Hi, So with some more debugging, I'm learning that with my normal password, and variations of it, it continues that RENEGOTIATION and it never sends the actual data to sendmail. Same if I use it in the user field Example passwords that do this: REFQQVNTV09SRA== RE9XSm9uZXM= RGl3YWxp
I'm also finding that some passwords (Trying for the heck of it) go straight from "334 UGFzc3dvcmQ6" to "DONE". Just like that, nothing else. Same for going from "334 VXNlcm5hbWU6" to "DONE". Examples of passwords that do this: Q2hlY2tpbmdBY2NvdW50 Q2hhbmdlLm9yZw== Any ideas? Tnx, Tuc On Mon, Sep 21, 2020 at 1:40 PM Scott Ellentuch <tuct...@gmail.com> wrote: > Hi, > > I'm using sendmail 8.14.4 and Sasl 2.1.23 . Config info > > # more /etc/sasl2/Sendmail.conf > > pwcheck_method:saslauthd > > > # egrep -v "^#" /etc/sysconfig/saslauthd > > SOCKETDIR=/var/run/saslauthd > > MECH=pam > > FLAGS=-d > > > # cat /etc/pam.d/smtp > > #%PAM-1.0 > > auth include password-auth > > account include password-auth > > > I'm having an issue when using "AUTH LOGIN" but not in every case. > > > *Port 25: > > SENDMAIL - > > 235 2.0.0 OK Authenticated > > > SASLAUTHD - > > saslauthd[26872] :released accept lock > > saslauthd[26871] :acquired accept lock > > saslauthd[26872] :auth success: [user=USER] [service=smtp] [realm=] > [mech=pam] > > saslauthd[26872] :response: OK > > > --- > > *Port 587: > > SENDMAIL - > > 235 2.0.0 OK Authenticated > > > SASLAUTHD - > > saslauthd[26871] :released accept lock > > saslauthd[26875] :acquired accept lock > > saslauthd[26871] :auth success: [user=USER] [service=smtp] [realm=] > [mech=pam] > > saslauthd[26871] :response: OK > > > --- > > *Port 25 STARTTLS: > > SENDMAIL (Via openssl s_client -connect) > > RENEGOTIATING > > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > > verify return:1 > > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > > verify return:1 > > depth=0 CN = MYSERVERNAME > > verify return:1 > > (I HIT RETURN HERE) > > 535 5.7.0 authentication failed > > > SASLAUTHD- > > saslauthd[26875] :released accept lock > > saslauthd[26875] :NULL password received > > saslauthd[26875] :acquired accept lock > > > --- > > *Port 465 > > SENDMAIL - (Via openssl s_client -connect) > > RENEGOTIATING > > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > > verify return:1 > > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > > verify return:1 > > depth=0 CN = MYSERVERNAME > > verify return:1 > > (I HIT RETURN HERE) > > 535 5.7.0 authentication failed > > > SASLAUTHD- > > saslauthd[26875] :released accept lock > > saslauthd[26874] :acquired accept lock > > saslauthd[26875] :NULL password received > > > --- > > *testsaslauthd non existent service - > > TESTSASLAUTHD - > > 0: NO "authentication failed" > > > SASLAUTHD- > > saslauthd[26873] :released accept lock > > saslauthd[26872] :acquired accept lock > > saslauthd[26873] :auth failure: [user=USER] [service=nonexistant] [realm=] > [mech=pam] [reason=PAM auth error] > > > --- > > *testsaslauthd smtp service > > TESTSASLAUTHD - > > 0: OK "Success." > > > SASLAUTHD - > > saslauthd[26872] :released accept lock > > saslauthd[26871] :acquired accept lock > > saslauthd[26872] :auth success: [user=user] [service=smtp] [realm=] > [mech=pam] > > saslauthd[26872] :response: OK > > > --- > > > I'm not sure why things work fine during plaintext, and then gives ":NULL > password received" when it's STARTTLS / SSL. > > > Any pointers to look / tweak / etc? > > > Tnx, Tuc > >
