Sendmail AUTH

Thu Aug 4 15:43:00 UTC 2005

Am Do, den 04.08.2005 schrieb Justin Willmert um 17:28:

> I've been trying to get my Sendmail server to use authentication to send 
> emails. Right now I can get by with just using my 'access' file and 
> allowing my home network's IP address, but when we go on vacation, I 
> can't send emails without creating a tunnel with putty to my server at 
> home to make Sendmail think I'm sending it from localhost.

Correct, SMTP AUTH is the route to go here for being able to send mail
through your MTA from untrusted because changing IP addresses.

> The problem is I can't get authentication to work. I've followed a 
> couple different tutorials on-line, and by all appearances, it should 
> work, but it doesn't.
> 
> First, the text below is the settings I added to sendmail.mc. This is 
> where I deviate from some of the tutorials. Many of them also set up for 
> encryption, but until I get at least this part to work, I don't even 
> want to think about that, though I'll probably add that in later sometime.
> 
>      define(`confAUTH_OPTIONS', `A')dnl
>      TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
>      define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

Looks good for using those 2 mechs. Better to combine that in second
step with STARTTLS to not send auth data unencrypted through the net.

> And then I just want to login with my system accounts and not have to 
> worry about keeping SASL accounts in sync with my system (stored in an 
> LDAP server) accounts, I have this in my /usr/lib/sasl2/Sendmail.conf file:
> 
>      pwcheck_method:pam

That is wrong. This _was_ valid with SASL v1.5 but no longer with
SASLv2. So change it back to be

pwcheck_method:saslauthd

> When I try to send an email, Thunderbird asks me for my password (after 
> I put my username in the properties for my SMTP server, of course) and 
> it fails. I can enter my password a couple different time, but it always 
> fails.

It can't work with that setup.

> Justin Willmert

Run "service saslauthd start" and "chkconfig saslauthd on". As soon as
started the saslauthd you are able to SMTP AUTH. The default setup is to
use shadow with saslauthd which is basically the same as using pam
(default). Only if you change your /etc/pam.d/smtp setup to be different
for specific purposes you get something different and it will require to
change in /etc/sysconfig/saslauthd to MECH=pam to use PAM.

http://www.joreybump.com/code/howto/smtpauth.html

That is a good howto for Fedora use of Sendmail and SMTP AUTH.

Alexander

-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 17:35:12 up 19 days, 22:07, load average: 0.16, 0.16, 0.11 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050804/f35ab569/attachment-0001.sig>