SMTP AUTH
Martin Foster
SMTP AUTH. Using the SASL database, I can authenticate and relay
through the server without a problem. However, I am more interested in
making use of the existing accounts on the system itself.
What steps are required to make this happen? Looking at some
documentation from Sendmail it would seem that I simply need to edit the
Sendmail.conf file and change the authentication method. However,
when I attempt samples from the SASL 1.x series this does not work.
Can anyone point me in the right direction?
Martin Foster
Creator/Designer Ethereal Realms
mar...@ethereal-realms.org
Zoong Pham
> I installed Cyrus SASL 2 and re-compiled Sendmail to support MILTER and
> SMTP AUTH. Using the SASL database, I can authenticate and relay
> through the server without a problem. However, I am more interested in
> making use of the existing accounts on the system itself.
I am also interested in this.
Can you post the solution here?
TIA,
Zoong
Caspar Clemens Mierau
their shell password?
ccm.
miles
you may try something like that:
# echo pwcheck_method: saslauthd > /usr/local/lib/sasl2/Sendmail.conf
# /usr/local/sbin/saslauthd -a getpwent
hope that helps
greets
m.
Claus Aßmann
> What steps are required to make this happen? Looking at some
> documentation from Sendmail it would seem that I simply need to edit the
> Sendmail.conf file and change the authentication method. However,
> when I attempt samples from the SASL 1.x series this does not work.
See:
http://www.sendmail.org/~ca/email/auth.html
If "it doesn't work", then follow the debug steps and post the
relevant data for the first problem you encounter (unless you
can solve it yourself based on the instructions).
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
William Ahern
> I hope, your idea is not, to allow system user to auth against smtp with
> their shell password?
No prob as long as you require STARTTLS beforehand. Is it possible
to prevent the AUTH SMTP extension from being advertised unless STARTTLS
has already been started?
Martin Foster
Actually it is, but using STARTTLS to encrypt the connection as it takes
place. That server already makes use of proper SSL certificates for
the webmail/mailman extension so may as well allow users (primarily
myself) to relay through their own server.
Martin Foster
rather sparse when it comes to the differences between version 1.x and
2.x of SASL.
Now if only I could get STARTTLS working again. It works from Pine
and debugging from OpenSSL, however the Mozilla 1.7 mail client stopped
working on an XP platform after Norton Internet Security kicked in and
warned me about attempting to send out encrypted Email...
Martin Foster
Creator/Designer Ethereal Realms
mar...@ethereal-realms.org
Claus Aßmann
See doc/op/op.* in the sendmail source.
AuthOptions
[no short name] List of options for SMTP
AUTH consisting of single characters with
intervening white space or commas.
...
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y don't permit mechanisms that allow anonymous login.
The first option applies to sendmail as a
client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism
and would allow PLAIN and LOGIN only if a
security layer (e.g., provided by STARTTLS)
is already active. The options 'a', 'c',
'd', 'f', 'p', and 'y' refer to properties
of the selected SASL mechanisms. Explana-
tions of these properties can be found in
the Cyrus SASL documentation.