Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have configured SMTP AUTH for my sendmail using sasldb.When I try to send mail through user@localhost to any outer address it allows me to relay and does not asks for authenticity.May be i am not understanding its working.When it asks for authenticity?, i think when i try to sendmail it should not allow that.
My settings are like this:
In Sendmail.cf, i have made the following settings:
Quote:
C{TrustAuthMech}LOGIN PLAIN
# list of authentication mechanisms
O AuthMechanisms=LOGIN PLAIN
# SMTP AUTH flags
O AuthOptions=A
and i have created a user through saslpasswd2, my saslauthd is running and i have also restarted sendmail service.
I have also tested AUTH LOGIN and AUTH PLAIN, they authenticate the user.
Check out the section of the sendmail.conf that deals with relays (it should name a file outside the sendmail.conf, but in the same director - like /etc/mail/relays or something). If the loopback and/or hostname are in there, it may not be doing the checking because this tells sendmail that the host is exempt from checking.
If you need to rebuild your /etc/mail/relays (or whatever it's called), just remake the hash map:
makemap hash /etc/mail/relays /etc/mail/relays (double on purpose)
This will recreate /etc/mail/relays.db (assuming relays is the name of the file)
Hope this was of some help. If not, can you post your sendmail.cf up to the point where the mail processing rules begin?
Thank you for the reply.For relay i want the authentication to be carried out through SMTP AUTH only.Here is my sendmail.cf, please tell me where i went wrong and what should i do to make it work as required:
Quote:
# level 7 config file format
V8/Berkeley
# Alias for this host
Cw localhost
# Virtual email domain
FV/etc/mail/sendmail.cV
# who I masquerade as (null for no masquerading)
# Smart host
DS
# Use this mailer to reach the Smart host
DNsmtp
# Central host for local mail
DH
# class L: names that should be delivered locally, even if we have a relay
CLroot
# class E: names that should be exposed as from this host, even if we masquerade
CEroot
# Trust users
Ft/etc/mail/trusted-users
# Database for special routing
# Not activated
# Restrict DNS to those domain only
CD
# /usr/lib/linuxconf/mailconf/stdmacros.cf
# There macros are generally never modified. Linuxconf does not
# manipulate them in any way. You are on your own.
# operators that cannot be in local usernames (i.e., network indicators)
CO @ %
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# dequoting map
Kdequote dequote
CPREDIRECT
C{TrustAuthMech}LOGIN PLAIN
######################
# Special macros #
######################
# SMTP initial login message
De$j Sendmail $v/$Z ready at $b
# UNIX initial From header format
DlFrom $g $d
# my name for error messages
DnMAILER-DAEMON
# delimiter (operator) characters
Do.:%@!^/[]
# format of a total name
Dq$?x$x <$g>$|$g$.
# Configuration version number
DZlinuxconf
# file containing names of machines which can use our relay
# F{LocalNames} /etc/mail/name_allow
# Virtual user table (maps incoming users
Kvirtuser hash /etc/mail/virtusertable
# Deliver mail only in DNS is available
#OI
# Match full user name when receiving
OGFalse
# maximum message size
#O MaxMessageSize=1000000
#O MaxRecipientsPerMessage=xxxxx
# delivery mode
O DeliveryMode=background
# /usr/lib/linuxconf/mailconf/stdmacros.cf
# There macros are generally never modified. Linuxconf does not
# manipulate them in any way. You are on your own.
###############
# Options #
###############
# Do not probe all network interfaces and IP aliases to stuff the Cw set
O DontProbeInterfaces
# strip message body to 7 bits on input?
O SevenBitInput=False
# 8-bit data handling
O EightBitMode=pass8
# wait for alias file rebuild (default units: minutes)
O AliasWait=10
# location of alias file
O AliasFile=/etc/aliases
# minimum number of free blocks on filesystem
O MinFreeBlocks=100
# maximum message size
#O MaxMessageSize=1000000
# substitution for space (blank) characters
O BlankSub=.
# avoid connecting to "expensive" mailers on initial submission?
O HoldExpensive=True
# checkpoint queue runs after every N successful deliveries
#O CheckpointInterval=10
# automatically rebuild the alias database?
#O AutoRebuildAliases
# error message header/file
#O ErrorHeader=/etc/sendmail.oE
# error mode
#O ErrorMode=print
# save Unix-style "From_" lines at top of header?
#O SaveFromLine
# temporary file mode
O TempFileMode=0600
# match recipients against GECOS field?
#O MatchGECOS
# maximum hop count
#O MaxHopCount=17
# location of help file
O HelpFile=/usr/lib/sendmail.hf
# ignore dots as terminators in incoming messages?
#O IgnoreDots
# name resolver options
#O ResolverOptions=+AAONLY
# deliver MIME-encapsulated error messages?
O SendMimeErrors=True
# Forward file search path
O ForwardPath=$z/.forward.$w:$z/.forward
# open connection cache size
O ConnectionCacheSize=2
# open connection cache timeout
O ConnectionCacheTimeout=5m
# persistent host status directory
#O HostStatusDirectory=.hoststat
# single thread deliveries (requires HostStatusDirectory)?
#O SingleThreadDelivery
# use Errors-To: header?
O UseErrorsTo=False
# log level
O LogLevel=9
# send to me too, even in an alias expansion?
#O MeToo
# verify RHS in newaliases?
O CheckAliases=False
# default messages to old style headers if no special punctuation?
O OldStyleHeaders=True
# SMTP daemon options
O DaemonPortOptions=Port=smtp,addr=0.0.0.0
# privacy flags
O PrivacyOptions=authwarnings
# O PrivacyOptions=noetrn
# O PrivacyOptions=noverb
# O PrivacyOptions=restrictmailq
# O PrivacyOptions=restrictqrun
# O PrivacyOptions=noreceipts
# O PrivacyOptions=goaway
O PrivacyOptions=noexpn
O PrivacyOptions=novrfy
# who (if anyone) should get extra copies of error messages
#O PostMasterCopy=Postmaster
# slope of queue-only function
#O QueueFactor=600000
# queue directory
O QueueDirectory=/var/spool/mqueue
# timeouts (many of these)
#O Timeout.initial=5m
#O Timeout.connect=5m
#O Timeout.iconnect=5m
#O Timeout.helo=5m
#O Timeout.mail=10m
#O Timeout.rcpt=1h
#O Timeout.datainit=5m
#O Timeout.datablock=1h
#O Timeout.datafinal=1h
#O Timeout.rset=5m
#O Timeout.quit=2m
#O Timeout.misc=2m
#O Timeout.command=1h
O Timeout.ident=0s
#O Timeout.fileopen=60s
O Timeout.queuereturn=5d
#O Timeout.queuereturn.normal=5d
#O Timeout.queuereturn.urgent=2d
#O Timeout.queuereturn.non-urgent=7d
O Timeout.queuewarn=4h
#O Timeout.queuewarn.normal=4h
#O Timeout.queuewarn.urgent=1h
#O Timeout.queuewarn.non-urgent=12h
#O Timeout.hoststatus=30m
# should we not prune routes in route-addr syntax addresses?
#O DontPruneRoutes
# queue up everything before forking?
O SuperSafe=True
# status file
O StatusFile=/var/log/sendmail.st
# time zone handling:
# if undefined, use system default
# if defined but null, use TZ envariable passed in
# if defined and non-null, use that info
#O TimeZoneSpec=
# default UID (can be username or userid:groupid)
O DefaultUser=mail:mail
# list of locations of user database file (null means no lookup)
#O UserDatabaseSpec=/etc/userdb
# fallback MX host
#O FallbackMXhost=fall.back.host.net
# if we are the best MX host for a site, try it directly instead of config err
#O TryNullMXList
# load average at which we just queue messages
#O QueueLA=8
# load average at which we refuse connections
#O RefuseLA=12
# maximum number of children we allow at one time
#O MaxDaemonChildren=12
# maximum number of new connections per second
#O ConnectionRateThrottle=3
# work recipient factor
#O RecipientFactor=30000
# deliver each queued job in a separate process?
#O ForkEachJob
# work class factor
#O ClassFactor=1800
# work time factor
#O RetryFactor=90000
# shall we sort the queue by hostname first?
#O QueueSortOrder=priority
# minimum time in queue before retry
#O MinQueueAge=30m
# default character set
#O DefaultCharSet=iso-8859-1
# service switch file (ignored on Solaris, Ultrix, OSF/1, others)
#O ServiceSwitchFile=/etc/service.switch
# hosts file (normally /etc/hosts)
#O HostsFile=/etc/hosts
# dialup line delay on connection failure
#O DialDelay=10s
# action to take if there are no recipients in the message
#O NoRecipientAction=add-to-undisclosed
# chrooted environment for writing to files
#O SafeFileEnvironment=/arch
# are colons OK in addresses?
#O ColonOkInAddr
# how many jobs can you process in the queue?
#O MaxQueueRunSize=10000
# shall I avoid expanding CNAMEs (violates protocols)?
#O DontExpandCnames
# SMTP initial login message (old $e macro)
#O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
O SmtpGreetingMessage=$j; $b
# UNIX initial From header format (old $l macro)
O UnixFromLine=From $g $d
# delimiter (operator) characters (old $o macro)
O OperatorChars=.:%@!^/[]+
# shall I avoid calling initgroups(3) because of high NIS costs?
#O DontInitGroups
# are group-writable :include: and .forward files (un)trustworthy?
#O UnsafeGroupWrites
# where do errors that occur when sending errors get sent?
#O DoubleBounceAddress=
# what user id do we assume for the majority of the processing?
#O RunAsUser=sendmail
# list of authentication mechanisms
O AuthMechanisms=LOGIN PLAIN
# SMTP AUTH flags
O AuthOptions=A
###########################
# Message precedences #
###########################
Pfirst-class=0
Pspecial-delivery=100
Plist=-30
Pbulk=-60
Pjunk=-100
#########################
# Format of headers #
#########################
H?P?Return-Path: <$g>
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u; $|;
$.$b
H?D?Resent-Date: $a
H?D?Date: $a
H?F?Resent-From: $?x$x <$g>$|$g$.
H?F?From: $?x$x <$g>$|$g$.
H?x?Full-Name: $x
# HPosted-Date: $a
# H?l?Received-Date: $b
H?M?Resent-Message-Id: <$t.$i@$j>
H?M?Message-Id: <$t.$i@$j>
O DaemonPortOptions=Port=smtp, addr=0.0.0.0, Name=MSA, M=E, M=a
This should force AUTH for mail even from localhost. Change the Name=MSA (Mail Submission Agent) to Name=MTA if your server accepts mail. If you're running a recent version of sendmail that should have a submit.cf and sendmail.cf. Name=MSA would go in submit.cf and Name=MTA would go into sendmail.cf
Sorry, for the late reply.It worked, thanks a lot .When i try to sendmail through these accounts using Evolution and Squirrelmail, i get error.Do you have any idea, how can i make it work with them?
I'm not 100% certain, since I don't use those email clients, but, since you've set up SMTP auth, you're going to need to set up your outbound mail to authenticate against your mail server every time you send an email (outbound via smtp).
Let me know if you have trouble finding the specific settings, but the issue you're having is because of the authentication that you wanted to set up. Your mail server is now demanding that you authenticate before it will send out mail.
As for encryption, I'm not sure. The saslpasswd2 command should encrypt your password, but the security of your authorization (login password) is dependant on whether encryption is enabled on your mail server.
Your mailserver should dump out some variables for you. If there's no TLS, there's probably no encryption support. If you could run either of those command above and post the output, that would be great
I wish I had access to a saslpasswd2 file so I could give you a definitive answer. I know you can do so with, for instance, htpasswd.
If you could post a user's entry from that file (create someone bogus and delete them after), I'm sure it could be edited with vi, or any text editor. The key would be just to encrypt the password that you're going to put in the file the way that sasl will expect it.
I'm sorry I couldn't be more help on this one!
Best wishes (I'll keep on this thread so I'll get notified if you post back
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.