RE: sendmail AUTH_OPTIONS

2003-06-04 Thread Scott Hiemstra 
Noah,

I'm no sendmail expert, I prefer qmail myself but with some creative
googling I found this which I believe will answer your question.

http://www.sendmail.org/m4/tweaking_config.html#confAUTH_OPTIONS

Scott



Scott Hiemstra
[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of admin
Sent: Tuesday, June 03, 2003 7:26 PM
To: [EMAIL PROTECTED]
Subject: sendmail AUTH_OPTIONS



Hi,

okay I am going around in circles and not able to find a link which
describes
the AUTH_OPTIONS definitions in the .mc file.

I want to know what the A and p mean?  and verify that my syntax is correct.

--- from sendmail.mc file ---

define(`confAUTH_OPTIONS', `A p')dnl




Thanks in advance,
- Noah

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: sendmail AUTH_OPTIONS

2003-06-04 Thread Matthew Seaman 
On Tue, Jun 03, 2003 at 07:47:54PM -0400, Scott Hiemstra wrote:
 Noah,
 
 I'm no sendmail expert, I prefer qmail myself but with some creative
 googling I found this which I believe will answer your question.
 
 http://www.sendmail.org/m4/tweaking_config.html#confAUTH_OPTIONS

That is a good resource (essentially a HTML-ized version of
/usr/share/sendmail/cf/README), but the original poster might find
this chunk out of /usr/share/doc/smm/08.sendmailop/paper.ascii.gz more
useful:

  AuthOptions
[no short name] List  of  options  for  SMTP
AUTH  consisting  of  single characters with
intervening white space or commas.

A   Use the AUTH= parameter for the MAIL FROM
command only when authentication succeeded.
This can be used as a workaround for broken
MTAs that do not implement RFC 2554 correctly.
a   protection from active (non-dictionary) attacks
during authentication exchange.
c   require mechanisms which pass client credentials,
and allow mechanisms which can pass credentials
to do so.
d   don't permit mechanisms susceptible to passive
dictionary attack.
f   require forward secrecy between sessions
(breaking one won't help break next).
p   don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y   don't permit mechanisms that allow anonymous login.

The first option applies to  sendmail  as  a
client, the others to a server.  Example:

O AuthOptions=p,y

would  disallow  ANONYMOUS as AUTH mechanism
and would allow PLAIN and LOGIN  only  if  a
security  layer (e.g., provided by STARTTLS)
is already active.  The  options  'a',  'c',
'd',  'f',  'p', and 'y' refer to properties
of the selected SASL  mechanisms.   Explana-
tions  of  these  properties can be found in

   [...]

the Cyrus SASL documentation.

So the OP's sendmail.mc file extract:

define(`confAUTH_OPTIONS', `A p')dnl

is absolutely fine. Either commas or spaces can be used to separate
the options, so he could use the equivalent:

define(`confAUTH_OPTIONS', `A,p')dnl

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.   26 The Paddocks
  Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614  Bucks., SL7 1TH UK


pgp0.pgp
Description: PGP signature