Cannot get authentication working to smarthost
Paul Galbraith
feature.
FEATURE(
This has been working for me for years, but I recently changed
providers and now need to authenticate to the smarthost server.
I have in my "access" file:
AuthInfo: "U:paul_galbraith" "I:paul_galbraith" "P:mypassword"
"M:PLAIN"
I had originally tried specifying the server name but have fallen back
to the more generic entry above while trying to get this working.
To verify my access.db I've executed "echo '/map access AuthInfo:' |
sendmail -bt" and see this result:
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> map_lookup: access (AuthInfo:) returns "U:paul_galbraith" "I:paul_galbraith" "
P:mypassword" "M:PLAIN" (0)
... so, I think access.db is OK and being read by sendmail.
To test if sendmail is authenticating I ran this command as root:
date | sendmail -O LogLevel=15 -Am -v paul_ga...@yahoo.com
... and see these results:
paul_ga...@yahoo.com... Connecting to smtp-rog.mail.yahoo.com. via
relay...
220 smtp122.rog.mail.re2.yahoo.com ESMTP
>>> EHLO erebor.paulgalbraith.net
250-smtp122.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
>>> MAIL From:<pa...@erebor.paulgalbraith.net>
530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html
paul... Connecting to local...
paul... Sent
Closing connection to smtp-rog.mail.yahoo.com.
>>> QUIT
To me it looks like sendmail is not trying to authenticate. So ...
how do I get sendmail to authenticate using the AuthInfo: line in the
access db?
Andrzej Adam Filip
Could you post AuthOptions from your sendmail.cf?
Have you used 'p' flag to turn off using LOGIN and PLAIN over unecrypted
links (no STARTTLS)? [it is my "suspicion zero"]
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : an...@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
The hatred of relatives is the most violent.
-- Tacitus (c.55 - c.117)
Paul Galbraith
> Paul Galbraith <paul_galbra...@yahoo.com> wrote:
> > I am trying to relay through my ISP's smtp server using the smarthost
> > feature.
>
> > FEATURE(
>
> > This has been working for me for years, but I recently changed
> > providers and now need to authenticate to the smarthost server.
>
> > I have in my "access" file:
>
> > AuthInfo: "U:paul_galbraith" "I:paul_galbraith" "P:mypassword"
> > "M:PLAIN"
>
> > I had originally tried specifying the server name but have fallen back
> > to the more generic entry above while trying to get this working.
>
> > To verify my access.db I've executed "echo '/map access AuthInfo:' |
> > sendmail -bt" and see this result:
>
> > ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> > Enter <ruleset> <address>
> >> map_lookup: access (AuthInfo:) returns "U:paul_galbraith" "I:paul_galbraith" "
> > P:mypassword" "M:PLAIN" (0)
>
> > ... so, I think access.db is OK and being read by sendmail.
>
> > To test if sendmail is authenticating I ran this command as root:
>
>
> > ... and see these results:
>
> > relay...
> > 220 smtp122.rog.mail.re2.yahoo.com ESMTP
> >>>> EHLO erebor.paulgalbraith.net
> > 250-smtp122.rog.mail.re2.yahoo.com
> > 250-AUTH LOGIN PLAIN XYMCOOKIE
> > 250-PIPELINING
> > 250 8BITMIME
> > 530 authentication required - for help go tohttp://help.yahoo.com/help/us/mail/pop/pop-11.html
> > paul... Connecting to local...
> > paul... Sent
> > Closing connection to smtp-rog.mail.yahoo.com.
> >>>> QUIT
>
> > To me it looks like sendmail is not trying to authenticate. So ...
> > how do I get sendmail to authenticate using the AuthInfo: line in the
> > access db?
>
> Could you post AuthOptions from your sendmail.cf?
>
> Have you used 'p' flag to turn off using LOGIN and PLAIN over unecrypted
> links (no STARTTLS)? [it is my "suspicion zero"]
>
> --
> Open-Sendmail:http://open-sendmail.sourceforge.net/
> The hatred of relatives is the most violent.
> -- Tacitus (c.55 - c.117)
Thanks for your help, Andrzej! What would I look for in my mc/cf
files to confirm use of the p flag? Here's all that I see around
AuthOptions:
#O AuthOptions
# SMTP AUTH maximum encryption strength
#O AuthMaxBits
# SMTP STARTTLS server options
#O TLSSrvOptions
Andrzej Adam Filip
> Thanks for your help, Andrzej! What would I look for in my mc/cf
> files to confirm use of the p flag? Here's all that I see around
> AuthOptions:
>
> #O AuthOptions
>
> # SMTP AUTH maximum encryption strength
> #O AuthMaxBits
>
> # SMTP STARTTLS server options
> #O TLSSrvOptions
0) Your AuthOption looks OK (commented out => sendmail uses hardcoded default)
Post all Auth options especially AuthMechanisms.
As I understand it does not contain LOGIN and PLAIN in its default value.
grep "O Auth" /etc/mail/sendmail.cf
You can change in sendmail.mc using:
define(`confAUTH_MECHANISMS', `... LOGIN PLAIN')dnl
1) repeat your sending of test message with tracking map queries.
It should show you if sendmail issues any authinfo queries.
(echo subject: test; echo)| sendmail -d 60.5 -Am -v paul_galbra...@yahoo.com
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : an...@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Sun in the night, everyone is together,
Ascending into the heavens, life is forever.
-- Brand X, "Moroccan Roll/Sun in the Night"
Paul Galbraith
> Open-Sendmail:http://open-sendmail.sourceforge.net/
> Sun in the night, everyone is together,
> Ascending into the heavens, life is forever.
> -- Brand X, "Moroccan Roll/Sun in the Night"
I added the option. I don't have SASL auth support compiled in and
sendmail complains about this...now grep "O Auth" shows:
O AuthMechanisms=... LOGIN PLAIN
#O AuthRealm
#O AuthOptions
#O AuthMaxBits
(Did you mean the "..." literally?)
Here is the output from the test email:
Warning: Option: AuthMechanisms requires SASL support (-DSASL)
map_lookup(dequote, paul, %0=paul) => NOT FOUND (0)
map_lookup(host, yahoo.com, %0=yahoo.com) => yahoo.com. (0)
map_lookup(mailertable, yahoo.com, %0=yahoo.com) => NOT FOUND (0)
map_lookup(mailertable, .com, %0=.com, %1=yahoo, %2=yahoo) => NOT
FOUND (0)
map_lookup(mailertable, ., %0=., %1=yahoo.com) => NOT FOUND (0)
paul_ga...@yahoo.com... Connecting to smtp-rog.mail.yahoo.com. via
relay...
220 smtp116.rog.mail.re2.yahoo.com ESMTP
>>> EHLO erebor.paulgalbraith.net
250-smtp116.rog.mail.re2.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
map_lookup(macro, {TLS_Name}, %0={TLS_Name}, %1=smtp-
rog.mail.yahoo.com) => (0)
map_lookup(access, TLS_Srv:smtp-rog.mail.yahoo.com, %0=TLS_Srv:smtp-
rog.mail.yah
oo.com) => NOT FOUND (0)
map_lookup(access, TLS_Srv:mail.yahoo.com, %0=TLS_Srv:mail.yahoo.com)
=> NOT FOU
ND (0)
map_lookup(access, TLS_Srv:yahoo.com, %0=TLS_Srv:yahoo.com) => NOT
FOUND (0)
map_lookup(access, TLS_Srv:com, %0=TLS_Srv:com) => NOT FOUND (0)
map_lookup(access, TLS_Srv:206.190.36.18, %0=TLS_Srv:206.190.36.18) =>
NOT FOUND
(0)
map_lookup(access, TLS_Srv:206.190.36, %0=TLS_Srv:206.190.36) => NOT
FOUND (0)
map_lookup(access, TLS_Srv:206.190, %0=TLS_Srv:206.190) => NOT FOUND
(0)
map_lookup(access, TLS_Srv:206, %0=TLS_Srv:206) => NOT FOUND (0)
map_lookup(access, TLS_Srv:, %0=TLS_Srv:) => NOT FOUND (0)
>>> MAIL From:<pa...@erebor.paulgalbraith.net>
530 authentication required - for help go to http://help.yahoo.com/help/us/mail/
pop/pop-11.html
map_lookup(dequote, paul, %0=paul) => NOT FOUND (0)
map_lookup(dequote, paul, %0=paul) => NOT FOUND (0)
map_lookup(dequote, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
paul... Connecting to local...
map_lookup(generics, MAILER...@erebor.paulgalbraith.net, %0=MAILER-
DAEMON@er
ebor.paulgalbraith.net) => NOT FOUND (0)
map_lookup(generics, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
paul... Sent
Closing connection to smtp-rog.mail.yahoo.com.
>>> QUIT
It looks to me like it's not even looking for an AuthInfo entry ...
any ideas as to why? Thanks again for your help!
Andrzej Adam Filip
> I added the option. I don't have SASL auth support compiled in and
> sendmail complains about this...now grep "O Auth" shows:
As I understand SASL is necessary.
http://www.sendmail.org/~ca/email/auth.html
> O AuthMechanisms=... LOGIN PLAIN
> #O AuthRealm
> #O AuthOptions
> #O AuthMaxBits
>
> (Did you mean the "..." literally?)
No.
> Here is the output from the test email:
> [ No trace of authinfo lookups ]
>
> It looks to me like it's not even looking for an AuthInfo entry ...
> any ideas as to why? Thanks again for your help!
--
[pl>en Andrew] Andrzej Adam Filip : an...@onet.eu : an...@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
The computing field is always in need of new cliches.
-- Alan Perlis
Paul Galbraith
>
> > O AuthMechanisms=... LOGIN PLAIN
> > #O AuthRealm
> > #O AuthOptions
> > #O AuthMaxBits
>
> > (Did you mean the "..." literally?)
>
> No.
>
> > Here is the output from the test email:
> > [ No trace of authinfo lookups ]
>
> > It looks to me like it's not even looking for an AuthInfo entry ...
> > any ideas as to why? Thanks again for your help!
>
> --
> Open-Sendmail:http://open-sendmail.sourceforge.net/
> The computing field is always in need of new cliches.
>
> - Show quoted text -
Changing the auth option makes no difference, it still does not look
in access for any AuthInfo entry :-(
Paul Galbraith
>
> - Show quoted text -
Grrrrr.. I just remembered (which I've known for years!!!) that
OpenBSD doesn't have SMTP AUTH compiled in by default, and I'd
recently upgraded and did not recompile sendmail to include it. Now
that I've recompiled sendmail, it's working just fine!