-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In short, evertyhing is working now. I hope this has been helpful to others. I'm adding a few notes below. Please add comments or suggestions. On Saturday 21 February 2004 1:50 pm, Alexander Dalloz wrote: > Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 21:41: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Saturday 21 February 2004 11:41 am, Alexander Dalloz wrote: > > > Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 20:06: > > > > On Saturday 21 February 2004 6:01 am, Alexander Dalloz wrote: > > > > > Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 13:13: > > > > > > I'm playing around with authentication schemes with sendmail. > > > > > > > > > > > > I've noticed that the file /usr/lib/sasl2/Sendmail.conf is > > > > > > being completely ignored. No matter what I seem to put in > > > > > > that, sendmail checks /etc/sasldb2 for the password > > > > > > verification. > > > > > > > > > > > > > > > > Sendmail does not ignore /usr/lib/sasl2/Sendmail.conf! It is > > > > > just you confused about the authentification mechanisms. You > > > > > can not authenticate with MD5 mechanism when auting against > > > > > PAM. Only PLAIN / LOGIN will work that way. > > > > > > > > Okay, I have the sendmail.mc file setup as so in my mail server: > > > > > > > > define(`confAUTH_OPTIONS', `A p')dnl > > > > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > > > > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl > > > > define(`confCACERT_PATH',`/usr/share/ssl/certs') > > > > define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') > > > > define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') > > > > define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') > > > > DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl > > > > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > > > > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > > > > > I guess this is only the relevant part of sendmail.mc and not the > > > whole file. > > > > You are correct. If there are any other lines you want to see, let me > > know. > > > > > On my mail server, /usr/lib/sasl2/Sendmail.conf reads: > > > > pwcheck_method:pam > > > > > > Why not using saslauthd which then calls PAM? Though this should > > > work too. > > > > How would I configure sendmail to use saslauthd? > > This is default on Fedora (was already on Redhat 9). Put in > /usr/lib/sasl2/Sendmail.conf "pwcheck_method: saslauthd" and configure > inside /etc/init.d/saslauthd MECH=pam or MECH=shadow. Be sure service > saslauthd is running. > There is a file that is sourced by /etc/init.d/saslauthd: /var/sysconfig/saslauthd I put a line in there that read: MECH=pam Restarting saslauthd and sendmail did the trick. Now everything seems to work. > > > > I am using KMail for the MUA on my workstation. I've set it up as > > > > so: Auth: LOGIN > > > > Encryption: TLS > > > > > > > > When it goes to authenticate, KMail displays the following > > > > messages: Sending failed: > > > > Authentication failed. > > > > Most likely the password is wrong. > > > > The server responded: "5.7.0 authentication failed" > > > > > > Do it first simpler and AUTH without STARTTLS. Set confAUTH_OPTIONS > > > to A only and configure KMail to not use TLS. > > > > Done. > > > > > > There is no message /var/log/messages from sendmail. > > > > > > Check /var/log/maillog. Maybe increase LogLevel to 15 to have a > > > more verbose output in maillog. > > > > I put a line in that reads as following in sendmail.mc: > > define(`confLOG_LEVEL', `15')dnl > > > This is the output of the maillog (dervish is the mail server, atlas > > is my workstation). > > > > (1) When I used no encryption, with PLAIN login. > > Feb 21 12:31:52 dervish sendmail[15768]: NOQUEUE: connect from > > atlas.jonathangardner.net [66.92.192.166] > > Feb 21 12:31:52 dervish sendmail[15768]: AUTH: available mech=PLAIN > > LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=DIGEST-MD5 CRAM-MD5 > > LOGIN PLAIN > > This does not fit the above used sendmail.mc options. Are you sure > sendmail.cf is rebuild with your settings? sendmail-cf RPM must be > installed. > It seems to be doing it. If I run make -c /etc/mail, it will rebuild sendmail-cf. If I restart sendmail, it will rebuild it by default. - -- Jonathan Gardner jgardner@xxxxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAN+G4qp6r/MVGlwwRAneMAJ9VltEDm6EBKFpL34/kiZkx/n1ApgCZAXjn +EtrtQGkYe+NxY7xFq+1rNw= =RS1K -----END PGP SIGNATURE-----
