STMP Auth Failure
Robin Curts
rcurts at robincurts.com
Fri Feb 4 18:51:26 UTC 2005
Paul Howarth wrote:
> Robin Curts wrote:
>
>> Rodolfo J. Paiz wrote:
>>
>>> On Fri, 2005-02-04 at 11:06 -0600, rcurts at robincurts.com wrote:
>>>
>>>
>>>> I CAN send mail to <my_username>@<hostname_of_box>.com ... but if i
>>>> send
>>>> to an outside domain I get the error.
>>>>
>>>> The AUTH section of my sendmail.mc file:
>>>>
>>>> define(`confAUTH_OPTIONS', `A p')dnl
>>>> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>>>> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
>>>> LOGIN
>>>> PLAIN')dnl
>>>>
>>>>
>>>
>>>
>>>
>>> Try removing the "p" for the first line, like this:
>>>
>>> define(`confAUTH_OPTIONS', `A')dnl
>>>
>>> I believe the "p" parameter only allows encrypted authentication, and
>>> will expressly prevent SMTP AUTH unencrypted mechanisms like PLAIN and
>>> LOGIN unless the session is encrypted.
>>>
>>> For most people, allowing PLAIN and LOGIN SMTP AUTH is no greater risk
>>> than they already have, since POP and IMAP *also* transmit unencrypted
>>> passwords. Hence, no damage done by removing the 'p'.
>>>
>>> I think it should work with that one change. Try it and see!
>>>
>>> Cheers,
>>>
>>>
>>>
>> A few answers to the folks that have been helping me:
>>
>> I took the "p" out of the confAUTH_OPTIONS to allow for encrypted
>> user/pass's, and I still get the same error. I tried that a few times
>> in my barrage of tests with sendmail.mc :)
>
>
> Silly question perhaps but you are rebuilding your sendmail.cf and
> restarting/reloading sendmail after making changes to sendmail.mc,
> aren't you?
>
>> I moved the LOG_LEVEL to 15 and I got the following output from maillog:
>> Feb 4 12:41:59 localhost sendmail[8286]: j14Hf6sq008286:
>> ruleset=check_rcpt, arg1=rcurts at robincurts.com,
>> relay=wbar15.tmp1-4-8-050-019.tmp1.dsl-verizon.net [4.8.50.19],
>> reject=550 5.7.1 rcurts at robincurts.com... Relaying denied. Proper
>> authentication required.
>> (not much help -- just the Proper Auth Required message really)
>>
>> I did add saslpasswd2 for the user i am trying to log in as, no help
>> there either.
>>
>> When i telnet to my host on port 25 i issue "ehlo localhost" and
>> "auth login". here's the output:
>> 220 intrastudios.com ESMTP Sendmail 8.13.1/8.13.1; Fri, 4 Feb 2005
>> 13:20:39 -0500
>> ehlo localhost
>> 250-intrastudios.com Hello
>> wbar15.tmp1-4-8-050-019.tmp1.dsl-verizon.net [4.8.50.19], pleased to
>> meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-8BITMIME
>> 250-SIZE
>> 250-DSN
>> 250-ETRN
>> 250-AUTH DIGEST-MD5 CRAM-MD5
>> 250-DELIVERBY
>> 250 HELP
>> auth login
>> 504 5.3.3 AUTH mechanism login not available
>
>
> The AUTH line shows that your server is only accepting DIGEST-MD5 and
> CRAM-MD5 authentication, so AUTH login won't work.
>
>> Note: I have both outlook and thunderbird set to "My SMTP Server
>> Requires Authentication". Outlook tries once and sends me an
>> underliverable email saying "Relaying Denied. Proper authentication
>> required." Thunderbird just prompts me over and over for my
>> password, until I hit cancel and then it all fails.
>
>
> You'll probably need to get AUTH LOGIN working for Outlook but I'm
> using CRAM-MD5 without problems on Thunderbird.
>
> Paul.
>
This is interesting, I'm not sure how to fix it... but it seems like my
subdomain is incorrect:
[SVR:mail]$=> sendmail -d0.1 -bv root
Version 8.13.1
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS
TCPWRAPPERS
USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = intrastudios
(canonical domain name) $j = intrastudios.com
(subdomain name) $m = com
(node name) $k = intrastudios.com
========================================================
(forgive me... i'm a programmer, never had the chops to be a linux admin
:) :) )
--
/**
* Robin Curts
* rcurts at robincurts.com
* (813) 786-8634
*/
More information about the fedora-list
mailing list