LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Sendmail: sasl2/AUTH (http://www.linuxquestions.org/questions/linux-networking-3/sendmail-sasl2-auth-463630/)

alext 07-13-2006 08:01 AM

Sendmail: sasl2/AUTH
 
hello!

I am having a heck of a time getting Sendmail to authenticate using Cyrus saslauthd
I've isolated my problem to either saslauthd or Sendmail.

by the way, i use a sendmail DUAL configuration with amavisd
here are some config files/outputs:

Code:

# sendmail -d0.1
Version 8.13.6
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETINET6 NETUNIX NIS NISPLUS PIPELINING
                SASLv2 SCANF STARTTLS XDEBUG

Code:

#less sendmail-rx.mc
...
define(`confLOG_LEVEL', `13')
...
dnl  AUTH
define(`confAUTH_MECHANISMS', `PLAIN LOGIN')dnl

dnl  Weitervermittlung erlauben, WENN der Host sich erfolgreich authentifiziert hat
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl

dnl  p-PLAIN/LOGIN nur dann anbieten, wenn SSL/TLS aktiv ist
dnl  y- anonymous-login verbieten
define(`confAUTH_OPTIONS', `A y')dnl
...

Code:

root  311    1  0 13:48:28 ?          0:00 /opt/csw/sbin/saslauthd -a pam
    root  313  311  0 13:48:28 ?          0:00 /opt/csw/sbin/saslauthd -a pam
    root  312  311  0 13:48:28 ?          0:00 /opt/csw/sbin/saslauthd -a pam
    root  314  311  0 13:48:28 ?          0:00 /opt/csw/sbin/saslauthd -a pam
    root  315  311  0 13:48:28 ?          0:00 /opt/csw/sbin/saslauthd -a pam

Code:

#less Sendmail.conf
pwcheck_method:saslauthd
mech_list: LOGIN PLAIN
saslauthd_path:/var/opt/csw/saslauthd

Code:

# ll /var/opt/csw/saslauthd
Gesamt 6
drwxrws---  2 root    sasl        512 Jul 13 13:48 ./
drwxr-xr-x  3 root    bin          512 Jul  7 16:12 ../
srwxrwxrwx  1 root    sasl          0 Jul 13 13:48 mux=
-rw-------  1 root    sasl          0 Jul 13 13:48 mux.accept
-rw-------  1 root    sasl          4 Jul 13 13:48 saslauthd.pid

Code:

# ldd /usr/lib/sendmail
        libsasl2.so.2 =>        /usr/lib/libsasl2.so.2
        libresolv.so.2 =>        /lib/libresolv.so.2
        libsocket.so.1 =>        /lib/libsocket.so.1
        libnsl.so.1 =>  /lib/libnsl.so.1
        libc.so.1 =>    /lib/libc.so.1
        libdl.so.1 =>    /lib/libdl.so.1
        libmp.so.2 =>    /lib/libmp.so.2
        libmd5.so.1 =>  /lib/libmd5.so.1
        libscf.so.1 =>  /lib/libscf.so.1
        libdoor.so.1 =>  /lib/libdoor.so.1
        libuutil.so.1 =>        /lib/libuutil.so.1
        libm.so.2 =>    /lib/libm.so.2

Code:

#testsaslauthd -u user -p pass
0: OK "Success."


when i try to authentificate i get:
Code:

mta-rx: [ID 801593 mail.error] k6DCm1ID002220: AUTH failure (PLAIN): generic failure (-1) SASL(-1): generic failure: Password verification failed
and
Code:

mta-rx: [ID 801593 mail.warning] k6DCnNJu002290: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed
well, i don't get any other errors, it looks like sendmail doesnt see saslauthd (?!)

If someone can just point me in the right direction...:)
Thanks!
Alex

ramram29 07-13-2006 12:44 PM

Run the command 'testsaslauthd' to see if sasl is working first. If it logs you in then you can isolate the problem to being something other than sasl.

alext 07-13-2006 12:52 PM

hi!

i've already tried it, see above :)

alext 07-13-2006 01:42 PM

i've made some more tests:

i've started saslauthd in debug mode and
when i run
Code:

# testsaslauthd -u user -p pass
0: OK "Success."

i get
Code:

# saslauthd -a pam -d
saslauthd[12076] :main            : num_procs  : 5
saslauthd[12076] :main            : mech_option: NULL
saslauthd[12076] :main            : run_path  : /var/opt/csw/saslauthd
saslauthd[12076] :main            : auth_mech  : pam
saslauthd[12076] :ipc_init        : using accept lock file: /var/opt/csw/saslauthd/mux.accept
saslauthd[12076] :detach_tty      : master pid is: 0
saslauthd[12076] :ipc_init        : listening on socket: /var/opt/csw/saslauthd/mux
saslauthd[12076] :main            : using process model
saslauthd[12076] :have_baby      : forked child: 12077
saslauthd[12076saslauthd[] :have_baby      12077: forked child: 12078] :
get_accept_lock : acquired accept lock
saslauthd[12076] :have_baby      : forked child: 12079
saslauthd[12076] :have_baby      : forked child: 12080
saslauthd[12077] :rel_accept_lock : saslauthd[released accept lock
12078] :get_accept_lock : acquired accept lock
saslauthd[12077] :do_auth        : auth success: [user=user] [service=imap] [realm=] [mech=pam]
saslauthd[12077] :do_request      : response: OK

when i try to authentificate via sendmail, nothing happens .....
doesn't sendmail know from saslauthd (?!)

ramram29 08-01-2006 02:02 PM

You should drop sendmail and try postfix - it's more secure, faster and easier to setup.

benjithegreat98 08-01-2006 05:26 PM

Here's a link that's basically a tutorial for this:
http://www.jonfullmer.com/smtpauth/

One big difference I see in the 2 is your Sendmail.conf file. I set this up today for the first time (well, I setup TLS as well) and it looks good as far as I can tell. I have to ask the obligatory sendmail question. Did you convert your .mc file to the sendmail.cf and restart?

gilead 08-01-2006 09:07 PM

There's a good article on this at http://www.linuxquestions.org/questi...d.php?t=224543. I have it running on on 2 systems here (without amavisd though). Unless you're new to sendmail I don't recommend changing MTA's over what is probably a configuration issue.


All times are GMT -5. The time now is 04:21 PM.