LinuxQuestions.org
Page 12 of 12 « First 21011 12
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Sendmail SMTP AUTH Howto (https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/)

forrie 09-16-2009 07:50 PM
Hmmm...

The error message you provide is not in my sendmail configuration. So it may be a customized error.

Apart from checking that Sendmail.conf is configured correctly and in the correct place, another thing to check is /etc/mail/access and see if your being rejected by any RBLs (if your Sendmail config is checking against them) -- that being the case, put a:

1.3.4 OK

in /etc/mail/access and rebuild the map. This is probably not your issue, though I've been bitten by it. It seems that Sendmail doesn't have rules to override an RBL check when the connection is AUTHenticated (and it should).

I hope you can figure out your problem - if you find the answer, post it here. Someone else may benefit from it, too.


Good luck.

Tux-Slack 05-29-2010 05:08 AM
Hi,

I'm having trouble with authentication after following this guide.
I've configured sendmail in such manner before on other machines and it was working.
Now I've done the same thing again, but I just can't get the mail out from a different location.
-X log:
Quote:
02179 >>> 220 server.domain.com ESMTP Sendmail 8.14.3/8.14.3; Sat, 29 May 2010 10:05:34 +0200
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-STARTTLS
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< STARTTLS
02179 >>> 220 2.0.0 Ready to start TLS
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-AUTH LOGIN PLAIN
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< AUTH PLAIN yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< AUTH LOGIN
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< QUIT
02179 >>> 221 2.0.0 server.domain.com closing connection
The normal /var/log/maillog shows nothing special, just a connection from client and an "did not issue MAIL/EXP..." message after failed login attempt.

The .mc config file:
Quote:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`X-Shells.org Sendmail Configuration')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
define(`SMART_HOST',`mail.siol.net')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=Esa')dnl
saslauthd is running with option -a shadow, to read users from /etc/shadow.
saslauthd shows no errors at startup, no erros in log at startup, no errors while I try to send mail. Plain normal. I've ran out of ideas what to do, so I'm turning to you, if you would be so kind to help me out.

Best regards,
Tux-Slack

P.S: one more thing, is it possible to use LDAP to authenticate users with sendmail? If so, how?

infamy 09-18-2011 08:14 AM
I am having the same problem as Tux-Slack.....

I am trying to setup AUTH on my server and when I try to send mail from outside of the server its not working.

Here is my config:

Quote:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mail.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
results from tail -f /tmp/sendtmp:

Quote:
19231 >>> 220 my-server.net ESMTP Sendmail 8.14.4/8.14.4; Sun, 18 Sep 2011 15:09:09 +0200
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-STARTTLS
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< STARTTLS
19231 >>> 220 2.0.0 Ready to start TLS
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< AUTH PLAIN AGNccSUaPsceTY5f0s=
19231 >>> 535 5.7.0 authentication failed
19231 <<< AUTH LOGIN
19231 >>> 334 VXxLncaSdhbWU6
19231 <<< ZmzFZQ==
19231 >>> 334 UOSmnc0dvcmQ6
19231 <<< OW14eYTz5N0s=
19231 >>> 535 5.7.0 authentication failed
I made the file /usr/lib64/sasl2/Sendmail.conf and saslauthd is running with option -a shadow.
I followed the directions.....Did I miss something??

Can anyone please help me out with this please?

UPDATE: I solved the problem. I needed to make the Sendmail.conf in /etc/sasl2, all is working fine now.

deadeyes 03-05-2014 11:00 AM
Hi all,

Yes I know this guide is quite old, but it's still relevant. I have used this guide as a guideline and ended up hours troubleshooting what was wrong. So I really hope this helps somebody else.

My 2 cents for this guide: it's pretty complete and I used it as a base for my setup.

However, there is some wrong information in this that will probably have you searching like a madman for what's wrong.
I tested and at first it looked like I was able to send mail from my domain to other domains.
The only exception was hotmail.

In my mail I found this:
Code:
Mar  x 13:50:38 nonono sendmail[15768]: s25Co22n015752: AUTH=client, available mechanisms do not fulfill requirements
Mar  x 13:50:38 nonono sendmail[15768]: AUTH=client, relay=mx1.hotmail.com., temporary failure, connection abort
I really couldn't figure what I did wrong. So I started adding SPF, ... Still not fixed.

Then I took a tcpdump capture:
Code:
220 SNT0-MC1-F47.Snt0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx.
EHLO mailhost.example.com
250-SNT0-MC1-F47.Snt0.hotmail.com (3.19.0.77) Hello [x.x.x.x]
250-SIZE 36909875
250-PIPELINING
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-AUTH LOGIN
250-AUTH=LOGIN
250 OK
QUIT
221 SNT0-MC1-F47.Snt0.hotmail.com Service closing transmission channel
It is clear that it's actually the client (so my sendmail server) is ending the connection. Without even trying to send the mail.

Let me explain the log message:
Code:
  AUTH=client: this means that sendmail is acting as a client here (so sendmail connects to hotmail mail servers

  available mechanisms do not fulfill requirements: well if you test using telnet and send the ehlo command you see lines like this:
  - AUTH LOGIN
  - AUTH=LOGIN
  This means that you can authenticate with the LOGIN mechanism only. So first of all your sendmail install needs to know how to handle this LOGIN mechanism. Make sure it is compiled in sendmail. If it can handle this mechanism, it will actually look in the database if it has entries for this domain.
Code:
AuthInfo:yahoo.com "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"
AuthInfo: "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"
So the second line matches for any mail server. However the authentication method (M:) does not match. So sendmail has no credentials and just aborts the connection.
Remove this line. If there isn't one then sendmail will just try to send the mail without trying to authenticate.
I already removed this line from the config file. However it seemed that I forgot to recreate the hashmap with makemap. After a restart my mails arrived.

Note that if you are using smarthost functionality this might never be a problem as in the end you always have to authenticate against one mail relay server.

I really appreciate your guide. Thank you for your efforts.
Just one sidenote: please, if you don't know what something does, please don't just ignore it. I would have tested it with and without this to see if I actually need it.

mymailbox83 01-12-2015 06:43 AM
hi
 
Thank you all..


All times are GMT -5. The time now is 03:34 PM.
Page 12 of 12 « First 21011 12
Show 50 post(s) from this thread on one page