LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Sendmail: Relaying denied. Proper authentication required. (http://www.linuxquestions.org/questions/linux-server-73/sendmail-relaying-denied-proper-authentication-required-683832/)

60s TV Batman 11-16-2008 01:47 PM

Sendmail: Relaying denied. Proper authentication required.
 
Sendmail on a recently acquired Fedora 7 server is giving me trouble. When I attempt to send email from a remote client (e.g. Thunderbird from home), I get "Relaying denied. Proper authentication required."

If I add my IP address to relay-domains, it relays just fine. But of course, that means adding any given IP address I happen to want to send mail from (which isn't a viable solution).

I suspect this is a configuration issue with SMTP-AUTH, and I've done over an hour of googling in an attempt to fix this. But so far, nothing has worked.

Is there a kind-hearted sendmail guru willing to help me get to the bottom of this one? And if so, what do you need me to provide to get started on a solution?

Woodypecker 11-16-2008 03:38 PM

Are you trying to send mail directly, without any "smarthost"? If you do, your IP must already be part of many blocklists ...

60s TV Batman 11-16-2008 04:10 PM

Quote:

Originally Posted by Woodypecker (Post 3344002)
Are you trying to send mail directly, without any "smarthost"? If you do, your IP must already be part of many blocklists ...

Sendmail doesn't need a "smarthost" to send email.

Hopefully, somebody can help sort out the actual problem, which is related to authentication.

billymayday 11-16-2008 04:30 PM

Have you tried setting up a username and password in thunderbird for the "Outgoing Server" setting?

You need to be careful you don't create an open relay.

60s TV Batman 11-16-2008 04:36 PM

Quote:

Originally Posted by billymayday (Post 3344046)
Have you tried setting up a username and password in thunderbird for the "Outgoing Server" setting?

You need to be careful you don't create an open relay.

Yes, in Thunderbird the outgoing server has the "requires username and password" box checked, and I have supplied the necessary data. As stated, if I add my IP to relay-domains, it works just fine.

What I need is a solution that accepts email without requiring an IP in relay-domains. In other words, I need smtp-auth properly configured. I can't find any configuration issues, but I'm no expert in this area so could well (must) have missed something.

billymayday 11-16-2008 04:48 PM

I'm no sendmail expert, but I suggest that you try sending as setu, and then have a look at what the logs are telling you. I'd assume that there is more that the message you are showing.

Perhaps try connecting vi telnet and initiate the whole process manually.

60s TV Batman 11-16-2008 04:57 PM

Quote:

Originally Posted by billymayday (Post 3344070)
I'm no sendmail expert, but I suggest that you try sending as setu, and then have a look at what the logs are telling you. I'd assume that there is more that the message you are showing.

Perhaps try connecting vi telnet and initiate the whole process manually.

When I connect via telnet and send manually it works just fine. But of course, I'm localhost in that case, so there is no relaying my end.

I'm fairly certain (given what's working) that this has to have something to do with SMTP-AUTH, rather than anything else. Unfortunately, all the info I've been able to find so far is either too specific, or too generic (or perhaps beyond my current knowledge).

I'm sure I'll get there, and perhaps an SMTP-AUTH expert will drop with some time to kill :-)

billymayday 11-16-2008 05:01 PM

You will of course need to try it from outside to get a usable result.

Try upping the log level to 12 or so as well - should give you the smtp chatter.

60s TV Batman 11-16-2008 05:01 PM

Here's an example of the problem I'm finding with SMTP-AUTH info on the web. Consider the following...

> telnet localhost 25
> After you have established the connection to your sendmail mail server type
> ehlo localhost
> If you see the lines
> 250-STARTTLS
> and
> 250-AUTH

I do the above, and don't see "250-AUTH". This is obviously a problem, but the information doesn't provide any information on what to do about that missing "250-AUTH".

billymayday 11-16-2008 05:05 PM

Just looking at my sendmail.rc (CentOS starts with sendmail, even though I switch to postfix), and it would suggest that

1) You need saslauthd running - no surprise there
2) It won't by default, allow plaintext passwords unless you are operating over TLS.

I'd be making sure saslauthd is running and try it over TLS. Check that the basic certificates are in place.

60s TV Batman 11-16-2008 05:14 PM

Quote:

Originally Posted by billymayday (Post 3344091)
Just looking at my sendmail.rc (CentOS starts with sendmail, even though I switch to postfix), and it would suggest that

1) You need saslauthd running - no surprise there
2) It won't by default, allow plaintext passwords unless you are operating over TLS.

I'd be making sure saslauthd is running and try it over TLS. Check that the basic certificates are in place.

SASLAUTHD is definitely running. Sending from Thunderbird (remote client) fails with TLS set (and without). I used make to build a sendmail.pem file, and this is referenced from sendmail.mc (all rebuilt and sendmail restarted).

Here's the level 12 log from my last send attempt, which might shed more light (IP/domain information replaced with ***)...

Nov 16 22:09:44 wad2 sendmail[12105]: NOQUEUE: connect from ***.dsl.***.co.uk [***]
Nov 16 22:09:44 wad2 sendmail[12105]: AUTH: available mech=ANONYMOUS, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Nov 16 22:09:44 wad2 sendmail[12105]: mAH39iWE012105: Milter: no active filter
Nov 16 22:09:44 wad2 sendmail[12105]: mAH39iWE012105: ruleset=check_rcpt, arg1=<***@***.com>, relay=***.dsl.***.co.uk [***], reject=550 5.7.1 <***@***.com>... Relaying denied. Proper authentication required.
Nov 16 22:09:45 wad2 sendmail[12105]: mAH39iWE012105: from=<***@***.com>, size=405, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=***.dsl.***.co.uk [***]

60s TV Batman 11-16-2008 05:26 PM

Quote:

Originally Posted by billymayday (Post 3344086)
You will of course need to try it from outside to get a usable result.

Just connected from another of my servers using telnet. Here's the result...

ehlo ***
250-wad2.***.co.uk Hello ***.com [***], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

There should be a line saying "250-AUTH PLAIN LOGIN", but there isn't. This has to be the problem. Unfortunately, I don't know the underlying cause (i.e. what to fix).

billymayday 11-16-2008 05:51 PM

Post the relevant section from you config and see if someone with better knowledge in this area than me comes along

billymayday 11-16-2008 06:08 PM

This is interesting http://www.redhat.com/archives/rhl-l.../msg05555.html

60s TV Batman 11-16-2008 06:30 PM

Quote:

Originally Posted by billymayday (Post 3344148)

Hey Billymayday, thanks very much for that. I followed that thread through, and came across this: "Make sure you have cyrus-sasl-plain RPM installed"

I installed cyrus-sasl-plain, restarted saslauthd, and then restarted sendmail. Hey-presto! I'm now sending from my PC without the need to have my IP address in relay-domains.

Thank you so much for your help, patience, and for supplying the above link.


All times are GMT -5. The time now is 05:13 AM.