Date: Wed, 4 Jun 2003 08:07:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Scott Hiemstra <scott@hiemstra.us> Cc: freebsd-questions@freebsd.org Subject: Re: sendmail AUTH_OPTIONS Message-ID: <20030604070754.GA88489@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <MAEGIICNABPPOCALLOHKGEFNDBAA.scott@hiemstra.us> References: <20030603232527.M66444@enabled.com> <MAEGIICNABPPOCALLOHKGEFNDBAA.scott@hiemstra.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 03, 2003 at 07:47:54PM -0400, Scott Hiemstra wrote: > Noah, >=20 > I'm no sendmail expert, I prefer qmail myself but with some creative > googling I found this which I believe will answer your question. >=20 > http://www.sendmail.org/m4/tweaking_config.html#confAUTH_OPTIONS That is a good resource (essentially a HTML-ized version of /usr/share/sendmail/cf/README), but the original poster might find this chunk out of /usr/share/doc/smm/08.sendmailop/paper.ascii.gz more useful: AuthOptions [no short name] List of options for SMTP AUTH consisting of single characters with intervening white space or commas. A Use the AUTH=3D parameter for the MAIL FROM command only when authentication succeeded. This can be used as a workaround for broken MTAs that do not implement RFC 2554 correctly. a protection from active (non-dictionary) attacks during authentication exchange. c require mechanisms which pass client credentials, and allow mechanisms which can pass credentials to do so. d don't permit mechanisms susceptible to passive dictionary attack. f require forward secrecy between sessions (breaking one won't help break next). p don't permit mechanisms susceptible to simple passive attack (e.g., PLAIN, LOGIN), unless a security layer is active. y don't permit mechanisms that allow anonymous login. The first option applies to sendmail as a client, the others to a server. Example: O AuthOptions=3Dp,y would disallow ANONYMOUS as AUTH mechanism and would allow PLAIN and LOGIN only if a security layer (e.g., provided by STARTTLS) is already active. The options 'a', 'c', 'd', 'f', 'p', and 'y' refer to properties of the selected SASL mechanisms. Explana- tions of these properties can be found in [...] the Cyrus SASL documentation. So the OP's sendmail.mc file extract: define(`confAUTH_OPTIONS', `A p')dnl is absolutely fine. Either commas or spaces can be used to separate the options, so he could use the equivalent: define(`confAUTH_OPTIONS', `A,p')dnl Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+3ZrKdtESqEQa7a0RAhl+AJ9/K71QjqhKOzPdc9AYaoJHE9QzhQCeKaYC n/COnxOiN9WTpi2CPj3w290= =jbvf -----END PGP SIGNATURE----- --huq684BweRXVnRxX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030604070754.GA88489>