Sendmail SMTP AUTH Howto

forrie · 09-16-2009, 08:50 PM

Hmmm...

The error message you provide is not in my sendmail configuration. So it may be a customized error.

Apart from checking that Sendmail.conf is configured correctly and in the correct place, another thing to check is /etc/mail/access and see if your being rejected by any RBLs (if your Sendmail config is checking against them) -- that being the case, put a:

1.3.4 OK

in /etc/mail/access and rebuild the map. This is probably not your issue, though I've been bitten by it. It seems that Sendmail doesn't have rules to override an RBL check when the connection is AUTHenticated (and it should).

I hope you can figure out your problem - if you find the answer, post it here. Someone else may benefit from it, too.

Good luck.

Tux-Slack · 05-29-2010, 06:08 AM

Hi,

I'm having trouble with authentication after following this guide.
I've configured sendmail in such manner before on other machines and it was working.
Now I've done the same thing again, but I just can't get the mail out from a different location.
-X log:

Quote:

02179 >>> 220 server.domain.com ESMTP Sendmail 8.14.3/8.14.3; Sat, 29 May 2010 10:05:34 +0200
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-STARTTLS
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< STARTTLS
02179 >>> 220 2.0.0 Ready to start TLS
02179 <<< EHLO [Client Local IP]
02179 >>> 250-server.domain.com Hello client-internet-domain.com [Client Internet IP], pleased to meet you
02179 >>> 250-ENHANCEDSTATUSCODES
02179 >>> 250-PIPELINING
02179 >>> 250-8BITMIME
02179 >>> 250-SIZE
02179 >>> 250-DSN
02179 >>> 250-AUTH LOGIN PLAIN
02179 >>> 250-DELIVERBY
02179 >>> 250 HELP
02179 <<< AUTH PLAIN yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< AUTH LOGIN
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 334 yadda yadda(I edited)
02179 <<< yadda yadda(I edited)
02179 >>> 535 5.7.0 authentication failed
02179 <<< QUIT
02179 >>> 221 2.0.0 server.domain.com closing connection

The normal /var/log/maillog shows nothing special, just a connection from client and an "did not issue MAIL/EXP..." message after failed login attempt.

The .mc config file:

Quote:

dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`X-Shells.org Sendmail Configuration')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
define(`SMART_HOST',`mail.siol.net')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA, M=Ea')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=Esa')dnl

saslauthd is running with option -a shadow, to read users from /etc/shadow.
saslauthd shows no errors at startup, no erros in log at startup, no errors while I try to send mail. Plain normal. I've ran out of ideas what to do, so I'm turning to you, if you would be so kind to help me out.

Best regards,
Tux-Slack

P.S: one more thing, is it possible to use LDAP to authenticate users with sendmail? If so, how?

infamy · 09-18-2011, 09:14 AM

I am having the same problem as Tux-Slack.....

I am trying to setup AUTH on my server and when I try to send mail from outside of the server its not working.

Here is my config:

Quote:

dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mail.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A y')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

results from tail -f /tmp/sendtmp:

Quote:

19231 >>> 220 my-server.net ESMTP Sendmail 8.14.4/8.14.4; Sun, 18 Sep 2011 15:09:09 +0200
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-STARTTLS
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< STARTTLS
19231 >>> 220 2.0.0 Ready to start TLS
19231 <<< EHLO [192.168.1.2]
19231 >>> 250-my-server.net Hello nycmny.fios.verizon.net [1.1.1.1], pleased to meet you
19231 >>> 250-ENHANCEDSTATUSCODES
19231 >>> 250-PIPELINING
19231 >>> 250-8BITMIME
19231 >>> 250-SIZE
19231 >>> 250-DSN
19231 >>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
19231 >>> 250-DELIVERBY
19231 >>> 250 HELP
19231 <<< AUTH PLAIN AGNccSUaPsceTY5f0s=
19231 >>> 535 5.7.0 authentication failed
19231 <<< AUTH LOGIN
19231 >>> 334 VXxLncaSdhbWU6
19231 <<< ZmzFZQ==
19231 >>> 334 UOSmnc0dvcmQ6
19231 <<< OW14eYTz5N0s=
19231 >>> 535 5.7.0 authentication failed

I made the file /usr/lib64/sasl2/Sendmail.conf and saslauthd is running with option -a shadow.
I followed the directions.....Did I miss something??

Can anyone please help me out with this please?

UPDATE: I solved the problem. I needed to make the Sendmail.conf in /etc/sasl2, all is working fine now.