Sendmail [was OpenSSL]
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Wed Jul 14 22:08:55 UTC 2004
Am Mi, den 14.07.2004 schrieb James Kosin um 22:17:
> | http://sial.org/howto/sendmail/tls-relay/
> Thanks, that is now taken care of......
> It was a great source of information about certificates and such.
Good that it helped. Yes, it is a nicely written documentation.
> Now I have a new error...
> I've included the logfile results here...
> I did add a user using saslpasswd, if that is what may have been needed;
> but, still the same results..
> Any Ideas on this one?
I have a question: Do you want to authenticate against a sasldb? That
file is created as /etc/sasldb by running saslpasswd and should have
chmod 600 and chown root:root. It is your decision whether you want to
use system users or a decent database with auth data and mail users
independent from the system. By default Sendmail on Fedora is configured
to AUTH against the /etc/shadow by using the saslauthd.
If you really want to use a sasl database I would recommend to use SASL
version 2 instead of 1 and that means using saslpasswd2 which manages an
/etc/sasldb2 database file. You will too have to set the content of
/usr/lib/sasl2/Sendmail.conf to pwcheck_method:sasldb2. In case you
simply want to use system users leave the Sendmail.conf file as it is
and take care the saslauthd is running (service saslauthd start;
chkconfig saslauthd on).
> Thanks,
> James
> (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in
> database
> authentication failed
> Jul 14 15:25:31 beta sendmail[25566]: i6EJPDgV025566: AUTH failure
> (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available:
> checkpass failed
2 different errors, maybe you switched your setup between them. See my
above explanations and adjust your setup. I am sure SMTP AUTH is working
then immediately. I cannot see a STARTTLS (certificate) error. The
pasted log shows nicely well working TLS:
relay=james.support.intcomgrp.com [192.168.10.158], version=TLSv1/SSLv3,
verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Just as a warning: change your username and password immediately. You
posted AUTH data through this list! though it seems to be unreadable
data it is not. It is only base64 "encoded". I think it is enough if I
tell you that you in one case you used "jkosinjk7619" ;) (Don't want to
make it all too easy). While that indicates that the whole session was
not TLS secured.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) Athlon CPU kernel 2.6.6-1.435.2.3.uml
Serendipity 23:54:46 up 1 day, 21:37, load average: 1.12, 1.10, 1.23
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040715/51ae85f6/attachment-0001.sig>
More information about the fedora-list
mailing list