Since I didn't get any responses to this question, I tried option 2
and it seems fine. I am sure it won't take me long to figure out what
happened if a future update re-writes sendmail.mc.
Although I have side-stepped my immediate issue, I would like to know
the sasauthd database is used for anything in BQ. I suspect this may
just be a rough edge in the Nuonce package of SMTP authentication for
Sendmail.
Greg
On 10/9/07, Greg Shaffer <shaffer.greg (at mark) gmail.com> wrote:
> Hello -
>
> I am trying to set up my server to for my users to send mail via AUTH
> SMTP over SSL. Outlook and Thunderbird work fine, but Pegasus Mail
> (which is widely used here) does not. As I understand it, because the
> server is advertising CRAM-MD5, Pegasus uses it instead of the login
> method and there is no provision to prevent it from doing so (I
> checked). However, because there are no sasldb entries, those
> Pegasus clients cannot successfully authenticate. I am trying to
> figure out some way to correct this issue short of manually creating &
> maintaining sasldb entries for each user.
>
> Here are the solutions I am considering:
>
> (1) Automate additions to sasldb. I haven't seen anything that
> clearly suggests that this is possible.
>
> (2) Reconfigure sendmail so it does not advertise CRAM-MD5 (if
> possible). Is there any point in using it with an SSL connection?
> Apparently Outlook and Thunderbird either aren't trying to use it at
> all or they are falling back to something else (e.g. LOGIN).
>
> (3) Somewhere I saw something about configuring saslauthd to
> authenticate against pam, but I am not entirely sure what the security
> ramifications of this might be.
>
> I am also concerned that an update might cause options 2 & 3 to
> suddenly break. I suspect that is less likely with option 2, but I
> have no idea about option 3.
>
> I would appreciate any thoughts anyone might have on these or other
> possible options.
>
> Thanks,
>
> Greg
>
--
Greg Shaffer