Cannot get SMTP authorization to work

66 views
Skip to first unread message

Deiter

unread,
Nov 3, 2008, 9:14:43 AM11/3/08
to
Hi -

I'm having a heck of a time getting SMTP authorization to work. I've
included the following below:

CentOS 5
Sendmail 8.13.8
=== bounced mail ===
=== maillog ===
=== hosts ===
=== access ===
=== authinfo ===
=== sendmail.mc ===

The "bounced mail" file shows the authentication problem, although
there's also a troubling "DSN: Service unavailable" message that
appears in "maillog". I'm not sure whether the two are related or if
the latter is really a problem at all.

Any help would be welcome. Thanks in advance!

Cheers,
Howard

CentOS 5
Sendmail 8.13.8

=== bounced mail ===
=================
From MAILER...@rapperyo.com Sun Nov 2 11:53:57 2008
Return-Path: <MAILER...@rapperyo.com>
Received: from localhost (localhost)
by rapperyo.com (8.13.8/8.13.8) id mA2Gru4B002917;
Sun, 2 Nov 2008 11:53:56 -0500
Date: Sun, 2 Nov 2008 11:53:56 -0500
From: Mail Delivery Subsystem <MAILER...@rapperyo.com>
Message-Id: <200811021653....@rapperyo.com>
To: <ro...@rapperyo.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="mA2Gru4B002917.1225644836/rapperyo.com"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--mA2Gru4B002917.1225644836/rapperyo.com

The original message was received at Sun, 2 Nov 2008 11:53:56 -0500
from rapperyo.com [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<how...@gesturetek.com>
(reason: 530 authentication required - for help go to
http://help.yahoo.com/help/us/mail/pop/pop-11.html)

----- Transcript of session follows -----
... while talking to smtp-rog.mail.yahoo.com.:
>>> MAIL From:<ro...@rapperyo.com>
<<< 530 authentication required - for help go to
http://help.yahoo.com/help/us/mail/pop/pop-11.html
554 5.0.0 Service unavailable

--mA2Gru4B002917.1225644836/rapperyo.com
Content-Type: message/delivery-status

Reporting-MTA: dns; rapperyo.com
Received-From-MTA: DNS; rapperyo.com
Arrival-Date: Sun, 2 Nov 2008 11:53:56 -0500

Final-Recipient: RFC822; how...@gesturetek.com
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 530 authentication required - for help go to
http://help.yahoo.com/help/us/mail/pop/pop-11.html
Last-Attempt-Date: Sun, 2 Nov 2008 11:53:56 -0500

--mA2Gru4B002917.1225644836/rapperyo.com
Content-Type: message/rfc822

Return-Path: <ro...@rapperyo.com>
Received: from rapperyo.com (rapperyo.com [127.0.0.1])
by rapperyo.com (8.13.8/8.13.8) with ESMTP id mA2Gru4B002915
for <how...@gesturetek.com>; Sun, 2 Nov 2008 11:53:56 -0500
Received: (from root@localhost)
by rapperyo.com (8.13.8/8.13.8/Submit) id mA2GrtoD002914;
Sun, 2 Nov 2008 11:53:55 -0500
Date: Sun, 2 Nov 2008 11:53:55 -0500
From: root <ro...@rapperyo.com>
Message-Id: <200811021653....@rapperyo.com>
To: how...@gesturetek.com
Subject: I'm sending mail from the Terminal!


--mA2Gru4B002917.1225644836/rapperyo.com--

=== maillog ===
============
Nov 2 11:49:35 pbx sendmail[2421]: alias database /etc/aliases
rebuilt by root
Nov 2 11:49:35 pbx sendmail[2421]: /etc/aliases: 76 aliases, longest
10 bytes, 765 bytes total
Nov 2 11:49:35 pbx sendmail[2426]: starting daemon (8.13.8): SMTP
+queueing@01:00:00
Nov 2 11:49:35 pbx sm-msp-queue[2434]: starting daemon (8.13.8):
queueing@01:00:00
Nov 2 11:53:56 pbx sendmail[2914]: mA2GrtoD002914: from=root,
size=71, class=0, nrcpts=1,
msgid=<200811021653....@rapperyo.com>, relay=root@localhost
Nov 2 11:53:56 pbx sendmail[2915]: mA2Gru4B002915:
from=<ro...@rapperyo.com>, size=318, class=0, nrcpts=1,
msgid=<200811021653....@rapperyo.com>, proto=ESMTP,
daemon=MTA, relay=rapperyo.com [127.0.0.1]
Nov 2 11:53:56 pbx sendmail[2914]: mA2GrtoD002914:
to=how...@gesturetek.com, ctladdr=root (0/0), delay=00:00:01,
xdelay=00:00:00, mailer=relay, pri=30071, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (mA2Gru4B002915 Message accepted for
delivery)
Nov 2 11:53:56 pbx sendmail[2917]: mA2Gru4B002915:
to=<how...@gesturetek.com>, ctladdr=<ro...@rapperyo.com> (0/0),
delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=120318, relay=smtp-
rog.mail.yahoo.com. [206.190.36.18], dsn=5.0.0, stat=Service
unavailable
Nov 2 11:53:56 pbx sendmail[2917]: mA2Gru4B002915: mA2Gru4B002917:
DSN: Service unavailable
Nov 2 11:53:57 pbx sendmail[2917]: mA2Gru4B002917:
to=<ro...@rapperyo.com>, delay=00:00:01, xdelay=00:00:01, mailer=local,
pri=31546, dsn=2.0.0, stat=Sent


=== hosts ===
===========
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 rapperyo.com pbx.local pbx localhost.localdomain localhost
192.168.2.160 www.rapperyo.com
::1 localhost6.localdomain6 localhost6

=== access ===
============
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.2.160 RELAY

=== authinfo ===
=============
AuthInfo:smtp.broadband.rogers.com "U:root" "I:<me>@rogers.com" "P:<my
password>" "M:LOGIN PLAIN"

=== sendmail.mc ===
================
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make
changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf
package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail
needs to
dnl # be sent out through an external mail server:
dnl #
define(`SMART_HOST', `[smtp.broadband.rogers.com]')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and
disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used
by
dnl # Mozilla Mail and Evolution, though Outlook Express and other
MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is
not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail
TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with
OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork
to accept
dnl # incoming messages or process its message queues to 20.) sendmail
refuses
dnl # to accept connections once it has reached its quota of child
processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the
overhead
dnl # incurred due to forking new sendmail processes. May be useful
against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP
address
dnl # limit would be useful but is not available as an option at this
writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his
quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery
uncomment
dnl # the following 2 definitions and activate below in the MAILER
section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4
loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the
loopback
dnl # address restriction to accept email from the internet or
intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587
for
dnl # mail from MUAs that authenticate. Roaming users who can't reach
their
dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port
465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587
followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook
Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use
STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses
smtps
dnl # when SSL is enabled-- STARTTLS support is available in version
1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6
loopback
dnl # device. Remove the loopback address restriction listen to the
network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6,
Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you
want to
dnl # protect yourself from spam. However, the laptop and users on
computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local
email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any
additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(rapperyo.com)dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com
as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnla

Tilman Schmidt

unread,
Nov 6, 2008, 11:03:41 AM11/6/08
to
Am 03.11.2008 15:14 schrieb Deiter:
> The "bounced mail" file shows the authentication problem, although
> there's also a troubling "DSN: Service unavailable" message that
> appears in "maillog". I'm not sure whether the two are related or if

They are the same thing.

> ----- Transcript of session follows -----
> ... while talking to smtp-rog.mail.yahoo.com.:
>>>> MAIL From:<ro...@rapperyo.com>
> <<< 530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html
> 554 5.0.0 Service unavailable

> Nov 2 11:53:56 pbx sendmail[2917]: mA2Gru4B002915: to=<how...@gesturetek.com>, ctladdr=<ro...@rapperyo.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=120318, relay=smtp-rog.mail.yahoo.com. [206.190.36.18], dsn=5.0.0, stat=Service unavailable

The delivery attempt went to the server smtp-rog.mail.yahoo.com.

> === authinfo ===
> =============
> AuthInfo:smtp.broadband.rogers.com "U:root" "I:<me>@rogers.com" "P:<mypassword>" "M:LOGIN PLAIN"

But your authinfo entry is for the server smtp.broadband.rogers.com.
So it's quite natural Sendmail didn't apply it to the delivery
attempt above. :-)

Either you want to send this through the Yahoo server, then you should
add an appropriate authinfo entry for that server, or you want to send
through the rogers.com server, then you have to correct your Sendmail
configuration, in particular the SMART_HOST definition. Unfortunately
your sendmail.mc got badly line-wrapped, so I cannot tell for sure
where the problem lies.

HTH
T.

--
Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Deiter

unread,
Nov 8, 2008, 12:59:40 PM11/8/08
to
On Nov 6, 11:03 am, Tilman Schmidt <ts-usenet0...@pxnet.com> wrote:
> Am 03.11.2008 15:14 schrieb Deiter:
>
> > The "bounced mail" file shows the authentication problem, although
> > there's also a troubling "DSN: Service unavailable" message that
> > appears in "maillog".  I'm not sure whether the two are related or if
>
> They are the same thing.
>
> >    ----- Transcript of session follows -----
> > ... while talking to smtp-rog.mail.yahoo.com.:
> >>>> MAIL From:<r...@rapperyo.com>
> > <<< 530 authentication required - for help go tohttp://help.yahoo.com/help/us/mail/pop/pop-11.html
> > 554 5.0.0 Service unavailable
> > Nov  2 11:53:56 pbx sendmail[2917]: mA2Gru4B002915: to=<how...@gesturetek.com>, ctladdr=<r...@rapperyo.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=120318, relay=smtp-rog.mail.yahoo.com. [206.190.36.18], dsn=5.0.0, stat=Service unavailable

>
> The delivery attempt went to the server smtp-rog.mail.yahoo.com.
>
> > === authinfo ===
> > =============
> > AuthInfo:smtp.broadband.rogers.com "U:root" "I:<me>@rogers.com" "P:<mypassword>" "M:LOGIN PLAIN"
>
> But your authinfo entry is for the server smtp.broadband.rogers.com.
> So it's quite natural Sendmail didn't apply it to the delivery
> attempt above. :-)
>
> Either you want to send this through the Yahoo server, then you should
> add an appropriate authinfo entry for that server, or you want to send
> through the rogers.com server, then you have to correct your Sendmail
> configuration, in particular the SMART_HOST definition. Unfortunately
> your sendmail.mc got badly line-wrapped, so I cannot tell for sure
> where the problem lies.
>
> HTH
> T.
>
> --
> Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

Tilman -

Yes that's it! Thanks so much for checking my post.

I wondered about that myself & I'm pretty sure I tried it at one
point, but I likely had something else wrong at the time. I convinced
myself it didn't matter because a "dig" on smtp.broadband.rogers.com
shows that it resolves to smtp-rog.mail.yahoo.com (Rogers uses Yahoo's
infrastructure). Seems pretty obvious now that if sendmail does a
look up for smtp-rog.mail.yahoo.com in authinfo, it won't find
anything!

Thanks again for checking. I shudder when I think about how long I
spent on this!

Cheers,
Howard

Reply all
Reply to author
Forward
0 new messages