STMP Auth Failure

Paul Howarth paul at city-fan.org
Fri Feb 4 18:32:26 UTC 2005 

Robin Curts wrote:
> Rodolfo J. Paiz wrote:
> 
>> On Fri, 2005-02-04 at 11:06 -0600, rcurts at robincurts.com wrote:
>>  
>>
>>> I CAN send mail to <my_username>@<hostname_of_box>.com ... but if i send
>>> to an outside domain I get the error.
>>>
>>> The AUTH section of my sendmail.mc file:
>>>
>>> define(`confAUTH_OPTIONS', `A p')dnl
>>> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>>> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
>>> PLAIN')dnl
>>>
>>>   
>>
>>
>> Try removing the "p" for the first line, like this:
>>
>> define(`confAUTH_OPTIONS', `A')dnl
>>
>> I believe the "p" parameter only allows encrypted authentication, and
>> will expressly prevent SMTP AUTH unencrypted mechanisms like PLAIN and
>> LOGIN unless the session is encrypted.
>>
>> For most people, allowing PLAIN and LOGIN SMTP AUTH is no greater risk
>> than they already have, since POP and IMAP *also* transmit unencrypted
>> passwords. Hence, no damage done  by removing the 'p'.
>>
>> I think it should work with that one change. Try it and see!
>>
>> Cheers,
>>
>>  
>>
> A few answers to the folks that have been helping me:
> 
> I took the "p" out of the confAUTH_OPTIONS to allow for encrypted 
> user/pass's, and I still get the same error. I tried that a few times in 
> my barrage of tests with sendmail.mc :)

Silly question perhaps but you are rebuilding your sendmail.cf and 
restarting/reloading sendmail after making changes to sendmail.mc, 
aren't you?

> I moved the LOG_LEVEL to 15 and I got the following output from maillog:
> Feb  4 12:41:59 localhost sendmail[8286]: j14Hf6sq008286: 
> ruleset=check_rcpt, arg1=rcurts at robincurts.com, 
> relay=wbar15.tmp1-4-8-050-019.tmp1.dsl-verizon.net [4.8.50.19], 
> reject=550 5.7.1 rcurts at robincurts.com... Relaying denied. Proper 
> authentication required.
> (not much help -- just the Proper Auth Required message really)
> 
> I did add saslpasswd2 for the user i am trying to log in as, no help 
> there either.
> 
> When i telnet to my host on port 25 i issue "ehlo localhost" and "auth 
> login".  here's the output:
> 220 intrastudios.com ESMTP Sendmail 8.13.1/8.13.1; Fri, 4 Feb 2005 
> 13:20:39 -0500
> ehlo localhost
> 250-intrastudios.com Hello wbar15.tmp1-4-8-050-019.tmp1.dsl-verizon.net 
> [4.8.50.19], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH DIGEST-MD5 CRAM-MD5
> 250-DELIVERBY
> 250 HELP
> auth login
> 504 5.3.3 AUTH mechanism login not available

The AUTH line shows that your server is only accepting DIGEST-MD5 and 
CRAM-MD5 authentication, so AUTH login won't work.

> Note: I have both outlook and thunderbird set to "My SMTP Server 
> Requires Authentication".  Outlook tries once and sends me an 
> underliverable email saying "Relaying Denied. Proper authentication 
> required."  Thunderbird just prompts me over and over for my password, 
> until I hit cancel and then it all fails.

You'll probably need to get AUTH LOGIN working for Outlook but I'm using 
CRAM-MD5 without problems on Thunderbird.

Paul.

More information about the fedora-list mailing list