problem sendmail as a client with AUTH (urgent!)

[Mike Scott]

Hi, I've hit a bad hiccup in changing ISP. BT uses Yahoo as mail
provider, and yahoo require authorization before an email can be sent.
Which is new to me, although I've had sendmail running for some years.

Following info from the web, I've changed my sendmail config to include:

define(`SMART_HOST',`mail.btinternet.com')dnl
FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl

while the authinfo source file looks like

AuthInfo:mail.btinternet.com "U:root" "I:my-username" "P:my-password"

(I know the username and password are correct as I can use them from eg
claws to connect and send mail directly. I don't understand sendmail's
distinction in the ops guide:
U user (authorization) id
I authentication id)

Unfortunately, sendmail doesn't seem to try to send any authorization.
The smtp transaction is just

220 smtp816.mail.ird.yahoo.com ESMTP
EHLO scottsonline.org.uk
250-smtp816.mail.ird.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250-SIZE 41697280
250 8BITMIME
MAIL From:<m...@my.domain> SIZE=399
530 authentication required - Your email could not be sent. To fix this
you must make a simple change to your email (known as SMTP
authentication). For advice visit www.btyahoo.com/smtp
QUIT
221 Service Closing transmission


I notice the server greets with the "wrong" name, but even adding that
to the authinfo file doesn't help. I'd hope sendmail would look up the
'smarthost' name in the database?


I assume I'm doing something wrong, but can't spot it. Any ideas please?
I can't get my home network running properly till this is fixed !!


(sendmail 8.14.4 on freebsd 8.2 btw)


--
Mike Scott (unet2 <at> [deletethis] scottsonline.org.uk)
Harlow Essex England

[Andrzej Adam Filip]

As root send test email in verbose mode and map lookups tracking:

( echo Subject: test; echo) | /usr/sbin/sendmail -Am -i -v -d60.5 -- j...@example.net

Search for authinfo lookups:
Are they missing?
Are they conducted with different name? [mail.btinternet.com is a CNAME]

--
Andrzej A. Filip

[Mike Scott]

On 02/05/13 15:52, Andrzej Adam Filip wrote:
....

>
> As root send test email in verbose mode and map lookups tracking:
>
> ( echo Subject: test; echo) | /usr/sbin/sendmail -Am -i -v -d60.5 -- j...@example.net
>
> Search for authinfo lookups:
> Are they missing?
> Are they conducted with different name? [mail.btinternet.com is a CNAME]
>

Thanks for that. There aren't any such lookups. I see the greeting from
yahoo, then a lot of lookups on the 'access' map looking for 'TLS_Srv'
prefixing various names and addresses (all failing) then the smtp stuff.
Relevant?

I do notice the relay name in the yahoo greeting keeps changing. Exactly
what does sendmail expect to look up in the authinfo map?

[Mike Scott]

On 02/05/13 16:07, Mike Scott wrote:
> On 02/05/13 15:52, Andrzej Adam Filip wrote:
> ....
>>
>> As root send test email in verbose mode and map lookups tracking:
>>
>> ( echo Subject: test; echo) | /usr/sbin/sendmail -Am -i -v -d60.5 --
>> j...@example.net
>>
>> Search for authinfo lookups:
>> Are they missing?
>> Are they conducted with different name? [mail.btinternet.com is a CNAME]
>>
>
> Thanks for that. There aren't any such lookups.

I get the nasty feeling I need to rebuild sendmail for this to work -
but I'm still not clear whether sasl is needed for client auth. Rebuild
is not quite trivial on this oldish freebsd system.

Can anyone confirm this please? And have idiots-guide instructions for
freebsd if so (the handbook makes a lot of assumptions)

Thanks.

[Joe Zeff]

On Thu, 02 May 2013 15:42:20 +0100, Mike Scott wrote:

> Following info from the web, I've changed my sendmail config to include:
>
> define(`SMART_HOST',`mail.btinternet.com')dnl FEATURE(`authinfo', `hash
> /etc/mail/authinfo')dnl

I started following this group several years ago to learn how to do just
that. (I'm a home user, and the service I was using for dynamic DNS at
the time used email.) Later, a friend of mine needed to do it so I wrote
up what I'd learned here: http://www.zeff.us/SMTPAuth.txt It's possible
that there's a step, somewhere, that you missed.

--
Joe Zeff -- The Guy With The Sideburns:
http://www.zeff.us http://www.lasfs.info
Dark matter is made from phlogiston.

[Clemens Zauner]

Mike Scott <usen...@scottsonline.org.uk.invalid> wrote:
> I get the nasty feeling I need to rebuild sendmail for this to work -
> but I'm still not clear whether sasl is needed for client auth. Rebuild
> is not quite trivial on this oldish freebsd system.

As long as the ports-tree is uptodate, a 'portinstall sendmail-sasl'
should work. It also installs all the sasl-stuff btw.

> Can anyone confirm this please? And have idiots-guide instructions for
> freebsd if so (the handbook makes a lot of assumptions)

Im pretty confident you need sasl-support for this, yes. I did such
an setup years ago for a client. In I tripped over the missing SASL
support in FreeBSDs base sendmail.
Rebuilding the base-sendmail is a not so brilliant idea, as it starts
mixing /usr/local/ stuff in the base system. And fails somehow
miserably when you start using jails (and missing the sasl-stuff
within the jail).

cu
Clemens.

[Mike Scott]

Thanks to all for the advice.

Yes, sasl support does fix the problem. But fbsd has a gotcha - the
sendmail-sasl port won't build straight off. For whatever reason, it
doesn't have -I/usr/local/include given to the compiler, which is where
the sasl port puts its stuff. I took the quick, easy and dirty option
and dropped a symlink into /usr/include. At which point it builds and
installs a new sendmail. A quick change of mailer.conf, restart sendmail
and all is hunky dory.


But on a rather OT note - BT/yahoo require that each and every 'from'
email address be made known to their system (supposedly to prevent spam
from a zombie; takes all of 2 shakes to see a workaround for a
spammer!). That well and truly clobbers the email lists I have been
expanding for a couple of local organizations. Oh well; a topic for
another day I guess :-{


Thanks again.