great work.
>Raymond