LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 09-16-2009, 07:50 PM   #166
forrie
Member
 
Registered: Sep 2003
Distribution: RedHat
Posts: 37

Rep: Reputation: 15

Hmmm...

The error message you provide is not in my sendmail configuration. So it may be a customized error.

Apart from checking that Sendmail.conf is configured correctly and in the correct place, another thing to check is /etc/mail/access and see if your being rejected by any RBLs (if your Sendmail config is checking against them) -- that being the case, put a:

1.3.4 OK

in /etc/mail/access and rebuild the map. This is probably not your issue, though I've been bitten by it. It seems that Sendmail doesn't have rules to override an RBL check when the connection is AUTHenticated (and it should).

I hope you can figure out your problem - if you find the answer, post it here. Someone else may benefit from it, too.


Good luck.
 
Old 05-29-2010, 05:08 AM   #167
Tux-Slack
Member
 
Registered: Nov 2006
Location: Slovenia
Distribution: Slackware 13.37
Posts: 511

Rep: Reputation: 36
Hi,

I'm having trouble with authentication after following this guide.
I've configured sendmail in such manner before on other machines and it was working.
Now I've done the same thing again, but I just can't get the mail out from a different location.
-X log:
Quote:
02179 >>> 220 server.domain.com ESMTP Sendmail 8.14.3/8.14.3; Sat, 29 May 2010 10:05:34 +0200
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-STARTTLS
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< STARTTLS
02179 >>> 220 2.0.0 Ready to start TLS
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-AUTH LOGIN PLAIN
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< AUTH PLAIN yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< AUTH LOGIN
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< QUIT
02179 >>> 221 2.0.0 server.domain.com closing connection
The normal /var/log/maillog shows nothing special, just a connection from client and an "did not issue MAIL/EXP..." message after failed login attempt.

The .mc config file:
Quote:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`X-Shells.org Sendmail Configuration')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
define(`SMART_HOST',`mail.siol.net')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=Esa')dnl
saslauthd is running with option -a shadow, to read users from /etc/shadow.
saslauthd shows no errors at startup, no erros in log at startup, no errors while I try to send mail. Plain normal. I've ran out of ideas what to do, so I'm turning to you, if you would be so kind to help me out.

Best regards,
Tux-Slack

P.S: one more thing, is it possible to use LDAP to authenticate users with sendmail? If so, how?

Last edited by Tux-Slack; 05-29-2010 at 05:36 AM.
 
Old 09-18-2011, 08:14 AM   #168
infamy
LQ Newbie
 
Registered: Sep 2011
Posts: 2

Rep: Reputation: Disabled
I am having the same problem as Tux-Slack.....

I am trying to setup AUTH on my server and when I try to send mail from outside of the server its not working.

Here is my config:

Quote:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mail.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
results from tail -f /tmp/sendtmp:

Quote:
19231 >>> 220 my-server.net ESMTP Sendmail 8.14.4/8.14.4; Sun, 18 Sep 2011 15:09:09 +0200
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-STARTTLS
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< STARTTLS
19231 >>> 220 2.0.0 Ready to start TLS
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< AUTH PLAIN AGNccSUaPsceTY5f0s=
19231 >>> 535 5.7.0 authentication failed
19231 <<< AUTH LOGIN
19231 >>> 334 VXxLncaSdhbWU6
19231 <<< ZmzFZQ==
19231 >>> 334 UOSmnc0dvcmQ6
19231 <<< OW14eYTz5N0s=
19231 >>> 535 5.7.0 authentication failed
I made the file /usr/lib64/sasl2/Sendmail.conf and saslauthd is running with option -a shadow.
I followed the directions.....Did I miss something??

Can anyone please help me out with this please?

UPDATE: I solved the problem. I needed to make the Sendmail.conf in /etc/sasl2, all is working fine now.

Last edited by infamy; 09-18-2011 at 08:37 AM. Reason: UPDATE: I solved the problem. I needed to make the Sendmail.conf in /etc/sasl2, all is working fine now.
 
Old 03-05-2014, 11:00 AM   #169
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 79
Hi all,

Yes I know this guide is quite old, but it's still relevant. I have used this guide as a guideline and ended up hours troubleshooting what was wrong. So I really hope this helps somebody else.

My 2 cents for this guide: it's pretty complete and I used it as a base for my setup.

However, there is some wrong information in this that will probably have you searching like a madman for what's wrong.
I tested and at first it looked like I was able to send mail from my domain to other domains.
The only exception was hotmail.

In my mail I found this:
Code:
Mar  x 13:50:38 nonono sendmail[15768]: s25Co22n015752: AUTH=client, available mechanisms do not fulfill requirements
Mar  x 13:50:38 nonono sendmail[15768]: AUTH=client, relay=mx1.hotmail.com., temporary failure, connection abort
I really couldn't figure what I did wrong. So I started adding SPF, ... Still not fixed.

Then I took a tcpdump capture:
Code:
220 SNT0-MC1-F47.Snt0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx. 
EHLO mailhost.example.com
250-SNT0-MC1-F47.Snt0.hotmail.com (3.19.0.77) Hello [x.x.x.x]
250-SIZE 36909875
250-PIPELINING
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-AUTH LOGIN
250-AUTH=LOGIN
250 OK
QUIT
221 SNT0-MC1-F47.Snt0.hotmail.com Service closing transmission channel
It is clear that it's actually the client (so my sendmail server) is ending the connection. Without even trying to send the mail.

Let me explain the log message:
Code:
  AUTH=client: this means that sendmail is acting as a client here (so sendmail connects to hotmail mail servers

  available mechanisms do not fulfill requirements: well if you test using telnet and send the ehlo command you see lines like this:
  - AUTH LOGIN
  - AUTH=LOGIN
  This means that you can authenticate with the LOGIN mechanism only. So first of all your sendmail install needs to know how to handle this LOGIN mechanism. Make sure it is compiled in sendmail. If it can handle this mechanism, it will actually look in the database if it has entries for this domain.
Code:
AuthInfo:yahoo.com "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"
AuthInfo: "U:siege.x@sbcglobal.net" "P:pAsSWoRd" "M:PLAIN"
So the second line matches for any mail server. However the authentication method (M does not match. So sendmail has no credentials and just aborts the connection.
Remove this line. If there isn't one then sendmail will just try to send the mail without trying to authenticate.
I already removed this line from the config file. However it seemed that I forgot to recreate the hashmap with makemap. After a restart my mails arrived.

Note that if you are using smarthost functionality this might never be a problem as in the end you always have to authenticate against one mail relay server.

I really appreciate your guide. Thank you for your efforts.
Just one sidenote: please, if you don't know what something does, please don't just ignore it. I would have tested it with and without this to see if I actually need it.
 
  


Reply

Tags
att, auth, dsl, howto, sendmail, smtp, ssl, yahoo


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Sendmail SMTP AUTH Howto SiegeX LinuxAnswers Discussion 10 09-17-2007 07:49 PM
sendmail 8.13.4-2 smtp auth nightmare kz26 Linux - Security 1 10-30-2005 01:57 PM
Sendmail SMART_HOST + SMTP AUTH Howto SiegeX Slackware 15 09-06-2004 01:42 AM
SMTP Auth for sendmail wolftechmn Linux - Networking 4 11-27-2003 01:17 PM
Sendmail / SMTP Auth cleaner416 Linux - Networking 3 10-06-2003 10:40 AM


All times are GMT -5. The time now is 12:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration