Update Sendmail.README with instructions on how to enable the

GroupReadableSASLFile option for DONT_BLAME_SENDMAIL.

PR:		23149
Submitted by:	maintainer

2 files changed, 60 insertions, 8 deletions

diff --git a/security/cyrus-sasl/files/Sendmail.README b/security/cyrus-sasl/files/Sendmail.README
index e4ee641ca069..a7dd2267c39d 100644
--- a/security/cyrus-sasl/files/Sendmail.README
+++ b/security/cyrus-sasl/files/Sendmail.README
@@ -2,10 +2,10 @@ How to enable SMTP AUTH with FreeBSD default Sendmail 8.11
 
 1) Add the following to  /etc/make.conf:
 
-# Add SMTP AUTH support to Sendmail
-SENDMAIL_CFLAGS+=	-DSASL -I/usr/local/include/sasl
-SENDMAIL_LDFLAGS+=	-L/usr/local/lib
-SENDMAIL_LDADD+=	-lsasl
+    # Add SMTP AUTH support to Sendmail
+    SENDMAIL_CFLAGS+=	-I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL
+    SENDMAIL_LDFLAGS+=	-L/usr/local/lib
+    SENDMAIL_LDADD+=	-lsasl
 
 2) Rebuild FreeBSD (make buildworld, ...)
 
@@ -13,3 +13,29 @@ SENDMAIL_LDADD+=	-lsasl
 
    pwcheck_method: pwcheck
 
+4) Add the following to your sendmail.mc file:
+
+   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl
+   define(`confRUN_AS_USER',`root:mail')dnl
+
+ ----
+
+   Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
+   These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
+   seperated list.  You may want to restrict LOGIN, and PLAIN authentication
+   methods for use with STARTTLS, as the password is not encrypted when
+   passed to sendmail.
+
+   LOGIN is required for Outlook Express users.  "My server requires
+   authentication" needs to be checked in the accounts properties to 
+   use SASL Authentication.
+
+   PLAIN is required for Netscape Communicator users.  By default Netscape
+   Communicator will use SASL Authentication when sendmail is compiled with
+   SASL.
+
+   The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you
+   are using cyrus-imapd and sendmail on the same server that requires access
+   to the sasldb database.
diff --git a/security/cyrus-sasl2/files/Sendmail.README b/security/cyrus-sasl2/files/Sendmail.README
index e4ee641ca069..a7dd2267c39d 100644
--- a/security/cyrus-sasl2/files/Sendmail.README
+++ b/security/cyrus-sasl2/files/Sendmail.README
@@ -2,10 +2,10 @@ How to enable SMTP AUTH with FreeBSD default Sendmail 8.11
 
 1) Add the following to  /etc/make.conf:
 
-# Add SMTP AUTH support to Sendmail
-SENDMAIL_CFLAGS+=	-DSASL -I/usr/local/include/sasl
-SENDMAIL_LDFLAGS+=	-L/usr/local/lib
-SENDMAIL_LDADD+=	-lsasl
+    # Add SMTP AUTH support to Sendmail
+    SENDMAIL_CFLAGS+=	-I/usr/local/include/sasl -DSASL -D_FFR_UNSAFE_SASL
+    SENDMAIL_LDFLAGS+=	-L/usr/local/lib
+    SENDMAIL_LDADD+=	-lsasl
 
 2) Rebuild FreeBSD (make buildworld, ...)
 
@@ -13,3 +13,29 @@ SENDMAIL_LDADD+=	-lsasl
 
    pwcheck_method: pwcheck
 
+4) Add the following to your sendmail.mc file:
+
+   TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
+   define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLFile')dnl
+   define(`confRUN_AS_USER',`root:mail')dnl
+
+ ----
+
+   Additional AUTH Mechanisms are LOGIN, PLAIN, GSSAPI, and KERBEROS_V4.
+   These can be added to TRUST_AUTH_MECH and confAUTH_MECHANISMS as a space
+   seperated list.  You may want to restrict LOGIN, and PLAIN authentication
+   methods for use with STARTTLS, as the password is not encrypted when
+   passed to sendmail.
+
+   LOGIN is required for Outlook Express users.  "My server requires
+   authentication" needs to be checked in the accounts properties to 
+   use SASL Authentication.
+
+   PLAIN is required for Netscape Communicator users.  By default Netscape
+   Communicator will use SASL Authentication when sendmail is compiled with
+   SASL.
+
+   The DONT_BLAME_SENDMAIL option GroupReadableSASLFile is needed when you
+   are using cyrus-imapd and sendmail on the same server that requires access
+   to the sasldb database.