Sendmail+sasl2+smtpauth didn't work?
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Mon Sep 13 01:06:05 UTC 2004
Am Mo, den 13.09.2004 schrieb Michele Ferritto um 0:13:
> Ok....I agree with that but the login plain mechanism is offered anyway,
> why Outlook don't work?
Because what the Sendmail announces as supported AUTH MECHs does not say
that it really works. It is important to not simply accept log files to
grow but to intensively inspect them, listen to what they are saying. In
your case the central voice is
"AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no
mechanism available: checkpass failed"
I feel that is nothing cryptic (like error messages on Win32 commonly
are). It is SASL saying "no mechanism available".
The short form:
- with pwcheck_method:auxprop you can do DIGEST-MD5, CRAM-MD5 and PLAIN
- with pwcheck_method:saslauthd you can do PLAIN and LOGIN
See:
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/CyrusSaslComponents
> The STARTTLS is a good idea (I've just modified the relatives path in
> sendmail.mc to point at the correct cert repository and the STARTTLS works)
Good. From point of security this is essential. There is actually no
need to let auth data fly in plain format through any net which can then
be easily sniffed by potential attackers.
I suggest you set in sendmail.mc
define(`confAUTH_OPTIONS', `A p')dnl
to enforce STARTTLS for LOGIN and PLAIN and
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
to only offer those MECHs you can offer using the saslauthd. You are
then safe with each client.
> Michele Ferritto
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 03:05:58 up 14 days, 22 users, load average: 0.03, 0.20,
0.19
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040913/d2112425/attachment-0001.sig>
More information about the fedora-list
mailing list