Sendmail SMTP AUTH Howto

Wolfy · 09-15-2004, 08:57 PM

SiegeX,
I'm having problems will you please?!?!? look at this and respond?

I've got sendmail configured to send mail but I can't relay from outside my network.
I followed your example but when I get to [saslauthd -a shadow] I get the following message.

saslauthd[11326] :set_auth_mech : unknown authentication mechanism: /etc/shadow

When I tried to look at shadow, it's mostly just a bunch of goop.
I don't know how to change what it's asking me for.
Can you help?

Wolfy
EDIT***********9-15-04@2315*******************
Okay I got to this point;
I am able to send from out of the network, BUT...........
Only to those sites that I have included in [access].
Will you tell me how to open that up so I don't have to include every single site I want to send mail to?????????????????

Thanks,
Wolfy

SiegeX · 09-16-2004, 02:16 AM

Sorry I took a bit long to respond, I was on vacaction. Im not really sure what your problem is as I have never come across it nor has anybody else that has followed my howto (even the 1st one). What I would suggest you do is follow my new one (this one) from begging to end, including rebuilding slackware from the build scripts and removing the prebuilt ones you got from linuxpackages.net.

Once you get SMTP AUTH to work correctly, this will let you relay outside your network.

Wolfy · 09-16-2004, 02:25 AM

SiegeX,
Thank you for responding, I did follow you example letter for letter.
I'm anal that way, I didn't work.
I had to use the prebuilt files to get it to work.
I can send now from outside my network, but only to those sites I add to access.
Do you know how to allow relaying to any site within access?
I mean I have sasl working and required authentiaction working.
But can only send to sites or email addresses within sites I put in access.
Do you have any ideas to fix this?????????????

Wolfy

SiegeX · 09-16-2004, 02:44 AM

What does your access file look like? AFAIK you dont have to say what domains you can relay for in the access file, all you need to do is specify an IP that is allowed to relay like so

Code:

192.168.1        RELAY

This will allow anybody on my local network 192.168.1.1 - 192.168.1.254 to relay through my server no matter what the destination address is. Also you have to use the 'makemap hash' command on the access file for changes to take effect.

Wolfy · 09-16-2004, 05:57 PM

SiegeX,
That sounded really good, BUT that didn't work either.
I tried to specify the IP address of the machine, that was a no go too.
I tried to specify the name of the computer, still no go.
I tried to use the address of the router, no go.

I'm running out of ideas do you have some????????

Wolfy

SiegeX · 09-16-2004, 06:01 PM

post your access file, also dont forget to run 'makemap hash /etc/mail/access < /etc/mail/access'. Oh and make sure you set up the /usr/lib/sasl2/Sendmail.conf file correctly.

Wolfy · 09-16-2004, 06:55 PM

WOW!!! Your Fast.

[/usr/lib/sasl2/Sendmail.conf]
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN

[/etc/mail/access]
rainland.homelinux.com RELAY
verizon.net RELAY
shilo.is-a-geek.com RELAY
192.168.0 RELAY

Also I wonder why it says authitication required before I add it access then it does send it.
It makes think that something is not setup right.

SiegeX · 09-17-2004, 12:31 AM

Well, I dont think this will fix anything but the access file contains the IP's of the machines that are allowed to relay, not the IP's of the domains they are going to relay to.

So unless you somehow can get your box to have the ip of verizon.net and shilo.is-a-geek.com, these two entries dont do a thing for you. They will however let shilo and I assume the webmaster of verizon.net to use your SMTP server as a relay.

skubee · 09-17-2004, 03:28 AM

wolfy said:

Quote:

Everything went fine with no errors, but you make a note that after installing the new sendmail that we should make changes to the access,local-host-names,and aliases files.
I did not modify these or did I make copies since I did not attempt to configure them prior to following your How-to.

seigeX said:

Quote:

Now if you had sendmail working before this Howto, you definitely made changes to some of the files in /etc/mail and if this is your first time getting sendmail to work, you'll want to at least make changes to access, local-host-names and probably aliases. So now is the time to copy your original files over, or make the necessary changes if this is your first time.

Quote:

Before we do any uninstalling of the existing older sendmail, I suggest you make a backup of your current /etc/mail and /usr/share/sendmail/ directories by running the following commands and storing the tarballs in a safe place:

code:

tar cfvj mail.tar.bz2 /etc/mail/
tar cfvj sendmail-cf.tar.bz2 /usr/share/sendmail

wolfy, when seigex said this he was referring to moving those files which were backed up from earlier. the only thing i did was move the files i backed up in /etc/mail back to its original place after reinstalling sendmail.

if you're having problems relaying it might be as seige said that your relay is incorrect. i believe the file he's referring to is /usr/share/sendmail/cf/cf/sendmail-slackware.mc. the relay would be any main server that you can get asccess to. seiege gave the example of

Quote:

define(`SMART_HOST',`[smtp.sbcglobal.yahoo.com]')dnl

in my sendmail-slackware.mc it's

Quote:

define(`SMART_HOST',`[smtp.comcast.net]')dnl

you might want to relook at your sendmail-slackware.mc file as well as your /etc/mail/authinfo file. in your authinfo file should be your loggin and password as seiege explained.

Quote:

Below is the contents of my authinfo file, to keep with the convention I have highlighted the parts that are specific to your system in blue.

code:

AuthInfo:yahoo.com "U:siege.x@sbcglobal.net" "P

AsSWoRd" "M:PLAIN"
AuthInfo: "U:siege.x@sbcglobal.net" "P

AsSWoRd" "M:PLAIN"

In case its not apparent, the text after U: is the username, after P: is the password and after the M: is the mechanism which is used to login, valid types are DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN. Since I use SBC Yahoo DSL! I know for a fact that they use PLAIN, if you are not sure which one your ISP uses try PLAIN and see if it works, if not give tech support a call.

Note that the second line is almost exactly the same as the first line except its missing yahoo.com and there is a space after the colon. I’m not exactly sure why this line is needed, but that’s how it was presented to me and since it works, I’m not about to change it.

i beleive this is the problem you are having. if not forgive me for i have a headache and am a bit restless. just relook those files and change if need be. recompile the cf file with m4 /usr/share/sendmail/cf/cf/sendmail-slackware.mc > /etc/mail/sendmail.cf then follow seige's tutorial from that point on.

Wolfy · 09-17-2004, 05:29 PM

SiegeX,
The server had no problem relaying through my ISP's SMTP after I applied your how-to.
It's outside the network that's the problem. I could not relay any mail at all until I added the site that the email belonged too to access then it went through just fine.
I believe that I've opened those sites as open relays, (which I don't want to do.)
I think the problem is in authorizing from outside the network, "shadow" or "saslauthd".
I don't believe they are running or in a working state.
I'm just going to pull everything out again and try again to compile from source as in your second How-to. But when I did that before I stopped after the [client-side] to check to see if it was working and nothing.... I couldn't send anything from the server through my ISP's SMTP.
This time if it does not work I'll post back with the problem and then maybe you will be able to more easily figure out what the poblem is.

Wolfy

kodon · 09-17-2004, 05:49 PM

wolfy: just wondering if you are still using the packages or if
you have been able to compile your own yet.

is it possible that the relay is not working at all? if an e-mail is
sent to shilo.is-a-geek.com is a relay required or will his
server accept the new mail even though it originated from
a dynamic ip?

Wolfy · 09-17-2004, 06:20 PM

kodon,
I never asked him or tried that. I could not send to him from outside the network until I added his web site into [access] and remade the [.db] file. The headers looked good," as though they were coming from my domain. I believe all I did was open up a open relay to his site.
I'm in the process of making back-ups before I try to compile [sasl] and [sendmail] again.
The only way I've been able to send mail through my ISP's SMTP is to use pre-built packages.
The last time I tried to compile my own it did not work, but I'm going to try again.

Wolfy

Wolfy · 09-17-2004, 07:46 PM

SiegeX,
Okay, I followed your example made the necessary changes when compiling [sasl] to get it to work.
[shadow] starts without a hick-up, and I added it to [rc.local].
Same problem as last time authentication failure, here is a copy of my log relevant to this situation:

Sep 17 17:34:36 rainland sendmail[5227]: i8I0YaDt005227: from=<root@rainland.homelinux.com>, size=291, class=0, nrcpts=1, msgid=<Pine.LNX.4.61.0409171734140.5226@rainland.homelinux.com>, proto=ESMTP, relay=root@localhost
Sep 17 17:34:36 rainland sm-mta[5230]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Sep 17 17:34:36 rainland sendmail[5229]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Sep 17 17:34:37 rainland sm-mta[5230]: i8I0YaZW005230: from=<root@rainland.homelinux.com>, size=475, class=0, nrcpts=1, msgid=<Pine.LNX.4.61.0409171734140.5226@rainland.homelinux.com>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Sep 17 17:34:37 rainland sendmail[5229]: i8I0YaDt005227: to=<darthlinux@verizon.net>, ctladdr=<root@rainland.homelinux.com> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120291, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (i8I0YaZW005230 Message accepted for delivery)
Sep 17 17:34:37 rainland sm-mta[5232]: i8I0YaZW005230: AUTH=client, available mechanisms do not fulfill requirements
Sep 17 17:34:37 rainland sm-mta[5232]: AUTH=client, relay=outgoing.verizon.net., temporary failure, connection abort
Sep 17 17:34:37 rainland sm-mta[5232]: i8I0YaZW005230: to=<darthlinux@verizon.net>, ctladdr=<root@rainland.homelinux.com> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=120475, relay=outgoing.verizon.net. [206.46.170.8], dsn=4.0.0, stat=Deferred: Temporary AUTH failure

So does that help at all??????????????????
I'm getting stressed out by this stupid thing, can you help??????

Wolfy

kodon · 09-17-2004, 08:53 PM

what does your
/etc/mail/authinfo
and
/etc/mail/authinfo.db
look like
(just x out your pw)

Wolfy · 09-17-2004, 09:16 PM

KODON,

[/etc/mail/authinfo]

AuthInfo:verizon.net "U:darthlinux@verizon.net" "P:XXXXXXXXX" "M:PLAIN"
AuthInfo: "U:darthlinux@verizon.net" "P:XXXXXXXXX" "M:PLAIN"

[/etc/mail/authinfo.db]

"P:XXXXXXXXX" "M:PLAIN"authinfo:"U:darthlinux@verizon.net" "P:XXXXXXXXX" "M:PLAIN"authinfo:verizon.net

Does that help any?????????

Wolfy