confAUTH_OPTIONS fails with 'p' running sendmail 8.14.4 and saslauthd 2.1.23
I originally posted this question in the slackware forum, but I thought it might not really be system specific and more of a general security thing. I'm sorry for double posting it here. I had messaged one of the moderators in the slackware forum to move it and did not know about the more proper way of using the Report button to request the move. I will always use that in the future.
In any event, the problem has been solved - and the system works now after installing the 32bit compatibility libraries:
Perhaps someone might be able to figure out why the pure 64bit system did not work?
I'm building a new machine with slackware 13.37 64bit and so far all has gone well except for secure smtp. My previous setup was with slackware 13.1 32bit which worked fine.
If I run with (`confAUTH_OPTIONS', `A p y') in my sendmail config it shows "AUTH warning: no mechanisms" in my maillog and obviously fails to authenticate.
When I take the 'p' out and run with (`confAUTH_OPTIONS', `A y') then it does list the defined confAUTH_MECHANISMS and works.
I would prefer to run with the 'p' option and require the security layer.
Most of my setup guidance has come from the "Sendmail SMTP AUTH Howto":
The Sendmail "TLS SASL SMTP-AUTH" page on slackwiki:
And this page for debugging "How to test Sendmail SASL Authentication":
My goal is to be able to send mail remotely with secure authentication. If the way I'm trying to go about it is old and there is some newer/better way I'm happy to go with that - but sendmail/saslauthd has worked for me in the past.
Sendmail is version 8.14.4 and looks like it has the necessary options compiled in:
My hope is that I'm just missing something simple. Does anyone have insight into why adding the 'p' to confAUTH_OPTIONS is causing this behavior?
It is ment to be like this.
Begin with the version 13.0 in Slackware the Sednamil.conf should be in /etc/sasl2. I do not remember already where did I find this but I know I was searching a lot till I find this somewhere.
The fact that you don't see AUTH is like it should be because sendmail forces this way the user to use encryption. The AUTHENTICATION is only available after you initiate encryption.
There are also secure authentication mechanisms like DIGEST-MD5 or CRAM-MD5 but since you did not list them in Sendmail.conf they does not apear in the AUTH before encryption.
Your problem is probably the Sednamil.conf location. (I expect that the encryption works)
Now my best idea is the 64-bit version issue. Since I encountered unresolved problems with the 13.1 64 bit Slackware (which wasn't there in 13.0 64) I did not continue to use 64-bit versions. (I had lots of segfaults in applications, saslauthd crashed in segfault when authenticate the users created by webmin, imapd had also lots of segfaults)
So I am really interested to find out if this will be the same in this case. I have installed and configured the same system as yours on Slackware 13.37 32-bit. I will try this. And I will also download the 64-bit 13.37 and configure the same system.
I didn't try yet the old issue I experienced with saslauthd in 13.37 64-bit but I am really curious.
Hmm... So in an effort to get other unrelated 32bit stuff to work yesterday I installed the 32bit compatibility libraries:
That did work for what I was doing and I thought all was well, but now I find that my sendmail/saslauthd is no longer working as it was before.
Regardless of the confAUTH_OPTIONS I have - and indeed without changing any configuration files - the maillog shows the "no mechanisms" warning and I can not send mail from my clients.
Running testsaslauthd does work fine from the commandline.
I dont see anything suspcious in the logs when I start saslauthd or sendmail.
What is the output of lsof? I have this libraries used by sednmail:
If there is any problem with the libraries you should miss some from this list.
The saslauthd searches for Sendmail.conf in /etc, so if you want to be sure remove any link and put it there.
ALL IS WELL! Thank you for your replies.
I think I see how I messed things up. I foolishly had made the symbolic link /usr/lib/sasl2 -> /usr/lib64/sasl2 to try and get the Sendmail.conf file to be picked up early on.
So yesterday when I installed the 32bit compatibility stuff it thought it was putting new stuff in /usr/lib/sasl2 but that was really copying over stuff in /usr/lib64/sasl2
I have now restored the proper files in my /usr/lib64/sasl2 folder and reinstalled the 32bit compatibility files into /usr/lib/sasl2.
Now, when I use (`confAUTH_OPTIONS', `A p y') IT WORKS!!!
I must connect with SSL to be able to authenticate, but when I do it behaves properly.
I guess the initial problem was that something needed to run a 32bit binary that was falling over before the multilib stuff was in place? My user error that caused the 32bit stuff to step on the 64bit stuff was unfortunate but easy to correct - but I probably wouldn't have found so quickly it without the reply above, so thank you very much!
|All times are GMT -5. The time now is 10:45 AM.|