Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Sendmail on a recently acquired Fedora 7 server is giving me trouble. When I attempt to send email from a remote client (e.g. Thunderbird from home), I get "Relaying denied. Proper authentication required."
If I add my IP address to relay-domains, it relays just fine. But of course, that means adding any given IP address I happen to want to send mail from (which isn't a viable solution).
I suspect this is a configuration issue with SMTP-AUTH, and I've done over an hour of googling in an attempt to fix this. But so far, nothing has worked.
Is there a kind-hearted sendmail guru willing to help me get to the bottom of this one? And if so, what do you need me to provide to get started on a solution?
Have you tried setting up a username and password in thunderbird for the "Outgoing Server" setting?
You need to be careful you don't create an open relay.
Yes, in Thunderbird the outgoing server has the "requires username and password" box checked, and I have supplied the necessary data. As stated, if I add my IP to relay-domains, it works just fine.
What I need is a solution that accepts email without requiring an IP in relay-domains. In other words, I need smtp-auth properly configured. I can't find any configuration issues, but I'm no expert in this area so could well (must) have missed something.
Last edited by 60s TV Batman; 11-16-2008 at 04:37 PM..
I'm no sendmail expert, but I suggest that you try sending as setu, and then have a look at what the logs are telling you. I'd assume that there is more that the message you are showing.
Perhaps try connecting vi telnet and initiate the whole process manually.
I'm no sendmail expert, but I suggest that you try sending as setu, and then have a look at what the logs are telling you. I'd assume that there is more that the message you are showing.
Perhaps try connecting vi telnet and initiate the whole process manually.
When I connect via telnet and send manually it works just fine. But of course, I'm localhost in that case, so there is no relaying my end.
I'm fairly certain (given what's working) that this has to have something to do with SMTP-AUTH, rather than anything else. Unfortunately, all the info I've been able to find so far is either too specific, or too generic (or perhaps beyond my current knowledge).
I'm sure I'll get there, and perhaps an SMTP-AUTH expert will drop with some time to kill :-)
Here's an example of the problem I'm finding with SMTP-AUTH info on the web. Consider the following...
> telnet localhost 25
> After you have established the connection to your sendmail mail server type
> ehlo localhost
> If you see the lines
> 250-STARTTLS
> and
> 250-AUTH
I do the above, and don't see "250-AUTH". This is obviously a problem, but the information doesn't provide any information on what to do about that missing "250-AUTH".
Just looking at my sendmail.rc (CentOS starts with sendmail, even though I switch to postfix), and it would suggest that
1) You need saslauthd running - no surprise there
2) It won't by default, allow plaintext passwords unless you are operating over TLS.
I'd be making sure saslauthd is running and try it over TLS. Check that the basic certificates are in place.
SASLAUTHD is definitely running. Sending from Thunderbird (remote client) fails with TLS set (and without). I used make to build a sendmail.pem file, and this is referenced from sendmail.mc (all rebuilt and sendmail restarted).
Here's the level 12 log from my last send attempt, which might shed more light (IP/domain information replaced with ***)...
Nov 16 22:09:44 wad2 sendmail[12105]: NOQUEUE: connect from ***.dsl.***.co.uk [***]
Nov 16 22:09:44 wad2 sendmail[12105]: AUTH: available mech=ANONYMOUS, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Nov 16 22:09:44 wad2 sendmail[12105]: mAH39iWE012105: Milter: no active filter
Nov 16 22:09:44 wad2 sendmail[12105]: mAH39iWE012105: ruleset=check_rcpt, arg1=<***@***.com>, relay=***.dsl.***.co.uk [***], reject=550 5.7.1 <***@***.com>... Relaying denied. Proper authentication required.
Nov 16 22:09:45 wad2 sendmail[12105]: mAH39iWE012105: from=<***@***.com>, size=405, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=***.dsl.***.co.uk [***]
Last edited by 60s TV Batman; 11-16-2008 at 05:17 PM..
You will of course need to try it from outside to get a usable result.
Just connected from another of my servers using telnet. Here's the result...
ehlo ***
250-wad2.***.co.uk Hello ***.com [***], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
There should be a line saying "250-AUTH PLAIN LOGIN", but there isn't. This has to be the problem. Unfortunately, I don't know the underlying cause (i.e. what to fix).
Hey Billymayday, thanks very much for that. I followed that thread through, and came across this: "Make sure you have cyrus-sasl-plain RPM installed"
I installed cyrus-sasl-plain, restarted saslauthd, and then restarted sendmail. Hey-presto! I'm now sending from my PC without the need to have my IP address in relay-domains.
Thank you so much for your help, patience, and for supplying the above link.
Last edited by 60s TV Batman; 11-16-2008 at 06:32 PM..
Reason: my terrible spelling
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
