Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problem with SMTP AUTH

0 views
Skip to first unread message

Melanie Bieber

unread,
Jun 11, 2004, 1:31:52 PM6/11/04
to
Hello,

I`ve a problem with the SMTP_AUTH.

I added the following to my sendmail.cf:
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl

and ehlo localhost shows me:
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP

So, I read a lot and I think AUTH is given in several variations, but I
still can write mails from an other workstation through sendmail without an
smtp login or something similar.

What`s wrong??? Pls help!

Thx
Melanie


Alexander Dalloz

unread,
Jun 11, 2004, 1:44:18 PM6/11/04
to
On Fri, 11 Jun 2004 19:31:52 +0200 Melanie Bieber wrote:

> I`ve a problem with the SMTP_AUTH.
>
> I added the following to my sendmail.cf:

Really the sendmail.cf? That would be wrong. That are macro calls and
belong into the sendmail.mc. From that file you will have to regenerate a
new sendmail.cf and finally restart the Sendmail daemon.

> TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_OPTIONS', `A p y')dnl

Proper instructions. Just be aware that you say, that LOGIN and PLAIN will
only be offered if a STARTTLS secured connection is established.



> and ehlo localhost shows me:
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP

That is after you started TLS?



> So, I read a lot and I think AUTH is given in several variations, but I
> still can write mails from an other workstation through sendmail without
> an smtp login or something similar.

Check you /etc/mail/access file. Maybe you have allowed relaying for your
LAN. With my comments from above in mind check that your Sendmail runs
with the changes you made.

> Melanie

Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653

Melanie Bieber

unread,
Jun 11, 2004, 2:16:05 PM6/11/04
to
Hi Alexander,

"Alexander Dalloz" <alexande...@uni-bielefeld.de> schrieb im
Newsbeitrag news:pan.2004.06.11....@uni-bielefeld.de...


> On Fri, 11 Jun 2004 19:31:52 +0200 Melanie Bieber wrote:
> > I added the following to my sendmail.cf:
>
> Really the sendmail.cf? That would be wrong. That are macro calls and
> belong into the sendmail.mc. From that file you will have to regenerate a
> new sendmail.cf and finally restart the Sendmail daemon.

Sorry, no certainly not. It`s in my *.mc and a new *.cf was generated. :-)

> > TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> > define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> > define(`confAUTH_OPTIONS', `A p y')dnl
>
> Proper instructions. Just be aware that you say, that LOGIN and PLAIN will
> only be offered if a STARTTLS secured connection is established.

Mhm, how can I do that?

> > and ehlo localhost shows me:
> > 250-ENHANCEDSTATUSCODES
> > 250-PIPELINING
> > 250-8BITMIME
> > 250-SIZE
> > 250-DSN
> > 250-ETRN
> > 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP
>
> That is after you started TLS?

No, I also don`t know how to start TLS. Sorry...

> Check you /etc/mail/access file. Maybe you have allowed relaying for your
> LAN. With my comments from above in mind check that your Sendmail runs
> with the changes you made.

Yes, I have a relaying for my lan. But I stoped it for testing and then I
couldn`t send anything. :-(

Could you give me some more help?

Melanie


Alexander Dalloz

unread,
Jun 11, 2004, 4:01:30 PM6/11/04
to
On Fri, 11 Jun 2004 20:16:05 +0200 Melanie Bieber wrote:


>> Really the sendmail.cf? That would be wrong. That are macro calls and
>> belong into the sendmail.mc. From that file you will have to regenerate a
>> new sendmail.cf and finally restart the Sendmail daemon.
>
> Sorry, no certainly not. It`s in my *.mc and a new *.cf was generated. :-)

Ok, good so far.



>> > TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>> > define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>> > define(`confAUTH_OPTIONS', `A p y')dnl
>>
>> Proper instructions. Just be aware that you say, that LOGIN and PLAIN will
>> only be offered if a STARTTLS secured connection is established.
>
> Mhm, how can I do that?

The for testing use define(`confAUTH_OPTIONS', `A y')dnl instead the line
you have.



>> > and ehlo localhost shows me:
>> > 250-ENHANCEDSTATUSCODES
>> > 250-PIPELINING
>> > 250-8BITMIME
>> > 250-SIZE
>> > 250-DSN
>> > 250-ETRN
>> > 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP
>>
>> That is after you started TLS?
>
> No, I also don`t know how to start TLS. Sorry...

We test without it.



>> Check you /etc/mail/access file. Maybe you have allowed relaying for
>> your LAN. With my comments from above in mind check that your Sendmail
>> runs with the changes you made.
>
> Yes, I have a relaying for my lan. But I stoped it for testing and then
> I couldn`t send anything. :-(

Good.



> Could you give me some more help?
>
> Melanie

perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'
where username is the name you use for auth and password your password,
keep the output

telnet localhost 25
EHLO whatever
AUTH PLAIN OUTPUT_OF_THE_MIMEENCODE_ABOVE

That should result in a successfull authentification. If not, then you
have something wrong in your setup. Check that Sendmail is build with
SASL(2) support

sendmail -bt -d0.9 < /dev/null | grep SASL

and check the setting in /usr/lib/sasl[2]/Sendmail.conf.

Claus has additional documentation about the authentification here

http://www.sendmail.org/~ca/email/authrealms.html

For you as German speaker see for general explanations

http://fiatlux.zeitform.info/technische_infos/e-mail_prot.html

Dennis

unread,
Jun 11, 2004, 4:41:06 PM6/11/04
to
Melanie,

1. Use define(`confAUTH_OPTIONS', `A')dnl
2. Check if you are using pam, saslauthd or something else.
Then setup accordingly what you are using.
3. Your email client needs to send AUTH authentication-type
EX: AUTH LOGIN.
4. You can use Ethereal to capture your network traffic
in order to see the information between server and client.

good luck,

Melanie Bieber

unread,
Jun 11, 2004, 4:49:24 PM6/11/04
to
Hi Alexander,

thanks a lot now it works. :-)

> > No, I also don`t know how to start TLS. Sorry...
>
> We test without it.

Should I use it?

> >> Check you /etc/mail/access file. Maybe you have allowed relaying for
> >> your LAN. With my comments from above in mind check that your Sendmail
> >> runs with the changes you made.
> >
> > Yes, I have a relaying for my lan. But I stoped it for testing and then
> > I couldn`t send anything. :-(
>
> Good.

Now, if I don`t authentificate myself then the email will not be relayed.
:-)

> perl -MMIME::Base64 -e 'print
encode_base64("username\0username\0password");'
> where username is the name you use for auth and password your password,
> keep the output

Oh, I didn`t remember. I tried it without encoding. ;-/ *upsss*

> telnet localhost 25
> EHLO whatever
> AUTH PLAIN OUTPUT_OF_THE_MIMEENCODE_ABOVE
>
> That should result in a successfull authentification. If not, then you
> have something wrong in your setup. Check that Sendmail is build with
> SASL(2) support
>
> sendmail -bt -d0.9 < /dev/null | grep SASL

That?s okay.

> and check the setting in /usr/lib/sasl[2]/Sendmail.conf.

I use "saslauthd". I don`t know why, but it works.

> Claus has additional documentation about the authentification here
>
> http://www.sendmail.org/~ca/email/authrealms.html
>
> For you as German speaker see for general explanations
>
> http://fiatlux.zeitform.info/technische_infos/e-mail_prot.html

Thanks a lot for the german. I`ve already found the english one, but... =:-)

Thanks a lot!!!

Greetz,
Melanie


Alexander Dalloz

unread,
Jun 11, 2004, 4:53:15 PM6/11/04
to
On Fri, 11 Jun 2004 22:49:24 +0200 Melanie Bieber wrote:

>> > No, I also don`t know how to start TLS. Sorry...
>>
>> We test without it.
>
> Should I use it?

You should use it as else your auth data will go through the net in plain
text format and someone sniffing can get it.

Melanie Bieber

unread,
Jun 11, 2004, 4:57:02 PM6/11/04
to

> >> > No, I also don`t know how to start TLS. Sorry...
> >>
> >> We test without it.
> >
> > Should I use it?
>
> You should use it as else your auth data will go through the net in plain
> text format and someone sniffing can get it.

Oh... Mhm... I thought it was already encrypted... Would you mind to explain
me how I can enable it? *pls*

Melanie


Alexander Dalloz

unread,
Jun 11, 2004, 5:20:08 PM6/11/04
to
On Fri, 11 Jun 2004 22:57:02 +0200 Melanie Bieber wrote:

> Oh... Mhm... I thought it was already encrypted... Would you mind to explain
> me how I can enable it? *pls*

It is encrpyted if the client uses an MD5 mech.

> Melanie

As you are german I recommend reading

http://rz-home.de/~wwilhelm/starttls.shtml

Wolfgang explains more as just a 3 step howto but things good to know to
understand the thing. Of course there is too Claus's paper

http://www.sendmail.org/~ca/email/starttls.html#STARTTLS

I don't know which platform you are running. On Redhat/Fedora for example
it is very easy to get STARTTLS running: create the needed certificate and
tell Sendmail where to find it by macros in the sendmail.mc.

0 new messages