LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to set up sendmail to use Exchange server with auth NTLM as smart relay? (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-set-up-sendmail-to-use-exchange-server-with-auth-ntlm-as-smart-relay-867008/)

lrtward 03-07-2011 11:49 AM
How to set up sendmail to use Exchange server with auth NTLM as smart relay?
 
I have a CentOS 5 box that is a web server. When it generates emails, all emails should go out through our Exchange mail server.

I believe our Exchange server requires NTLM authentication:
Code:
# telnet exchangeserv 25
Trying 10.102.14.27...
Connected to exchangeserv.domain.edu (10.102.14.27).
Escape character is '^]'.
220 ExchangeServ.domain.edu Microsoft ESMTP MAIL Service ready at Mon, 7 Mar 2011 11:49:31 -0500
ehlo webserv.domain.edu
250-ExchangeServ.domain.edu Hello [10.102.15.191]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
I set up my /etc/mail/access file as follows:
Code:
Connect:localhost.localdomain          RELAY
Connect:localhost                      RELAY
Connect:127.0.0.1                      RELAY

AuthInfo:ExchangeServ.domain.edu "U:smmsp" "I:domain\first.last" "P:password" "M:NTLM"
Then I ran
Code:
# makemap hash /etc/mail/access.db < /etc/mail/access
Then I restarted sendmail.

I am not getting authenticated though.

The message gets accepted for delivery by localhost but then when it hands the message off to the Exchange server smart relay, I see this in /var/log/maillog:
Code:
Mar  7 12:44:15 webserv sendmail[10129]: STARTTLS=client, relay=exchangeserv.domain.edu., version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA, bits=128/128
Mar  7 12:44:15 webserv sendmail[10129]: AUTH=client, relay=exchangeserv.domain.edu [10.102.14.27], authinfo failed
My Exchange folks told me that the userid should be in the form "domain\first.last" just like I log into our Active Directory domain. I can't find any information on how to test that I've got the correct userid format though. I've spent quite a lot of time doing searches and reading.

lrtward 04-21-2011 11:14 AM
Well, as it turns out my Exchange folks were wrong.
Our Exchange server did NOT require authentication, they just needed to set up their server so that my IP was allowed to relay through.

Figured I'd post the solution in case any other poor soul stumbled upon this as a result of a search.

viktor1985 06-05-2012 07:27 PM
Quote:
Originally Posted by lrtward (Post 4331745)
Well, as it turns out my Exchange folks were wrong.
Our Exchange server did NOT require authentication, they just needed to set up their server so that my IP was allowed to relay through.

Figured I'd post the solution in case any other poor soul stumbled upon this as a result of a search.
Hello

Could you please be more explicit how was your solution.

I have a red hat 4.6 server, running a perl , that in case of failure sends an email through a exchange server (this supports NTLM authentication). How Can I implement this authentication ?

echo "something" | mailx -s "subject" personal@mail.com

mailx: invalid option -- S
Usage: mailx [-BFintv~] [-s subject] [-a attachment] [-c cc-addr] [-b bcc-addr] [-r from-addr] [-h hops] [-R reply-addr] to-addr ...
[- sendmail-options ...]
mailx [-BeHiInNv~] [-T name] -f [name]
mailx [-BeinNv~] [-u user]


But no mail is sent. The guys in charge of email server says that it accepts anonymus connections.



Code:
ndsis01ven:~ # telnet 172.22.95.125 25
Trying 172.22.95.125...
Connected to 172.22.95.125.
Escape character is '^]'.
220 WEXHUB.telcel.com.co Microsoft ESMTP MAIL Service ready at Fri, 1 Jun 2012 14:12:45 -0500
ehlo
250-WEXHUB.telcel.com.co Hello [10.159.229.60]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
Any clue would be very very appreciated.

Thanks in advance. :)

lrtward 06-21-2012 09:44 AM
What shows up in your /var/log/maillog when you try to send the email?

viktor1985 06-21-2012 11:41 AM
Quote:
Originally Posted by lrtward (Post 4708582)
What shows up in your /var/log/maillog when you try to send the email?
Hello


Code:
Jun 19 11:08:51 ndsis01ven postfix/smtp[13137]: warning: SASL authentication failure: No worthy mechs found
Jun 19 11:08:51 ndsis01ven postfix/smtp[13137]: 57486208160: to=<someone@something.com>, relay=170.20.80.120[170.20.80.120], delay=330121, status=deferred (Authentication failed: cannot SASL authenticate to server 170.20.80.120[170.20.80.120]: no mechanism available)
The guys of Exchange Server had told me a few days ago, they don't allow anonymous connection and gave me a user and password.

I have already rebuild the new sasl_passwd (sasl_passwd.db) file with the user and pass.

What Am I missing ?

Thanks in advance.


All times are GMT -5. The time now is 11:45 AM.