Re: Error on starting SASL and STARTTLS

[Paul Howarth <paul@xxxxxxxxxxxx>]

antonio.nunes@xxxxxxxxxxxxxxxxxxxxxxx wrote:
> I've just tried to get secure smtp going on port 25 with sendmail on a
> Fedora Core 2 server. After ironing out some initial problems there seems
> to be one last I can't resolve. I can't get TLS to actually work. The
> sendmail log show the following:
>
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/Sendmail.conf) failed: World writable directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/libanonymous.so.2) failed: World writable
> directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/libdigestmd5.so.2) failed: World writable
> directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/libsasldb.so.2) failed: World writable directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/liblogin.so.2) failed: World writable directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/libcrammd5.so.2) failed: World writable directory
> Sep 28 17:27:51 mail sendmail[8606]: error:
> safesasl(/usr/lib/sasl2/libplain.so.2) failed: World writable directory
> Sep 28 17:27:51 mail sendmail[8691]: starting daemon (8.12.11):
> SMTP+queueing@01:00:00
> Sep 28 17:27:51 mail sendmail[8691]: STARTTLS=server: file
> /usr/share/ssl/certs/sendmail.pem unsafe: World writable directory
>
> I've tried making the sasl2 directory and the certs directory only
> writable by root but to no avail. The files listed in sasl2 are linked and
> the symbolic links do not seem to want to change with chown whatever I
> try.
>
> I'd much appreciate it if anybody could help me out here.

What is the output of:

ls -ld / /usr /usr/lib /usr/lib/sasl2 /usr/share /usr/share/ssl 
/usr/share/ssl/certs

(that's all one line)

Sendmail will complain if any of these directories are world-writable.

On my machine, I get:
drwxr-xr-x   23 root root  4096 Sep 16 07:36 /
drwxr-xr-x   16 root root  4096 Sep 14 22:33 /usr
drwxr-xr-x   53 root root 36864 Oct  1 04:08 /usr/lib
drwxr-xr-x    2 root root  4096 Sep 13 08:10 /usr/lib/sasl2
drwxr-xr-x  126 root root  4096 Sep  3 14:54 /usr/share
drwxr-xr-x    7 root root  4096 Jun 21 10:16 /usr/share/ssl
drwxr-xr-x    2 root root  4096 Sep 27 19:58 /usr/share/ssl/certs

Paul (fellow PlusNet user).