Re: Sendmail [was OpenSSL]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mi, den 14.07.2004 schrieb James Kosin um 22:17:

> | http://sial.org/howto/sendmail/tls-relay/

> Thanks, that is now taken care of......
> It was a great source of information about certificates and such.

Good that it helped. Yes, it is a nicely written documentation.

> Now I have a new error...
> I've included the logfile results here...
> I did add a user using saslpasswd, if that is what may have been needed;
> but, still the same results..
> Any Ideas on this one?

I have a question: Do you want to authenticate against a sasldb? That
file is created as /etc/sasldb by running saslpasswd and should have
chmod 600 and chown root:root. It is your decision whether you want to
use system users or a decent database with auth data and mail users
independent from the system. By default Sendmail on Fedora is configured
to AUTH against the /etc/shadow by using the saslauthd.

If you really want to use a sasl database I would recommend to use SASL
version 2 instead of 1 and that means using saslpasswd2 which manages an
/etc/sasldb2 database file. You will too have to set the content of
/usr/lib/sasl2/Sendmail.conf to pwcheck_method:sasldb2. In case you
simply want to use system users leave the Sendmail.conf file as it is
and take care the saslauthd is running (service saslauthd start;
chkconfig saslauthd on).

> Thanks,
> James

> (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in
> database

> authentication failed
> Jul 14 15:25:31 beta sendmail[25566]: i6EJPDgV025566: AUTH failure
> (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available:
> checkpass failed

2 different errors, maybe you switched your setup between them. See my
above explanations and adjust your setup. I am sure SMTP AUTH is working
then immediately. I cannot see a STARTTLS (certificate) error. The
pasted log shows nicely well working TLS:

relay=james.support.intcomgrp.com [192.168.10.158], version=TLSv1/SSLv3,
verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256

Just as a warning: change your username and password immediately. You
posted AUTH data through this list! though it seems to be unreadable
data it is not. It is only base64 "encoded". I think it is enough if I
tell you that you in one case you used "jkosinjk7619" ;) (Don't want to
make it all too easy). While that indicates that the whole session was
not TLS secured.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) Athlon CPU kernel 2.6.6-1.435.2.3.uml
Serendipity 23:54:46 up 1 day, 21:37, load average: 1.12, 1.10, 1.23 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux