Re: Mail auth and FreeBSD/Sendmail
At 14:22 05.10.2004, Ed Budd wrote: Andreas Widerøe Andersen wrote: Hi all, I'm running FreeBSD 4.7 Stable on one of my servers and Sendmail 8.12.10. I'm trying to get mail auth to work so that my users can send mail (smtp port 25) through this server no matter which net they are connected to. I have installed cyrus-sasl-1.5.28_3 and followed the description given on this page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. Everything seems to work and all tests give the expected results. I have also looked at this page http://www.sendmail.org/~ca/email/auth.html and done the initial test: #telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 my.server.com ESMTP Sendmail 8.12.10/8.12.10; Tue, 5 Oct 2004 13:31:13 +0200 (CEST) ehlo localhost 250-my.server.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP When I'm testing sending mail through this server (as smtp server) I use Eudora 6.1 from my WinXP PC. I always get relaying denied and it doesn't seem to check username/password. Here's what my logfile and Eudora log says: Oct 5 13:35:18 myserver sendmail[59394]: i95BZIow059394: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=my.ip.address.domain.com [x.x.x.x], reject=550 5.7.1 [EMAIL PROTECTED]... Relaying denied. Proper authentication required. I would be very grateful for any help here. I'm stuck and I don't know what to check next. Try adding 'PLAIN' to the list of allowed authentications in your sendmail *.mc file, rebuild, and restart sendmail. Then test to see that it's advertised like you did above... Hope that helps, EB I have now followed the instructions on this page (http://www.puresimplicity.net/~hemi/freebsd/sendmail.html) exactly and the ssl connection to my pop/imap server works fine, but still I get the same error below when sending mail: Oct 6 15:06:07 server sendmail[97165]: i96D66fM097165: from=[EMAIL PROTECTED], size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=my.ip.hostname.com [80.202.145.187] Oct 6 15:06:16 server sendmail[97173]: STARTTLS=server, relay=my.ip.host.com [my.ip], version=TLSv1/SSLv3, verify=NO, cipher=EDH-DSS-DES-CBC3-SHA, bits=168/168 Oct 6 15:06:17 server sendmail[97173]: i96D6GfM097173: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=my.ip.hostname.com [my.ip], reject=550 5.7.1 [EMAIL PROTECTED]... Relaying denied. Proper authentication When I issue an ehlo localhost on port 25 of the smtp server I get this: 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP Now I'm really lost... Any help? Thanks! Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail auth and FreeBSD/Sendmail
When I issue an ehlo localhost on port 25 of the smtp server I get this: 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP Now I'm really lost... Hi Andreas, Not sure whether this helps but here we go: Within Postfix i had to specify that i needed broken_sasl support for clients like outlook. This gave me the following ehlo output: 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN (stripped the rest). Perhaps you are able to get something like that as well and then retry testing. Hth, Cheers! Any help? Thanks! Andreas -- Kind regards, Remko Lodder |[EMAIL PROTECTED] Reporter DSINet|[EMAIL PROTECTED] Projectleader Mostly-Harmless |[EMAIL PROTECTED] Founder Tienervaders |[EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail auth and FreeBSD/Sendmail
At 16:23 06.10.2004, Remko Lodder wrote: When I issue an ehlo localhost on port 25 of the smtp server I get this: 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP Now I'm really lost... Hi Andreas, Not sure whether this helps but here we go: Within Postfix i had to specify that i needed broken_sasl support for clients like outlook. This gave me the following ehlo output: 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN (stripped the rest). Perhaps you are able to get something like that as well and then retry testing. Hth, Cheers! Any help? Thanks! Andreas Hmm.. I increased the LogLevel of sendmail to 25 and this is were it seems to fail: Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: -- AUTH LOGIN Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: --- 334 VXNlcm5hbWU6 Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: --- 334 UGFzc3dvcmQ6 Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: --- 535 5.7.0 authentication failed Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: -- RSET Oct 6 16:31:57 server sendmail[99094]: i96EVuIK099094: --- 250 2.0.0 Reset state Login through pop/imap works fine though.. /Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mail auth and FreeBSD/Sendmail
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andreas Widerøe Andersen Sent: 05 October 2004 12:38 To: [EMAIL PROTECTED] Subject: Mail auth and FreeBSD/Sendmail Hi all, I'm running FreeBSD 4.7 Stable on one of my servers and Sendmail 8.12.10. I'm trying to get mail auth to work so that my users can send mail (smtp port 25) through this server no matter which net they are connected to. I have installed cyrus-sasl-1.5.28_3 and followed the description given on this page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. Everything seems to work and all tests give the expected results. I have also looked at this page http://www.sendmail.org/~ca/email/auth.html and done the initial test: #telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 my.server.com ESMTP Sendmail 8.12.10/8.12.10; Tue, 5 Oct 2004 13:31:13 +0200 (CEST) ehlo localhost 250-my.server.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP When I'm testing sending mail through this server (as smtp server) I use Eudora 6.1 from my WinXP PC. I always get relaying denied and it doesn't seem to check username/password. Here's what my logfile and Eudora log says: Oct 5 13:35:18 myserver sendmail[59394]: i95BZIow059394: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=my.ip.address.domain.com [x.x.x.x], reject=550 5.7.1 [EMAIL PROTECTED]... Relaying denied. Proper authentication required. I would be very grateful for any help here. I'm stuck and I don't know what to check next. Thanks alot! Andreas --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com I have a similar setup, apart from I use cyrus-sasl2. Do you have the relevant options to start the sasl authd in your rc.conf? If so, have you tried using a different email client to check and make sure it is not Eudora that is at error? Mick Walker ** This email and any files transmitted with it are confidential, and may be subject to legal privilege, and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error or think you may have done so, you may not peruse, use, disseminate, distribute or copy this message. Please notify the sender immediately and delete the original e-mail from your system. Computer viruses can be transmitted by e-mail. Recipients should check this e-mail for the presence of viruses. The Capita Group and its subsidiaries accept no liability for any damage caused by any virus transmitted by this e-mail. *** ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail auth and FreeBSD/Sendmail
Andreas Widerøe Andersen wrote: Hi all, I'm running FreeBSD 4.7 Stable on one of my servers and Sendmail 8.12.10. I'm trying to get mail auth to work so that my users can send mail (smtp port 25) through this server no matter which net they are connected to. I have installed cyrus-sasl-1.5.28_3 and followed the description given on this page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. Everything seems to work and all tests give the expected results. I have also looked at this page http://www.sendmail.org/~ca/email/auth.html and done the initial test: #telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 my.server.com ESMTP Sendmail 8.12.10/8.12.10; Tue, 5 Oct 2004 13:31:13 +0200 (CEST) ehlo localhost 250-my.server.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP When I'm testing sending mail through this server (as smtp server) I use Eudora 6.1 from my WinXP PC. I always get relaying denied and it doesn't seem to check username/password. Here's what my logfile and Eudora log says: Oct 5 13:35:18 myserver sendmail[59394]: i95BZIow059394: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=my.ip.address.domain.com [x.x.x.x], reject=550 5.7.1 [EMAIL PROTECTED]... Relaying denied. Proper authentication required. I would be very grateful for any help here. I'm stuck and I don't know what to check next. Try adding 'PLAIN' to the list of allowed authentications in your sendmail *.mc file, rebuild, and restart sendmail. Then test to see that it's advertised like you did above... Hope that helps, EB ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail auth and FreeBSD/Sendmail
Thanks! However, could you please give me some more specific directions? Today my sendmail.mc file looks like this: divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 16:57:30 gshapiro Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBroken') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) Should I just replace the TRUST/SASL lines with: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl Don't want to try it at the moment without knowing more since it is a live system. Thanks for your help! Andreas --- At 14:22 05.10.2004, you wrote: Andreas Widerøe Andersen wrote: Hi all, I'm running FreeBSD 4.7 Stable on one of my servers and Sendmail 8.12.10. I'm trying to get mail auth to work so that my users can send mail (smtp port 25) through this server no matter which net they are connected to. I have installed cyrus-sasl-1.5.28_3 and followed the description given on this page http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. Everything seems to work and all tests give the expected results. I have also looked at this page http://www.sendmail.org/~ca/email/auth.html and done the initial test: #telnet localhost 25 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 my.server.com ESMTP Sendmail 8.12.10/8.12.10; Tue, 5 Oct 2004 13:31:13 +0200 (CEST) ehlo localhost 250-my.server.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-DELIVERBY 250 HELP When I'm testing sending mail through this server (as smtp server) I use Eudora 6.1 from my WinXP PC. I always get relaying denied and it doesn't seem to check username/password. Here's what my logfile and Eudora log says: Oct 5 13:35:18 myserver sendmail[59394]: i95BZIow059394: ruleset=check_rcpt, arg1=[EMAIL PROTECTED], relay=my.ip.address.domain.com [x.x.x.x], reject=550 5.7.1 [EMAIL PROTECTED]... Relaying denied. Proper authentication required. I would be very grateful for any help here. I'm stuck and I don't know what to check next. Try adding 'PLAIN' to the list of allowed authentications in your sendmail *.mc file, rebuild, and restart sendmail. Then test to see that it's advertised like you did above... Hope that helps, EB ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] --- Andreas Wideroe Andersen [EMAIL PROTECTED] Mobile: (+47) 90 92 61 21 http://www.filmshooting.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail auth and FreeBSD/Sendmail
Andreas Widerøe Andersen wrote: Thanks! However, could you please give me some more specific directions? Today my sendmail.mc file looks like this: divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.18 2003/04/24 16:57:30 gshapiro Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBroken') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) Should I just replace the TRUST/SASL lines with: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl Don't want to try it at the moment without knowing more since it is a live system. Yes, that's correct (although I'd leave in CRAM-MD5 since mozilla et. al. support it nicely). Once you save the *.mc file, do this to build a proper sendmail.cf, update all your database configs, install and restart sendmail: cd /etc/mail make all install restart This should take only about 3 seconds and will give you console feedback so watch for any errors in syntax. Then: tail /var/log/maillog So you can verify that everything started up properly. Please note that I use 5.x (but same version of sendmail as you) so it is possible that the exact steps I outline above will be slightly different on a 4.x system (sorry but I don't know for sure -- been so long since I used 4.x). You can always check the Makefile in /etc/mail to verify this. The basic point is that you merely need to update your *.mc, rebuild it into a proper *.cf, install and restart sendmail. Cheers, EB ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
