Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

sendmail 8.12.1 SMTP AUTH

33 views
Skip to first unread message

Thomas Koller

unread,
Oct 21, 2001, 9:47:22 AM10/21/01
to
hi,

first of all sorry for my bad english. i want to use sendmail in my lan to
deal my mailtransfer with smarthost. the smarthost use smtp auth. so i read
http://www.sendmail.org/~ca/email/auth.html but i didn't get the info i
need. so i hope i get help here.

i had problems to understand how this works with /etc/mail/default-auth-info
when i want to use more than one user for one domain.

is it possible to make a /etc/mail/default-auth-info like the following?

#begin /etc/mail/default-auth-info
user1
user1
passworduser1
my-mail.ch

user2
user2
passworduser2
my-mail.ch
#end /etc/mail/default-auth-info

or iss it only possible to use one user for each domain handled by a
smarthost?

i found on http://www.sendmail.org/~ca/email/auth.html the following syntax
for the /etc/mail/default-auth-info

admin
admin
MySecretPassword
example.domain


i'm i right, wenn i say the first admin here represents the localusername,
the second admin represents the userid on the smarthost, the
mysecretpasswort represents the passwort on the smarthost and example.domain
represents the smart host?

maybe someone can help me

thanks
thomas


Neil W Rickert

unread,
Oct 21, 2001, 10:12:19 AM10/21/01
to
"Thomas Koller" <k...@aon.at> writes:

>first of all sorry for my bad english. i want to use sendmail in my lan to
>deal my mailtransfer with smarthost. the smarthost use smtp auth. so i read
>http://www.sendmail.org/~ca/email/auth.html but i didn't get the info i
>need. so i hope i get help here.

>i had problems to understand how this works with /etc/mail/default-auth-info
>when i want to use more than one user for one domain.

You are not authenticating individual users. If your users are
required to authenticate, have them connect their client software
directly to the smarthost.

The idea is that you are authenticating your machine. If your
machine is authenticated to the smarthost, then the smarthost should
accept any mail from your machine.

This is intended to be part of a transitive trust relation. Your
system trusts your users, perhaps because they logged in with
passwords. The smarthost trusts your machine because of the use of
AUTH. Therefore the smarthost accept mail from users on your
machine.

Claus Aßmann

unread,
Oct 21, 2001, 10:05:59 AM10/21/01
to
Thomas Koller wrote:

> i had problems to understand how this works with /etc/mail/default-auth-info
> when i want to use more than one user for one domain.

You can't do that with the file. See cf/README how to do it based
on the server machine, here's an excerpt:
....
If sendmail acts as client, it needs some information how to
authenticate against another MTA. This information can be provided
by the ruleset authinfo or by the option AuthMechanisms. The
authinfo ruleset looks up {server_name} using the tag AuthInfo: in
the access map. If no entry is found, {server_addr} is looked up
in the same way and finally just the tag AuthInfo: to provide
default values.
...
AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
AuthInfo:more.dom "U:user" "P=c2VjcmV0"

--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/ Before you ask.

Thomas Koller

unread,
Oct 21, 2001, 11:25:06 AM10/21/01
to

"Claus Aßmann" <ca+sendmail(-no-copies-please)@mine.informatik.uni-kiel.de>
schrieb im Newsbeitrag news:9quko7$ved$1...@zardoc.esmtp.org...

> You can't do that with the file. See cf/README how to do it based
> on the server machine, here's an excerpt:
> ....
> If sendmail acts as client, it needs some information how to
> authenticate against another MTA. This information can be provided
> by the ruleset authinfo or by the option AuthMechanisms. The
> authinfo ruleset looks up {server_name} using the tag AuthInfo: in
> the access map. If no entry is found, {server_addr} is looked up
> in the same way and finally just the tag AuthInfo: to provide
> default values.
> ...
> AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom"
"M:DIGEST-MD5"
> AuthInfo:more.dom "U:user" "P=c2VjcmV0"
>

hm okay so i had to but the following lines into my *.mc file, if i want to
use smtp client auth.

add this to submit.mc


define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')

and in /etc/mail/msp-authinfo
AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"

and in sendmail.mc

FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/authinfo')
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5')

and in /etc/mail/authinfo
AuthInfo:my-mail.ch "U:myuserid" "P:mypassword" "M:DIGEST-MD5"

is it possible to leave the settings away in the submit.mc for the msp oder
must i declare this in an other file?

btw. who to i define serversite smtp authentification?

thanks
thomas

Thomas Koller

unread,
Oct 21, 2001, 11:30:54 AM10/21/01
to

"Neil W Rickert" <ricke...@cs.niu.edu> schrieb im Newsbeitrag
news:9qul43$2mj$1...@husk.cso.niu.edu...


> You are not authenticating individual users. If your users are
> required to authenticate, have them connect their client software
> directly to the smarthost.
>
> The idea is that you are authenticating your machine. If your
> machine is authenticated to the smarthost, then the smarthost should
> accept any mail from your machine.

hm but the problem is, when i use for example gmx with smtp auth in a mail
client, the userid an password is fixed with a mailadress and i got an error
if i try to mail with a different mailadress. so if i send my mails over my
MTA to the smarthost will this work if a use a fix userid and password to
authenticate my machine but with different mailadresses?

Neil W Rickert

unread,
Oct 21, 2001, 11:55:15 AM10/21/01
to
"Thomas Koller" <k...@aon.at> writes:
>"Neil W Rickert" <ricke...@cs.niu.edu> schrieb im Newsbeitrag
>news:9qul43$2mj$1...@husk.cso.niu.edu...

>> You are not authenticating individual users. If your users are
>> required to authenticate, have them connect their client software
>> directly to the smarthost.

>> The idea is that you are authenticating your machine. If your
>> machine is authenticated to the smarthost, then the smarthost should
>> accept any mail from your machine.

>hm but the problem is, when i use for example gmx with smtp auth in a mail
>client, the userid an password is fixed with a mailadress and i got an error
>if i try to mail with a different mailadress.

Find a competent ISP.

PC client software can send MDNs (message disposition
notifications). How does your ISP handle mail with an envelope
sender address of "<>", as required by RFC2298? (Rhetorical question --
answer not expected).

Claus Aßmann

unread,
Oct 28, 2001, 9:24:08 PM10/28/01
to
Thomas Koller wrote:

> hm okay so i had to but the following lines into my *.mc file, if i want to
> use smtp client auth.

> add this to submit.mc

> define(`confDONT_BLAME_SENDMAIL', `GroupReadableKeyFile')
> FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/msp-authinfo')

> and in /etc/mail/msp-authinfo
> AuthInfo:127.0.0.1 "U:smmsp" "P:secret" "M:DIGEST-MD5"

Are you sure you want to use this?

That would be used by the MSP to authenticate against the MTA.
Since those usually run on the same machine that isn't really
necessary...

> and in sendmail.mc

> FEATURE(`authinfo', `DATABASE_MAP_TYPE /etc/mail/authinfo')
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5')

> and in /etc/mail/authinfo
> AuthInfo:my-mail.ch "U:myuserid" "P:mypassword" "M:DIGEST-MD5"

> is it possible to leave the settings away in the submit.mc for the msp oder
> must i declare this in an other file?

Sorry, I don't understand that question.

> btw. who to i define serversite smtp authentification?

http://www.sendmail.org/~ca/email/auth.html

You have to tell Cyrus-SASL which passwd method to use.

0 new messages