Bug#297621: sendmail: Sendmail + SASL Auth + SSL + LDAP fails

[Jeremy Brown]

Subject: sendmail: Sendmail + SASL Auth + SSL + LDAP fails
Package: sendmail
Version: 8.13.3-6
Severity: normal
*** Please type your report below this line ***
I'm unable to get Sendmail to authenticate against a PAM source (in
this case, pam_ldap).  My sendmail.mc is attached.  My test mail
client is Mozilla Thunderbird 0.8 under Windows XP.  I've tried
connecting to port 25 using TLS and port 465 using SSL; both give the
same results.
My /etc/default/saslauthd:
==================================================================
# This needs to be uncommented before saslauthd will be run
automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="pam"
==================================================================
Here's the data from /var/log/auth.log:
==================================================================
Mar  1 14:47:01 file sm-mta[1132]: no secret in database
Mar  1 14:47:01 file sm-mta[1132]: NTLM server step 1
Mar  1 14:47:01 file sm-mta[1132]: client flags: ffff8207
Mar  1 14:47:01 file sm-mta[1132]: NTLM server step 2
Mar  1 14:47:01 file sm-mta[1132]: client user: jeremy.brown
Mar  1 14:47:01 file sm-mta[1132]: no secret in database
Mar  1 14:47:01 file saslauthd[900]: (pam_unix) check pass; user unknown
Mar  1 14:47:01 file saslauthd[900]: (pam_unix) authentication failure; 
logname=
uid=0 euid=0 tty= ruser= rhost=
Mar  1 14:47:03 file saslauthd[900]: DEBUG: auth_pam: pam_authenticate 
failed: A
uthentication service cannot retrieve authentication info.
Mar  1 14:47:03 file saslauthd[900]: do_auth         : auth failure: 
[user=jerem
y.brown] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Mar  1 14:47:03 file sm-mta[1132]: Password verification failed
Mar  1 14:47:03 file saslauthd[897]: (pam_unix) check pass; user unknown
Mar  1 14:47:03 file saslauthd[897]: (pam_unix) authentication failure; 
logname=
uid=0 euid=0 tty= ruser= rhost=
Mar  1 14:47:06 file saslauthd[897]: DEBUG: auth_pam: pam_authenticate 
failed: A
uthentication service cannot retrieve authentication info.
Mar  1 14:47:06 file saslauthd[897]: do_auth         : auth failure: 
[user=jerem
y.brown] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
==================================================================

When I run testsaslauthd, everything looks OK:
# testsaslauthd -u jeremy.brown -p password_obscured
0: OK "Success."
Any help?  Am I doing something wrong or is this a defect?  I'm
pulling my hair out about this!
Jeremy
-- Package-specific info:
Ouput of /usr/share/bug/sendmail/script:
ls -alR /etc/mail:
/etc/mail:
total 356
drwxr-sr-x   8 smmta smmsp  4096 Mar  1 14:46 .
drwxr-xr-x  79 root  root   4096 Mar  1 13:45 ..
-rw-r--r--   1 root  smmsp    18 Oct 18 17:40 .profile
-rwxr-xr--   1 root  smmsp  9514 Mar  1 14:46 Makefile
-rw-------   1 root  root   4645 Sep 30 15:17 access
-rw-r-----   1 smmta smmsp 12288 Mar  1 13:45 access.db
-rw-r--r--   1 root  root    281 Sep 12 14:31 address.resolve
lrwxrwxrwx   1 root  smmsp    10 Sep 30 15:17 aliases -> ../aliases
-rw-r-----   1 smmta smmsp 12288 Mar  1 13:45 aliases.db
drwxr-sr-x   2 root  smmsp  4096 Mar  1 12:41 certs
-rw-r--r--   1 root  smmsp  3537 Mar  1 14:46 databases
-rw-r-----   1 smmta smmsp    47 Mar  1 13:38 default-auth-info
-rw-r--r--   1 root  root   5588 Dec 15 20:34 helpfile
-rw-r--r--   1 root  smmsp    32 Sep 30 15:17 local-host-names
drwxr-sr-x   2 smmta smmsp  4096 Sep 30 15:17 m4
drwxr-xr-x   2 root  root   4096 Feb 18 11:42 peers
drwxr-xr-x   2 smmta smmsp  4096 Mar  1 14:07 sasl
-rw-r--r--   1 root  smmsp 64318 Mar  1 14:46 sendmail.cf
-rw-r--r--   1 root  root  63604 Feb 18 11:42 sendmail.cf.old
-rw-r--r--   1 root  root  11884 Mar  1 13:45 sendmail.conf
-rw-r--r--   1 root  smmsp  3964 Mar  1 14:46 sendmail.mc
-rw-r--r--   1 root  root    149 Sep 12 14:31 service.switch
-rw-r--r--   1 root  root    180 Sep 12 14:31 service.switch-nodns
drwxr-sr-x   2 smmta smmsp  4096 Sep 30 15:17 smrsh
-rw-r--r--   1 root  smmsp 43610 Mar  1 13:45 submit.cf
-rw-r--r--   1 root  root  43603 Feb 18 11:42 submit.cf.old
-rw-r--r--   1 root  smmsp  2285 Mar  1 13:45 submit.mc
drwxr-xr-x   2 smmta smmsp  4096 Oct 11 10:38 tls
-rw-r--r--   1 root  smmsp     0 Sep 30 15:17 trusted-users
/etc/mail/certs:
total 8
drwxr-sr-x  2 root  smmsp 4096 Mar  1 12:41 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
/etc/mail/m4:
total 8
drwxr-sr-x  2 smmta smmsp 4096 Sep 30 15:17 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
-rw-r-----  1 root  smmsp    0 Sep 30 15:17 dialup.m4
-rw-r-----  1 root  smmsp    0 Sep 30 15:17 provider.m4
/etc/mail/peers:
total 12
drwxr-xr-x  2 root  root  4096 Feb 18 11:42 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
-rw-r--r--  1 root  root   328 Sep 12 14:31 provider
/etc/mail/sasl:
total 16
drwxr-xr-x  2 smmta smmsp 4096 Mar  1 14:07 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
-rw-r-----  1 smmta smmsp  748 Mar  1 13:38 Sendmail.conf.2
-rwxr--r--  1 root  root  3700 Mar  1 13:45 sasl.m4
/etc/mail/smrsh:
total 8
drwxr-sr-x  2 smmta smmsp 4096 Sep 30 15:17 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
lrwxrwxrwx  1 root  smmsp   26 Sep 30 15:17 mail.local -> 
/usr/lib/sm.bin/mail.l
ocal
lrwxrwxrwx  1 root  smmsp   17 Sep 30 15:17 procmail -> /usr/bin/procmail
lrwxrwxrwx  1 root  smmsp   17 Sep 30 15:17 vacation -> /usr/bin/vacation

/etc/mail/tls:
total 44
drwxr-xr-x  2 smmta smmsp 4096 Oct 11 10:38 .
drwxr-sr-x  8 smmta smmsp 4096 Mar  1 14:46 ..
-rw-r--r--  1 root  root     7 Oct 11 10:38 no_prompt
-rw-------  1 root  root  1190 Oct 11 10:38 sendmail-client.cfg
-rw-r--r--  1 root  smmsp  851 Oct 11 10:38 sendmail-client.crt
-rw-------  1 root  root   651 Oct 11 10:38 sendmail-client.csr
-rw-r-----  1 root  smmsp  887 Oct 11 10:38 sendmail-common.key
-rw-------  1 root  root     0 Oct 11 10:38 sendmail-common.prm
-rw-------  1 root  root  1190 Oct 11 10:38 sendmail-server.cfg
-rw-r--r--  1 root  smmsp  851 Oct 11 10:38 sendmail-server.crt
-rw-------  1 root  root   651 Oct 11 10:38 sendmail-server.csr
-rwxr--r--  1 root  root  3169 Mar  1 13:45 starttls.m4
sendmail.conf:
DAEMON_NETMODE="Static";
DAEMON_NETIF="eth0";
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="No";
DAEMON_MAILSTATS="No";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="10m";
QUEUE_PARMS="";
MSP_MODE="Cron";
MSP_INTERVAL="20m";
MSP_PARMS="";
MSP_MAILSTATS="${DAEMON_MAILSTATS}";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
LOG_CMDS="No";
HANDS_OFF="No";
AGE_DATA="";
DAEMON_RUNASUSER="No";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";
sendmail.mc:
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.13.1-13 2004-09-12 18:29:33 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=0.0.0.0')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, 
Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn
,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`greet_pause', `1000')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`file.cadre5.com')dnl
MASQUERADE_AS(`ssh.cadre5.com')dnl
MASQUERADE_AS(`vpn.cadre5.com')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
LOCAL_DOMAIN(`file.cadre5.com')
MAILER(local)dnl
MAILER(smtp)dnl
include(`/etc/mail/sasl/sasl.m4')
include(`/etc/mail/tls/starttls.m4')
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')

submit.mc...
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: submit.mc, v 8.13.1-13 2004-09-12 18:29:33 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-msp')dnl
FEATURE(`msp', `[127.0.0.1]', `MSA')dnl
-- System Information:
Debian Release: 3.1
 APT prefers testing
 APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-debjtb
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages sendmail depends on:
ii  rmail                         8.13.3-6   MTA->UUCP remote mail handler
ii  sendmail-base                 8.13.3-6   powerful, efficient, and 
scalable
ii  sendmail-bin                  8.13.3-6   powerful, efficient, and 
scalable
ii  sendmail-cf                   8.13.3-6   powerful, efficient, and 
scalable
ii  sensible-mda                  8.13.3-6   Mail Delivery Agent wrapper

Versions of packages sensible-mda depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared 
libraries an
ii  procmail                    3.22-10      Versatile e-mail processor
ii  sendmail-bin [mail-transpor 8.13.3-6     powerful, efficient, and 
scalable

Versions of packages rmail depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared 
libraries an
ii  libldap2                    2.1.30-3     OpenLDAP libraries
ii  sendmail-bin [mail-transpor 8.13.3-6     powerful, efficient, and 
scalable

-- no debconf information

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]