Sendmail SMTP Problem

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Sat Apr 10 15:43:37 UTC 2004 

Am Sa, den 10.04.2004 schrieb Frederic Herman um 13:02:

> After upgrading from RedHat 9 to Fedora core, I have a problem with 
> smtp, due to sendmail now using sasl for authentication.  I have 
> saslauthd running as:

SASL(2) was used for authentification before too.

> /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow

That is hopefully just the line you get by "ps axuw". Run the saslauthd
service through its init script. Therein the MECH is specified and by
default it's using shadow. You can overwrite that by setting the MECH in
/etc/sysconfig/saslauthd (create that file if not there). To start the
saslauthd run "service saslauthd start". To be sure it is automagically
running in the desired runlevels use "chkconfig --list saslauthd".

> which should use the /etc/shadow file for authentication.  However, what 
> actually happens is that each user must have their username & password 
> in the /etc/sasldb2 file.  As far as I can tell, the shadow password 
> file isn't being used for authentication.  The only configuration file 
> that I'm aware of the sasl should be using is 
> /usr/lib/sasl2/Sendmail.conf which contains:
> 
> pwcheck_method: sasluathd

saslauthd as pwcheck_method is correct. But it matters which client you
use to talk with the Sendmail daemon and which auth mech that one uses.
If your mail client is using i.e. CRAM-MD5 then this will not work with
saslauthd against shadow. That will always require authentification
against a sasldb2. Only PLAIN and LOGIN run with shadow.

You should check your sendmail.mc configuration which authentification
mechanisms your Sendmail offers to clients. You can see that too if you
"telnet sendmail_IP 25" and after greeting sending a "EHLO foo".
Sendmail shows you then along with other information a line "250 AUTH
...". 

> I'd actually like to not use passwords for this since I already restrict 
> smtp to a very limited number of ip's, because everytime a user start's 
> their browser, they have to reenter their password.

If you do not require Sendmail authentification at all, because your
SMTP restriction is already for few very specific IPs (i.e. from private
address area, static IPs) - you can switch off SMTP AUTH in your
sendmail.mc and using "IP RELAY" in the access_db map. On the other hand
you could switch off SMTP AUTH too on a per IP basis.

> Any help would be appreciated.
> 
> Fred

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 17:29:20 up 22 days, 1:10, load average: 1.02, 1.13, 1.08 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040410/d4582bda/attachment-0001.sig>

More information about the fedora-list mailing list