Operating System - HP-UX
1748109 Members
4610 Online
108758 Solutions
New Discussion юеВ

Re: sendmail auth file permissions

 
Fred Ruffet
Honored Contributor

sendmail auth file permissions

Hi all,

I actually set-up sendmail on a 11iv1 server to relay mail to my ISP SMTP server. Their server runs on port 587 and needs authentication.

I managed to get the whole thing, but I have a problem with the auth file. I have configured sendmail.cf to use the file /etc/mail/authinfo. I have those rights :

root@rp3410:/etc/mail#ll authinfo
-rw------- 1 root bin 151 Jan 5 17:44 authinfo

when sending mail I have this line in mail.log :
Jan 6 12:17:14 rp3410 sm-mta[19087]: AUTH=client, error: can't open /etc/mail/authinfo: Permission denied

I tried to chmod g+r the file and then had :
Jan 6 12:06:09 rp3410 sm-mta[16715]: AUTH=client, error: can't open /etc/mail/authinfo: Group readable file

sendmail is running as root.

What permissions must I set to have this file used ?

Any help appreciated. Thanks,

Fred
--

"Reality is just a point of view." (P. K. D.)
15 REPLIES 15
TTr
Honored Contributor

Re: sendmail auth file permissions

The sendmail daemon has these builtin security checks for the files that it uses. Try changing the ownership of the authinfo file to bin:bin and take out the group write permission. All these security options are listed in the sendmail.cf file right below all those text blocks and where the config section starts.
Fred Ruffet
Honored Contributor

Re: sendmail auth file permissions

Thanks TTr,

I have already set these permissions whithout success :
root@rp3410:/etc/mail#ll authinfo
-rw------- 1 bin bin 151 Jan 5 17:44 authinfo
root@rp3410:/etc/mail#ll -d .
dr-xr-xr-x 2 bin bin 8192 Jan 6 14:05 .

I always have these messages in mail.log :
Jan 6 14:05:56 rp3410 sm-mta[15657]: AUTH=client, error: can't open /etc/mail/authinfo: World readable file

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
TTr
Honored Contributor

Re: sendmail auth file permissions

Now the file is world redable. Remove the world read setting from the file.
Make it only rw-------
TTr
Honored Contributor

Re: sendmail auth file permissions

Actually, check the whole path leading to this file. Do you also have a hash filefor the authinfo file or a directory structure as described here? Check the paths of the files and directories and ensure they are not group or world readable (or writable).
http://docs.hp.com/en/5992-3190/ar01s08.html
Fred Ruffet
Honored Contributor

Re: sendmail auth file permissions

sorry for the error. Message about world readable file was from another test I made. Message with the permission I told was :

Jan 6 14:20:41 rp3410 sm-mta[20494]: AUTH=client, error: can't open /etc/mail/authinfo: Permission denied

I'm looking forward the link you gave me.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Fred Ruffet
Honored Contributor

Re: sendmail auth file permissions

Back...

I got it to pass this problem. Mostly by adding this line to sendmail.cf :
Kauthinfo hash -o /etc/mail/authinfo.db

Problem is now that I have following line in mail.log :
Jan 6 16:28:15 rp3410 sm-mta[25881]: o06FS1gO025878: AUTH=client, available mechanisms do not fulfill requirements

According to what I found on the web, I should not have AUTH=client, but my login instead of client.

Digging the docs... any help appreciated...

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: sendmail auth file permissions

Shalom,

You may find it easier to use sendmail.mc, or the HP-UX equivalent.

http://hpux.ws/buildmail.hpux.text

Note, looks like HP may have changed the name of the .mc file. You will have to alter the script to use that.

The .mc file is human readable and there is a lot of support for changes on it at http://www.sendmail.org

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
TTr
Honored Contributor

Re: sendmail auth file permissions

What is in the authinfo (and authinfo.db) file? Is it in the correct syntax?

What version of sendmail are you using?
TTr
Honored Contributor

Re: sendmail auth file permissions

Did you configure TLS and is sendmail starting it up?