LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 01-23-2010, 09:32 PM   #1
Blazeone
LQ Newbie
 
Registered: Dec 2009
Location: Tacoma/Seattle WA
Distribution: Slackware
Posts: 6

Rep: Reputation: 3
Unhappy [SOLVED] Slackware 13 64bit, Problems with SASL/SMTP AUTH, Relaying down.


I will try to give as much detail as possible from get go, but if you are reading this, and think you can help but need more information, please reply to thread or pm me. I am just very frustrated as I know on my 10.2 install I did not go through all this much trouble.

(Note: I am on a dynamic dns service, my IP's stay steady for months at a time, but I am still utilizing smarthost setup for outgoing mail.)

So I have followed about 5 different sendmail+sasl+openssl walkthroughs to get this far, here is the current situation.

Local users CAN send and receive email via pine while logged on ssh, or from the roundcube mail webmail applet via httpd.

Local users CAN receive mail via IMAP/POP without any problems from most client software.

But the only way I've been able to get any type of relaying for remote use is to expressly allow relaying from the ip via the access.db.
IE: My cellphone is on an unlimited data plan, and I know my carriers domain pool, so I have that entire network authorized to relay at the moment, as my phone's ip address changes as much 7 times a day.

When I try to use authentication it just continually asks for a username/password, until I hit cancel and then it errors. (Logs at bottom of post)

Here is a copy of my sendmail.mc, lightly edited of course for security reasons.
Code:
dnl# This is the a sendmail .mc file for Slackware with TLS support.
dnl# To generate the sendmail.cf file from this (perhaps after making
dnl# some changes), use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware-tls.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.mc
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`TLS supporting setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl#
dnl# You will need to create the certificates below with OpenSSL first:
define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')
define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')
define(`confCRL', `/etc/mail/certs/revoke.crl')
define(`confTLS_SRV_OPTIONS', V')
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
define(`SMART_HOST',`smtp.comcast.net')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`delay_checks')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`dnsbl.sorbs.net',`"554 Rejected spam as" $&{client_addr} " found in dnsbl.sorbs.net"')dnl
FEATURE(`enhdnsbl', `zen.spamhaus.org', `"Spam blocked see: http://www.abuse.net/sbl.phtml?IP="$&{client_addr}')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
FEATURE(`enhdnsbl', `list.dsbl.org', `"Spam blocked see: http://dsbl.org"$&{client_addr}')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`mydomainname.net')dnl # replaced for posting. 
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl# Allow SASL authentication/relaying:
define(`confAUTH_OPTIONS', `A y')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl# Daemon options after M= below that might need to be changed are:
dnl# s (allow SSL, not only TLS)
dnl# a (require authentication)
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=s')dnl
LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL
And here is a snip of some of the attempts to relay while I removed my local network range from access.db

My linux box sits at 192.168.0.25 on the lan and my desktop machine is 192.168.0.2

Code:
Jan 20 20:04:28 blazeone sm-mta[28756]: STARTTLS=server, relay=[192.168.0.2], version=TLSv1/SSLv3, verify=NOT, cipher=AES128-SHA, bits=128/128
Jan 20 20:04:28 blazeone sm-mta[28756]: o0L44S8H028756: [192.168.0.2] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
This snip is my buddy trying from his house.
Code:
Jan 19 18:22:37 blazeone sm-mta[31049]: o0K2MbkB031049: c-71-197-174-23.hsd1.wa.comcast.net [71.197.174.23] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA-SSL
Jan 19 18:22:38 blazeone sm-mta[31050]: o0K2McPe031050: c-71-197-174-23.hsd1.wa.comcast.net [71.197.174.23] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA-SSL
Jan 19 18:23:15 blazeone sm-mta[31058]: gethostbyaddr(172.16.210.1) failed: 1
Jan 20 19:18:37 blazeone sm-mta[28667]: o0L3Ia0B028667: c-71-197-174-23.hsd1.wa.comcast.net [71.197.174.23] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 20 19:18:42 blazeone sm-mta[28671]: o0L3Ifks028671: c-71-197-174-23.hsd1.wa.comcast.net [71.197.174.23] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
We were both trying to use outlook, with different combinations of ports, SPA on/off, ssl required on/off, encryption method auto and set to tls or ssl. (Ports tried 25/465/587)

Here is my Sendmail.conf from /usr/lib/sasl2/
Code:
pwcheck_method: saslauthd
mech_list: EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Not sure where to go from here. Any fresh ideas are welcome. I am almost to the point of locating a sendmail god and having them remote in to fix this.

Last edited by Blazeone; 01-24-2010 at 02:54 PM. Reason: Found solution
 
Old 01-24-2010, 02:51 PM   #2
Blazeone
LQ Newbie
 
Registered: Dec 2009
Location: Tacoma/Seattle WA
Distribution: Slackware
Posts: 6

Original Poster
Rep: Reputation: 3
I think I am pretty hot on the tracks, increased log level and got this out of the mail log upon restart of saslauthd and sendmail daemons
Code:
Jan 24 10:56:09 blazeone sm-mta[11117]: error: safesasl(/etc/sasl2/Sendmail.conf) failed: No such file or directory
Jan 24 10:56:09 blazeone sm-mta[11118]: starting daemon (8.14.3): SMTP+queueing@00:25:00
Jan 24 10:56:09 blazeone sm-mta[11118]: STARTTLS=server, init=1
Jan 24 10:56:09 blazeone sm-mta[11118]: started as: /usr/sbin/sendmail -L sm-mta -bd -q25m
Jan 24 10:56:09 blazeone sm-msp-queue[11121]: starting daemon (8.14.3): queueing@00:25:00
So I just made a symbolic link at /etc/sasl2/ to /usr/lib64/sasl2/

Restarting now, and going to see if it works :>
 
1 members found this post helpful.
Old 01-24-2010, 02:53 PM   #3
Blazeone
LQ Newbie
 
Registered: Dec 2009
Location: Tacoma/Seattle WA
Distribution: Slackware
Posts: 6

Original Poster
Rep: Reputation: 3
I feel very silly now... works great :> marking to solved.
 
1 members found this post helpful.
  


Reply

Tags
auth, cyrus, relay, sasl, sasl2, sendmail, slackware, smtp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail SMTP AUTH allows relaying ganesh_914 Linux - Server 0 07-23-2009 06:12 AM
Relaying mails through auth-SMTP server ? nileshgr Linux - Server 2 05-26-2008 12:14 AM
SMTP AUTH | Telling SASL to use rimap the_gripmaster Linux - Server 1 03-28-2008 04:29 AM
Delete SASL libraries (smtp auth problems) christopher_c Linux - Newbie 0 10-30-2007 10:48 AM
SMTP AUTH, SASL and Sendmail not getting along prozach Linux - Software 0 12-02-2003 06:10 PM


All times are GMT -5. The time now is 01:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration