Sendmail SMTP AUTH

omlex · 01-09-2007, 11:25 PM

To all,

I setup a Sendmal Server for the purpose of connecting different users in diffent location with different DSL connection, 3 commissary, 6 offices, 118 branches, etc.

What configuration can you recommend? I tried using SMTP AUTH so that it will not be depend on IP addresses since some users have dynamic IPs. However I having this error message when sending to Yahoo

Relaying temporarily denied. Cannot resolve PTR record for 202.x.x.x

I already enable the saslauthd and CA cert...

Please help!

osdeals · 01-16-2007, 09:43 PM

you need to enable _any one_ of the following two in sendmail.mc

Code:

define(`confAUTH_OPTIONS', `A')dnl
dnl define(`confAUTH_OPTIONS', `A p')dnl

(the second line is deactivated in this example, since i can afford to allow plaintext authentication over a non SSL/TLS network, since this is purely in a private LAN at home).
and make sure the following lines appear as it is in the sendmail.mc

Code:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Rebuild your sendmail.cf, and restart sendmail. you will have SMTP AUTH enabled in sendmail.

chithu · 01-30-2007, 05:24 AM

Hi,

I am trying to configure Sendmail with AUTH & SSL. My problem is i am able to send mail without getting authenticated.

I have visited most of the sites to configure this, my configuration resembles same,but i am not getting authenticated. "250 AUTH" doesn't appear in the test.

I need your assistance to figure out my mistake.

Herewith i have attached the relevant details.

[root@testmac mail]# sendmail -d0.1 -bv
Version 8.13.1
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = testmac
(canonical domain name) $j = testmac.xyz.com
(subdomain name) $m = xyz.com
(node name) $k = testmac.xyz.com
========================================================

[root@testmac mail]# cd /usr/share/ssl/certs
[root@testmac mail]# make sendmail.pem
[root@testmac mail]# chmod -R 700 /usr/share/ssl/certs

[root@testmac mail]# cat /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

[root@testmac ~]# cat /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=

[root@testmac ~]# cat /etc/mail/access
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.10. RELAY

Changes made in /etc/mail/sendmail.mc file.
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

define(`confLOG_LEVEL', `14')dnl
define(`confAUTH_OPTIONS', `A p y')dnl

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')dnl

[root@testmac mail]# service saslauthd start
Jan 30 15:10:31 localhost saslauthd[4904]: detach_tty : master pid is: 4904
Jan 30 15:10:31 localhost saslauthd[4904]: ipc_init : listening on socket: /var/run/saslauthd/mux
Jan 30 15:10:31 localhost saslauthd: saslauthd startup succeeded

[root@testmac mail]# service sendmail start
Jan 30 16:29:26 localhost sendmail[5012]: NOQUEUE: stopping daemon, reason=signal
Jan 30 16:29:26 localhost sendmail[5068]: alias database /etc/aliases rebuilt by root
Jan 30 16:29:26 localhost sendmail[5068]: /etc/aliases: 78 aliases, longest 10 bytes, 802 bytes total
Jan 30 16:29:26 localhost sendmail[5073]: starting daemon (8.13.1): SMTP+queueing@01:00:00
Jan 30 16:29:26 localhost sendmail[5073]: STARTTLS: CRLFile missing
Jan 30 16:29:26 localhost sendmail[5073]: STARTTLS=server, Diffie-Hellman init, key=512 bit (1)
Jan 30 16:29:26 localhost sendmail[5073]: STARTTLS=server, init=1
Jan 30 16:29:26 localhost sendmail[5073]: started as: /usr/sbin/sendmail -bd -q1h
Jan 30 16:29:26 localhost sm-msp-queue[5082]: starting daemon (8.13.1): queueing@01:00:00

[root@testmac ~]# telnet 192.168.10.48 25
Trying 192.168.10.48...
Connected to testmac.xyz.com (192.168.10.48).
Escape character is '^]'.
220 testmac.xyz.com ESMTP Sendmail 8.13.1/8.13.1; Tue, 30 Jan 2007 16:13:29 +0530
ehlo hi
250-testmac.quasarinnovations.com Hello testmac.quasarinnovations.com [192.168.10.48], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

From Microsoft Outlook 2000
Jan 30 14:52:44 localhost sendmail[4783]: NOQUEUE: connect from trend.xyz.com [192.168.10.5]
Jan 30 14:52:44 localhost sendmail[4783]: AUTH: available mech=DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
Jan 30 14:52:44 localhost sendmail[4783]: l0U9MieO004783: Milter: no active filter
Jan 30 14:52:44 localhost sendmail[4783]: l0U9MieO004783: from=<abc@xyz.com>, size=1299, class=0, nrcpts=1, msgid=<HMEAIFIJHGOLGHONGOHMEEMNCMAA.abc@xyz.com>, proto=SMTP, daemon=MTA, relay=trend.xyz.com [192.168.10.5]
Jan 30 14:52:44 localhost sendmail[4784]: l0U9MieO004783: to=<root@localhost.localdomain>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31514, dsn=2.0.0, stat=Sent
Jan 30 14:52:44 localhost sendmail[4784]: l0U9MieO004783: done; delay=00:00:00, ntries=1