Page is a not externally linkable
StupidScript - 10:40 pm on Nov 15, 2007 (gmt 0)
1) MY SENDMAIL IS COMPILED WITH (note STARTTLS and SASLv2): sendmail -d0.1 -bv ============ SYSTEM IDENTITY (after readcf) ============ 2) MY sendmail.cf FILE IS LOCATED: sendmail -d0.20 -bv ¦ grep sendmail.cf 3) RELEVANT sendmail.mc ENTRIES (yes, I m4'd it to sendmail.cf, and the cert is in there): define(`confAUTH_OPTIONS',`A p y')dnl I LEFT THIS COMMENTED OUT: dnl # The following causes sendmail to additionally listen to port 465, but 4) CONTENTS OF /usr/lib/sasl2: libanonymous.la CONTENTS OF Sendmail.conf: pwcheck_method: saslauthd (I added the last 2 lines per various instructions.) 5) I THEN DID: service sendmail restart 6) ps wax SHOWS 5 saslauthd PROCESSES, EACH READS: /usr/sbin/saslauthd -m /var/run/saslauthd -a pam 7) SENDMAIL SERVICE TEST OUTPUT: telnet localhost 25 8) /var/log/maillog SHOWS: sendmail[20684]: NOQUEUE: connect from localhost.localdomain [127.0.0.1] ("AUTH warning: no mechanisms" seemed odd, so I removed "mech_list" from saslauthd's Sendmail.conf) 9) NOW I GET THE SAME TEST OUTPUT AS ABOVE, BUT maillog INCLUDES: sendmail[20792]: NOQUEUE: connect from localhost.localdomain [127.0.0.1] Note the second line ... "available mech" does not include LOGIN or PLAIN. Hmmm. Those are the ONLY 2 mechs included in sendmail.cf, and both are included in the sasl2 libraries. 10) AS A TEST, I RESTARTED sendmail WITH A TEMP LOG: sendmail -bD -X /tmp/test.log HERE IS THE OUTPUT FROM A TEST SMTP SEND FROM MY CLIENT, NO LOGIN (I'm not in relay-domains for this test): 20956 >>> 220 mail.example.com ESMTP Sendmail 8.13.7/8.13.7; Thu, 15 Nov 2007 17:23:00 -0500 AND FROM maillog: sendmail[20956]: NOQUEUE: connect from [MY.IPA.DDR.ESS] "available mech" HAS GOT TO BE COMING FROM SOMEWHERE ... IF NOT /usr/lib/saslauthd AND sendmail.cf, THEN FROM WHERE? HERE IS THE OUTPUT FROM A TEST SMTP SEND FROM MY CLIENT, WITH LOGIN (User supplied, plain text): 21097 >>> 220 mail.example.com ESMTP Sendmail 8.13.7/8.13.7; Thu, 15 Nov 2007 17:28:31 -0500 AND FROM maillog: sendmail[21097]: NOQUEUE: connect from [MY.IPA.DDR.ESS] 11) It seems clear that sendmail is not using saslauthd. My client (Calypso) reports "The server does not support any secure password authentication providers", and we can see that there is no "AUTH" in any of the exchanges. Thanks in advance for shedding any light on this.
This long-ish post includes config settings, log entries and whatnot as I attempt to set up SMTP AUTH on my Fedora Core 4 server.
I just can't seem to get the AUTH services running ... any and all help is greatly appreciated.
Version 8.13.7
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
(short domain name) $w = mail
(canonical domain name) $j = mail.example.com
(subdomain name) $m = example.com
(node name) $k = mail.example.com
========================================================
Conf file: /etc/mail/sendmail.cf (default for MTA)
Conf file: /etc/mail/sendmail.cf (selected)
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/etc/pki/tls/certs')dnl
define(`confCACERT',`/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
libanonymous.so -> libanonymous.so.2.0.20
libanonymous.so.2 -> libanonymous.so.2.0.20
libanonymous.so.2.0.20
libcrammd5.la
libcrammd5.so -> libcrammd5.so.2.0.20
libcrammd5.so.2 -> libcrammd5.so.2.0.20
libcrammd5.so.2.0.20
libdigestmd5.la
libdigestmd5.so -> libdigestmd5.so.2.0.20
libdigestmd5.so.2 -> libdigestmd5.so.2.0.20
libdigestmd5.so.2.0.20
liblogin.la
liblogin.so -> liblogin.so.2.0.20
liblogin.so.2 -> liblogin.so.2.0.20
liblogin.so.2.0.20
libplain.la
libplain.so -> libplain.so.2.0.20
libplain.so.2 -> libplain.so.2.0.20
libplain.so.2.0.20
libsasldb.la
libsasldb.so -> libsasldb.so.2.0.20
libsasldb.so.2 -> libsasldb.so.2.0.20
libsasldb.so.2.0.20
Sendmail.conf
mech_list: plain login
saslauthd_path: /var/run/saslauthd
service saslauthd start
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.13.7/8.13.7; Thu, 15 Nov 2007 17:01:26 -0500
ehlo localhost
250-mail.example.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
sendmail[20684]: AUTH warning: no mechanisms
sendmail[20684]: lAFM3saq020684: Milter: no active filter
sendmail[20792]: AUTH: available mech=DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
sendmail[20792]: lAFMAZA1020792: Milter: no active filter
20956 <<< EHLO mycomputer^M
20956 >>> 250-mail.example.com Hello [MY.IPA.DDR.ESS], pleased to meet you
20956 >>> 250-ENHANCEDSTATUSCODES
20956 >>> 250-PIPELINING
20956 >>> 250-8BITMIME
20956 >>> 250-SIZE
20956 >>> 250-DSN
20956 >>> 250-ETRN
20956 >>> 250-STARTTLS
20956 >>> 250-DELIVERBY
20956 >>> 250 HELP
20956 <<< RSET^M
20956 >>> 250 2.0.0 Reset state
20956 <<< MAIL FROM:<me@example.com>^M
20956 >>> 250 2.1.0 <me@example.com>... Sender ok
20956 <<< RCPT TO:<test@anotherdom.com>^M
20956 >>> 550 5.7.1 <test@anotherdom.com>... Relaying denied. IP name lookup failed [MY.IPA.DDR.ESS]
20956 <<< [EOF]
20956 >>> 421 4.4.1 mail.example.com Lost input channel from [MY.IPA.DDR.ESS]
sendmail[20956]: AUTH: available mech=DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
sendmail[20956]: lAFMN0Q1020956: Milter: no active filter
sendmail[20956]: lAFMN0Q2020956: ruleset=check_rcpt, arg1=<test@anotherdom.com>, relay=[MY.IPA.DDR.ESS], reject=550 5.7.1 <test@anotherdom.com>... Relaying denied. IP name lookup failed [MY.IPA.DDR.ESS]
sendmail[20956]: lAFMN0Q2020956: lost input channel from [MY.IPA.DDR.ESS] to MTA after rcpt
sendmail[20956]: lAFMN0Q2020956: from=<me@example.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[MY.IPA.DDR.ESS]
21097 <<< EHLO mycomputer^M
21097 >>> 250-mail.example.com Hello [MY.IPA.DDR.ESS], pleased to meet you
21097 >>> 250-ENHANCEDSTATUSCODES
21097 >>> 250-PIPELINING
21097 >>> 250-8BITMIME
21097 >>> 250-SIZE
21097 >>> 250-DSN
21097 >>> 250-ETRN
21097 >>> 250-STARTTLS
21097 >>> 250-DELIVERBY
21097 >>> 250 HELP
21097 <<< [EOF]
21097 >>> 421 4.4.1 mail.example.com Lost input channel from [MY.IPA.DDR.ESS]
sendmail[21097]: AUTH: available mech=DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
sendmail[21097]: lAFMSV66021097: Milter: no active filter
sendmail[21097]: lAFMSV66021097: [MY.IPA.DDR.ESS] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA