Re: Cyrus-SASL + Sendmail (FC1)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In short, evertyhing is working now. I hope this has been helpful to 
others.

I'm adding a few notes below. Please add comments or suggestions.

On Saturday 21 February 2004 1:50 pm, Alexander Dalloz wrote:
> Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 21:41:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Saturday 21 February 2004 11:41 am, Alexander Dalloz wrote:
> > > Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 20:06:
> > > > On Saturday 21 February 2004 6:01 am, Alexander Dalloz wrote:
> > > > > Am Sa, den 21.02.2004 schrieb Jonathan M. Gardner um 13:13:
> > > > > > I'm playing around with authentication schemes with sendmail.
> > > > > >
> > > > > > I've noticed that the file /usr/lib/sasl2/Sendmail.conf is
> > > > > > being completely ignored. No matter what I seem to put in
> > > > > > that, sendmail checks /etc/sasldb2 for the password
> > > > > > verification.
> > > > > >
> > > > >
> > > > > Sendmail does not ignore /usr/lib/sasl2/Sendmail.conf! It is
> > > > > just you confused about the authentification mechanisms. You
> > > > > can not authenticate with MD5 mechanism when auting against
> > > > > PAM. Only PLAIN / LOGIN will work that way.
> > > >
> > > > Okay, I have the sendmail.mc file setup as so in my mail server:
> > > >
> > > > define(`confAUTH_OPTIONS', `A p')dnl
> > > > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
> > > > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
> > > > define(`confCACERT_PATH',`/usr/share/ssl/certs')
> > > > define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
> > > > define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
> > > > define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
> > > > DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
> > > > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> > > > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
> > >
> > > I guess this is only the relevant part of sendmail.mc and not the
> > > whole file.
> >
> > You are correct. If there are any other lines you want to see, let me
> > know.
>
> > > > On my mail server, /usr/lib/sasl2/Sendmail.conf reads:
> > > > pwcheck_method:pam
> > >
> > > Why not using saslauthd which then calls PAM? Though this should
> > > work too.
> >
> > How would I configure sendmail to use saslauthd?
>
> This is default on Fedora (was already on Redhat 9). Put in
> /usr/lib/sasl2/Sendmail.conf "pwcheck_method: saslauthd" and configure
> inside /etc/init.d/saslauthd MECH=pam or MECH=shadow. Be sure service
> saslauthd is running.
>

There is a file that is sourced 
by /etc/init.d/saslauthd: /var/sysconfig/saslauthd
I put a line in there that read:
MECH=pam

Restarting saslauthd and sendmail did the trick. Now everything seems to 
work.

> > > > I am using KMail for the MUA on my workstation. I've set it up as
> > > > so: Auth: LOGIN
> > > > Encryption: TLS
> > > >
> > > > When it goes to authenticate, KMail displays the following
> > > > messages: Sending failed:
> > > > Authentication failed.
> > > > Most likely the password is wrong.
> > > > The server responded: "5.7.0 authentication failed"
> > >
> > > Do it first simpler and AUTH without STARTTLS. Set confAUTH_OPTIONS
> > > to A only and configure KMail to not use TLS.
> >
> > Done.
> >
> > > > There is no message /var/log/messages from sendmail.
> > >
> > > Check /var/log/maillog. Maybe increase LogLevel to 15 to have a
> > > more verbose output in maillog.
> >
> > I put a line in that reads as following in sendmail.mc:
> > define(`confLOG_LEVEL', `15')dnl
>
> > This is the output of the maillog (dervish is the mail server, atlas
> > is my workstation).
> >
> > (1) When I used no encryption, with PLAIN login.
> > Feb 21 12:31:52 dervish sendmail[15768]: NOQUEUE: connect from
> > atlas.jonathangardner.net [66.92.192.166]
> > Feb 21 12:31:52 dervish sendmail[15768]: AUTH: available mech=PLAIN
> > LOGIN DIGEST-MD5 CRAM-MD5 ANONYMOUS, allowed mech=DIGEST-MD5 CRAM-MD5
> > LOGIN PLAIN
>
> This does not fit the above used sendmail.mc options. Are you sure
> sendmail.cf is rebuild with your settings? sendmail-cf RPM must be
> installed.
>

It seems to be doing it. If I run make -c /etc/mail, it will rebuild 
sendmail-cf. If I restart sendmail, it will rebuild it by default.

- -- 
Jonathan Gardner
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAN+G4qp6r/MVGlwwRAneMAJ9VltEDm6EBKFpL34/kiZkx/n1ApgCZAXjn
+EtrtQGkYe+NxY7xFq+1rNw=
=RS1K
-----END PGP SIGNATURE-----




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux