Package: sendmail Version: 8.13.8-3 Severity: normal
I'm trying to authenticate to/relay through sendmail using a client certificate (my client is Thunderbird 2.0.0.6). TLS is started ok, and my cert if verified by sendmail (verify=OK). But following the STARTTLS my client sends: AUTH EXTERNAL = which is rejected by sendmail with: 501 5.5.4 cannot BASE64 decode '=' and thus my certificate-based RELAY fails. However, if I'm reading rfc4854 correctly: http://tools.ietf.org/html/rfc4954#section-4 http://tools.ietf.org/html/rfc4954#section-4.1 the "=" should be accepted as "the derived authorization id." This is the typical (edited) client/server dialog: --- 220 EDIT ESMTP Sendmail 8.13.8/8.13.8/Debian-3 ... <-- EHLO [EDIT] --- 250-EDIT Hello EDIT [EDIT], pleased to meet you --- 250-ENHANCEDSTATUSCODES --- 250-PIPELINING --- 250-8BITMIME --- 250-SIZE --- 250-DSN --- 250-AUTH DIGEST-MD5 CRAM-MD5 --- 250-STARTTLS --- 250-DELIVERBY --- 250 HELP <-- STARTTLS --- 220 2.0.0 Ready to start TLS ... EDIT ... STARTTLS=server, relay=EDIT [EDIT], version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-SHA, bits=256/256 <-- EHLO [EDIT] poststats: /var/lib/sendmail/sendmail.st: No such file or directory --- 250-EDIT Hello EDIT [EDIT], pleased to meet you --- 250-ENHANCEDSTATUSCODES --- 250-PIPELINING --- 250-8BITMIME --- 250-SIZE --- 250-DSN --- 250-AUTH EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN --- 250-DELIVERBY --- 250 HELP <-- AUTH EXTERNAL = --- 501 5.5.4 cannot BASE64 decode '=' AUTH decode64 error [1 for "="] STARTTLS=read, info: fds=8/4, err=2 <-- AUTH EXTERNAL = --- 501 5.5.4 cannot BASE64 decode '=' AUTH decode64 error [1 for "="] STARTTLS=read, info: fds=8/4, err=2 <-- AUTH EXTERNAL = --- 501 5.5.4 cannot BASE64 decode '=' AUTH decode64 error [1 for "="] STARTTLS=read, info: fds=8/4, err=2 ... etc. Any assistance would be appreciated. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages sendmail depends on: ii rmail 8.13.8-3 MTA->UUCP remote mail handler ii sendmail-base 8.13.8-3 powerful, efficient, and scalable ii sendmail-bin 8.13.8-3 powerful, efficient, and scalable ii sendmail-cf 8.13.8-3 powerful, efficient, and scalable ii sensible-mda 8.13.8-3 Mail Delivery Agent wrapper sendmail recommends no packages. Versions of packages sensible-mda depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii procmail 3.22-16 Versatile e-mail processor ii sendmail-bin [mail-tra 8.13.8-3 powerful, efficient, and scalable Versions of packages rmail depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libldap2 2.1.30-13.3 OpenLDAP libraries ii sendmail-bin [mail-tra 8.13.8-3 powerful, efficient, and scalable Versions of packages libmilter0 depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
