Automatic email relay agent?
Alexander Dalloz
ad+lists at uni-x.org
Thu Dec 1 20:22:57 UTC 2005
Am Do, den 01.12.2005 schrieb Hongwei Li um 20:45:
> >> Dec 1 10:07:52 morpheus sendmail[26602]: AUTH: available mech=CRAM-MD5
> >> DIGEST-MD5, allowed mech=LOGIN PLAIN
> >
> > That does not look correct. The both MD5 mechs shouldn't been listed due
> > to your configuration.
>
> -- where sohuld I change? I checked sendmail.mc, but could not find which
> line to change.
No, your sendmail.mc changes were correct, following the tutorial on the
website I gave you the URL of. At least if you didn't just append the
settings at the bottom but made the changes inline, where you found
commented entries.
> Below is what I did and got.
>
> # telnet morpheus.wustl.edu 25 Trying 128.252.85.129...
> Connected to morpheus.wustl.edu (128.252.85.129). Escape character is '^]'.
> 220 morpheus.wustl.edu ESMTP Sendmail 8.13.1/8.13.1; Thu, 1 Dec 2005 11:38:28
> -0600
> ehlo foo.bar
> 250-morpheus.wustl.edu Hello morpheus.wustl.edu [128.252.85.129], pleased to
> meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> quit
> 221 2.0.0 morpheus.wustl.edu closing connection
> Connection closed by foreign host.
That is exactly what is to be expected: STARTTLS is offered, but no AUTH
- just because you told Sendmail to only offer LOGIN and PLAIN AUTH
mechs when the connection is safe (=encrypted).
> # openssl s_client -connect morpheus.wustl.edu:25 -starttls smtp
> CONNECTED(00000003)
[ certificate data stripped ]
> Verify return code: 18 (self signed certificate)
> ---
> 220 morpheus.wustl.edu ESMTP Sendmail 8.13.1/8.13.1; Thu, 1 Dec 2005 11:41:29
> -0600
Good up to this point. The STARTTLS session was successfully established
and Sendmail greats you.
> ehlo foo.bar
> 250-morpheus.wustl.edu Hello morpheus.wustl.edu [128.252.85.129], pleased to
> meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH LOGIN PLAIN
Now with the encrypted connection Sendmail allows you to AUTH using
either LOGIN or PLAIN.
> 250-DELIVERBY
> 250 HELP
> quit
> 221 2.0.0 morpheus.wustl.edu closing connection
> closed
> #
>
> I cleaned SSL cache, cookies, etc. restart Outlook / OE, test it on 3
> different computers, still got the same error.
>
> Also, when I try OE, the error message is:
>
> Unable to establish SSL connection with the server. Account "morpheus",
> Server: "morpheus.wustl.edu', Protocol: SMTP, Server Response: '454 TLS not
> available due to temporary reason', Port: 25, Secure(SSL): Yes, Server Error:
> 454, Error Number: 0x800CCC7F
I would be it is a client problem. To evaluate simply go on with testing
where you stopped.
> Hongwei
When you made the hand established TLS connection and then entered "EHLO
foo.bar", go on and AUTH yourself. To do this you need to base64 encode
your username and password. You can do this with a Perl 1-liner:
perl -MMIME::Base64 -e 'print encode_base64("user\0user\0password");'
That will print out a string which you have to enter following way
(after initial EHLO):
AUTH PLAIN dXNlcgB1c2VyAHBhc3N3b3Jk
That must be answered by Sendmail with a authentication success message.
If you hand auth using LOGIN, you enter "AUTH LOGIN", will get back a
base64 string which decodes as the question which user shall auth, you
enter the base64 encoded username, then Sendmail will ask in base64 form
for your password, which you have to enter too in base64 encoding.
Finally a success message must follow.
I am sure these test will be successful as the initial test trying to
establish a STARTTLS session already was successful. So your problem is
client based. Check for firewalling and anti-virus scanners (outbound
mail scanning), as I told you before. The issue (especially Norton's
thing) is well known and an ongoing pain. You will find many hits and
references to this through google. I.e.
http://www.cs.wisc.edu/csl/old-doc/info/smtp-auth/
If you face other cryptic OE error codes, use google too or directly go
to
http://support.microsoft.com/default.aspx?scid=kb;en-us;208814
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 21:03:53 up 33 days, 19:04, load average: 0.15, 0.23, 0.25
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051201/5ce929ab/attachment-0001.sig>
More information about the fedora-list
mailing list