in my sendmail.mc if have:
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
I do a m4 sendmail.mc > sendmail.cf
telnet to the localhost 25 and do an EHLO:
250-www1.mydomain.com Hello [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
Then I try the following:
AUTH LOGIN
504 5.3.3 AUTH mechanism LOGIN not available
This might help too:
[root@www1 mail]# sendmail -d0.1 -bv
Version 8.12.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS
TCPWRAPPERS
USERDB USE_LDAP_INIT
Any ideas on what I am missing??
Thanks,
Ross
> Ross
Did you install the cyrus-sasl RPMs? Do you have the sendmail-cf RPM
installed so that the sendmail.cf file is really freshly created? Did you
service sendmail restart? Increase the log level with
define(`confLOG_LEVEL', `15')dnl in sendmail.mc and check the
/var/log/maillog when starting Sendmail and when connecting the daemon.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
> sendmail 8.12.8
Upgrade to 8.12.11, versions older than 8.12.10 have security
problems: http://www.sendmail.org/
> define(`confAUTH_OPTIONS', `A')dnl
> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> AUTH LOGIN
> 504 5.3.3 AUTH mechanism LOGIN not available
Increase logging and try again, see:
http://www.sendmail.org/~ca/email/auth.html
Then check the logfile, it should tell you what's missing.
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
As long as he installed the bug fixing packages for Sendmail for Redhat 9
his Sendmail is patched against the vulnerabilities discovered last year.
AFAIK the default for the cyrus SASL libraries is to not support LOGIN.
You may have to install a different RPM or build from source.
--
Rob MacGregor (BOFH) Oh my God! They killed init! You bastards!
What are they? Zombies.
Are they dead? No, they're undead.
So they're like you? No, zombies are slow, dim-witted,
evil undead beings.
So, they're like you?
OK, I was trying a total rebuild so I could make sure SASL was
configure correctly but not I cannot compile sendmail.
I did the SASL configure like this:
./configure --prefix=/usr --enable-login
my site.config.m4:
APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL -DSTARTTLS')dnl
APPENDDEF(`conf_sendmail_LIBS', `-lsasl -lssl')dnl
APPENDDEF(`confLIBDIRS', `-L/usr/lib/sasl2')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')
APPENDDEF(`confINCDIRS', `-I/usr/include')
APPENDDEF(`confINCDIRS', `-I/usr/kerberos/include')
APPENDDEF(`confLIBDIRS', `-L/usr/kerberos/lib')
and when I do a sh Build -c I get:
cc -o sendmail -L/usr/lib/sasl2 -L/usr/kerberos/lib main.o alias.o
arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o
deliver.o domain.o envelope.o err.o headers.o macro.o map.o mci.o
milter.o mime.o parseaddr.o queue.o readcf.o recipient.o sasl.o
savemail.o sfsasl.o shmticklib.o sm_resolve.o srvrsmtp.o stab.o
stats.o sysexits.o timers.o tls.o trace.o udb.o usersmtp.o util.o
version.o -lsasl -lssl
/home/ross/sendmail-8.12.10/obj.Linux.2.4.20-8smp.i686/libsmutil/libsmutil.a
/home/ross/sendmail-8.12.10/obj.Linux.2.4.20-8smp.i686/libsm/libsm.a
-ldb -lresolv -lcrypt -lnsl -ldl
srvrsmtp.o(.text+0xe77): In function `smtp':
: undefined reference to `sasl_errdetail'
srvrsmtp.o(.text+0x4995): In function `smtp':
: undefined reference to `sasl_errdetail'
collect2: ld returned 1 exit status
make: *** [sendmail] Error 1
Does this have to be this hard??
Ross
> OK, I was trying a total rebuild so I could make sure SASL was
> configure correctly but not I cannot compile sendmail.
> I did the SASL configure like this:
>
> ./configure --prefix=/usr --enable-login
> /home/ross/sendmail-8.12.10/obj.Linux.2.4.20-8smp.i686/libsmutil/libsmutil.a
> /home/ross/sendmail-8.12.10/obj.Linux.2.4.20-8smp.i686/libsm/libsm.a
> Does this have to be this hard??
>
> Ross
You do neither have to recompile Sendmail nor SASL. Install the packages
that Redhat offers for your release 9! And be sure you installed ALL
update packages! At least your kernel source is very old and if you run
the same kernel release as your source it is highly vulnerable.
Do as I told you and install the cyrus-sasl RPMs.
Try `-lsasl2' instead (assuming you're using v2 of the SASL libraries).
same error <sigh>:
srvrsmtp.o(.text+0xe77): In function `smtp':
: undefined reference to `sasl_errdetail'
srvrsmtp.o(.text+0x4995): In function `smtp':
: undefined reference to `sasl_errdetail'
collect2: ld returned 1 exit status
make: *** [sendmail] Error 1
Ross
> > Try `-lsasl2' instead (assuming you're using v2 of the SASL libraries).
> same error <sigh>:
> srvrsmtp.o(.text+0xe77): In function `smtp':
> : undefined reference to `sasl_errdetail'
You did use
sh ./Build -c
or removed your obj.* directory before you recompiled, right?
I got sendmail to compile! Yeah!
Now when I EHLO I get:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
However my sendmail.mc has:
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
Correct me if I am wrong but for clients using Outlook or Outlook
Express I need LOGIN running?
Ross
Correct, in this case it nearly certainly means you either:
a) Don't have a version of SASLv2 that has LOGIN or PLAIN enabled.
b) You're not using an authentication method that supports LOGIN or PLAIN
I got my SASL from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
Which I believe is the full version...
for b) I not sure what that means... what do I look for to see if my
box supports LOGIN or PLAIN? I thought that was part of SASL and if I
compiled with the --enable-login I would be fine...
Almost there... thanks for the help thus far...
Ross
But the default ./configure doesn't enable LOGIN, and may not even
enable PLAIN - check the output of "./configure --help".
> for b) I not sure what that means... what do I look for to see if my
> box supports LOGIN or PLAIN? I thought that was part of SASL and if I
> compiled with the --enable-login I would be fine...
A skim through the Cyrus list suggests that some authentication backends
may not support LOGIN or PLAIN. I've personally used the shadow method
(ie the password file) with LOGIN before without problems. However with
v2 I think that requires that you use saslauthd as the entry in
/usr/lib/sasl2/Sendmail.conf and configure saslauthd accordingly. I am
currently using the following /usr/lib/sasl2/Sendmail.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/sasldb2
The sasldb file was created with saslpasswd2. It does support LOGIN and
PLAIN (at least so it claims).
I will say that I've had problems with V2 of sasl with Sendmail. It
requires me to explicitly specify the domain (defaults to the hostname
of the server - seen via sasldblistusers2). It's only Sendmail this
happens with, and I don't know why. Attempts to debug this have run out
of time (and inclination) before I've identified what's going on. It
nearly certainly isn't actually a problem with Sendmail or the client,
so it may be some wierd problem with v2 of SASL itself.
Man, it took forever but I finally got it working. This HowTo was the key:
http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls/index.php
If was using the versions I was and, I think, included some missing steps.
Thanks Rob, you help me look for the right things to fix.
Ross