Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the output. Check 250-AUTH list of supported auth mech According to the provided log from the working server it should be LOGIN mech available in the list, which is not present on the new server. Ihor Reed Lai wrote: The maillog does not log the sm-mta: AUTH=server action. The functional server has the AUTH=server action logged. How do I debug from this different? Reed From: Reed Lai Sent: Thursday, July 30, 2009 11:51 AM To: FreeBSD Questions Subject: Re: SMTP Authentication The mail client is Windows Live Mail and it work well with the functional server. Its SMTP authenication should be ok. Reed From: Ihor Prystay Sent: Thursday, July 30, 2009 10:49 AM To: freebsd-questions@freebsd.org Subject: Re: SMTP Authentication your working server does support LOGIN mech while other one dosn't. I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5 auth, usually it's PLAIN or/and LOGIN. Ihor Reed Lai wrote: Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail banyan# sendmail -d0.1 -bv root Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = banyan (canonical domain name) $j = banyan...com (subdomain name) $m = ..com (node name) $k = banyan...com root... deliverable: mailer local, user root banyan# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 +0800 (CST) ehlo localhost 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP The Sendmail test seems OK But the SMTP authentication does not work from my mail client. Reed From: Reed Lai Sent: Wednesday, July 29, 2009 5:37 PM To: freebsd-questions@freebsd.org Subject: SMTP Authentication Hi, I have two freebsd mail servers both configured SMTP authentication: FreeBSD Handbook 28.10 SMTP Authenticatin http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html SMTP AUTO in sendmail 8.10-8.13 http://www.sendmail.org/~ca/email/auth.html One is functional, and the other one doesn't seem to work. Compare the maillogs of the two servers, there is an AUTH=server message appear in the functional server, but the other one has not. The maillog of functional server == Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net [59...147], authid=a660407, mech=LOGIN, bits=0 Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@..., size=1430, class=0, nrcpts=1, msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP, daemon=IPv4, relay=59-...net [59...147] The other one = Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147], reject=550 5.7.1 reed...@.. Relaying denied Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@..., size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=59-...-147.HINET-IP.hinet.net [59...147] It seems the other one's smtp authentication is not trigged. Please help or tip me for something I forget. Thank you! Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http
Re: SMTP Authentication
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are class
and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN in
the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.
Reed
From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@freebsd.org
Subject: SMTP Authentication
Hi,
I have two freebsd mail servers both configured SMTP authentication:
FreeBSD Handbook 28.10 SMTP Authenticatin
http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
SMTP AUTO in sendmail 8.10-8.13
http://www.sendmail.org/~ca/email/auth.html
One is functional, and the other one doesn't seem to work. Compare the
maillogs of the two servers, there is an AUTH=server message appear in
the
functional server, but the other one has not.
The maillog of functional server
==
Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net
[59...147], authid=a660407, mech=LOGIN, bits=0
Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@...,
size=1430, class=0, nrcpts=1,
msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP,
daemon=IPv4,
relay=59-...net [59...147]
The other one
=
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt,
arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147],
reject=550 5.7.1 reed...@.. Relaying denied
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@...,
size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4,
relay=59-...-147.HINET-IP.hinet.net [59...147]
It seems the other one's smtp authentication is not trigged.
Please help or tip me for something I forget.
Thank you!
Reed
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr
Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.
Reed
From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@freebsd.org
Subject: SMTP Authentication
Hi,
I have two freebsd mail servers both configured SMTP authentication:
FreeBSD Handbook 28.10 SMTP Authenticatin
http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
SMTP AUTO in sendmail 8.10-8.13
http://www.sendmail.org/~ca/email/auth.html
One is functional, and the other one doesn't seem to work. Compare the
maillogs of the two servers, there is an AUTH=server message appear in
the
functional server, but the other one has not.
The maillog of functional server
==
Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net
[59...147], authid=a660407, mech=LOGIN, bits=0
Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@...,
size=1430, class=0, nrcpts=1,
msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP,
daemon=IPv4,
relay=59-...net [59...147]
The other one
=
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt,
arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147],
reject=550 5.7.1 reed...@.. Relaying denied
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@...,
size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4,
relay=59-...-147.HINET-IP.hinet.net [59...147]
It seems the other one's smtp authentication is not trigged.
Please help or tip me for something I forget.
Thank you!
Reed
___
freebsd-questions@freebsd.org mailing list
Re: SMTP Authentication
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.
Reed
From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@freebsd.org
Subject: SMTP Authentication
Hi,
I have two freebsd mail servers both configured SMTP authentication:
FreeBSD Handbook 28.10 SMTP Authenticatin
http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
SMTP AUTO in sendmail 8.10-8.13
http://www.sendmail.org/~ca/email/auth.html
One is functional, and the other one doesn't seem to work. Compare the
maillogs of the two servers, there is an AUTH=server message appear in
the
functional server, but the other one has not.
The maillog of functional server
==
Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net
[59...147], authid=a660407, mech=LOGIN, bits=0
Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@...,
size=1430, class=0, nrcpts=1,
msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP,
daemon=IPv4,
relay=59-...net [59...147]
The other one
=
Jul 29 17:12:41 banyan sm-mta[2539
Re: SMTP Authentication
You may check the location of sasl2 lib which sendmail is compiled with
- do ldd on sendmail executable. And verify if Sendmail.conf in the
sasl2 lib folder doesn't have any restrictions on available mechs.
Ihor
Reed Lai wrote:
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the
output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the
functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009
21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.
Reed
From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@freebsd.org
Subject: SMTP Authentication
Hi,
I have two freebsd mail servers both configured SMTP authentication:
FreeBSD Handbook 28.10 SMTP Authenticatin
http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
SMTP AUTO in sendmail 8.10-8.13
http://www.sendmail.org/~ca/email/auth.html
One is functional, and the other one doesn't seem to work. Compare the
maillogs of the two servers, there is an AUTH=server message appear in
the
functional server, but the other one has not.
The maillog of functional server
==
Jul 29 16:15:10
Re: SMTP Authentication
Both servers have same ldd outputs and Sendmail.conf contains only
pwcheck_method: saslauthd
banyan# ldd -a /usr/sbin/sendmail
/usr/sbin/sendmail:
libutil.so.7 = /lib/libutil.so.7 (0x2807d000)
libc.so.7 = /lib/libc.so.7 (0x2808a000)
/lib/libutil.so.7:
libc.so.7 = /lib/libc.so.7 (0x2808a000)
banyan#
banyan# ll /usr/local/lib/sasl2/Sendmail.conf
-rw-r--r-- 1 root wheel 26 7 29 14:56 /usr/local/lib/sasl2/Sendmail.conf
banyan# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
Reed
From: Ihor Prystay
Sent: Friday, July 31, 2009 2:55 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
You may check the location of sasl2 lib which sendmail is compiled with
- do ldd on sendmail executable. And verify if Sendmail.conf in the
sasl2 lib folder doesn't have any restrictions on available mechs.
Ihor
Reed Lai wrote:
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the
output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the
functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009
21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.
Reed
From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@freebsd.org
Subject: SMTP Authentication
Hi,
I
Re: SMTP Authentication
And there is LOGIN option selected (as ports default options) when
installing the cyrus-sasl2.
Reed
From: Reed Lai
Sent: Friday, July 31, 2009 10:14 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Both servers have same ldd outputs and Sendmail.conf contains only
pwcheck_method: saslauthd
banyan# ldd -a /usr/sbin/sendmail
/usr/sbin/sendmail:
libutil.so.7 = /lib/libutil.so.7 (0x2807d000)
libc.so.7 = /lib/libc.so.7 (0x2808a000)
/lib/libutil.so.7:
libc.so.7 = /lib/libc.so.7 (0x2808a000)
banyan#
banyan# ll /usr/local/lib/sasl2/Sendmail.conf
-rw-r--r-- 1 root wheel 26 7 29 14:56 /usr/local/lib/sasl2/Sendmail.conf
banyan# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
Reed
From: Ihor Prystay
Sent: Friday, July 31, 2009 2:55 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
You may check the location of sasl2 lib which sendmail is compiled with
- do ldd on sendmail executable. And verify if Sendmail.conf in the
sasl2 lib folder doesn't have any restrictions on available mechs.
Ihor
Reed Lai wrote:
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the
output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the
functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
root... deliverable: mailer local, user root
banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009
21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
The Sendmail
Re: SMTP Authentication
The test of saslauthd seems OK too:
banyan# testsaslauthd -s smtp -u aNN -p
0: OK Success.
The auth login in smtp connection is still not available:
ehlo local
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
...
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
auth login
504 5.3.3 AUTH mechanism login not available
Reed
From: Reed Lai
Sent: Friday, July 31, 2009 10:26 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
And there is LOGIN option selected (as ports default options) when
installing the cyrus-sasl2.
Reed
From: Reed Lai
Sent: Friday, July 31, 2009 10:14 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Both servers have same ldd outputs and Sendmail.conf contains only
pwcheck_method: saslauthd
banyan# ldd -a /usr/sbin/sendmail
/usr/sbin/sendmail:
libutil.so.7 = /lib/libutil.so.7 (0x2807d000)
libc.so.7 = /lib/libc.so.7 (0x2808a000)
/lib/libutil.so.7:
libc.so.7 = /lib/libc.so.7 (0x2808a000)
banyan#
banyan# ll /usr/local/lib/sasl2/Sendmail.conf
-rw-r--r-- 1 root wheel 26 7 29 14:56 /usr/local/lib/sasl2/Sendmail.conf
banyan# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
Reed
From: Ihor Prystay
Sent: Friday, July 31, 2009 2:55 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
You may check the location of sasl2 lib which sendmail is compiled with
- do ldd on sendmail executable. And verify if Sendmail.conf in the
sasl2 lib folder doesn't have any restrictions on available mechs.
Ihor
Reed Lai wrote:
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the
output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the
functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
SYSTEM IDENTITY (after readcf)
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
Re: SMTP Authentication
I am very sorry. I forgot to make install to install the
/etc/mail/sendmail.cf, so it has only banyan..mc/cf files updated.
I always forget the final target is sendmail.cf XD
The new server is available for AUTH LOGIN now.
The trouble is resolved.
Ihor, thank you very mcuh for all helps!
Reed Lai
From: Reed Lai
Sent: Friday, July 31, 2009 12:51 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
The test of saslauthd seems OK too:
banyan# testsaslauthd -s smtp -u aNN -p
0: OK Success.
The auth login in smtp connection is still not available:
ehlo local
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
...
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
auth login
504 5.3.3 AUTH mechanism login not available
Reed
From: Reed Lai
Sent: Friday, July 31, 2009 10:26 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
And there is LOGIN option selected (as ports default options) when
installing the cyrus-sasl2.
Reed
From: Reed Lai
Sent: Friday, July 31, 2009 10:14 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Both servers have same ldd outputs and Sendmail.conf contains only
pwcheck_method: saslauthd
banyan# ldd -a /usr/sbin/sendmail
/usr/sbin/sendmail:
libutil.so.7 = /lib/libutil.so.7 (0x2807d000)
libc.so.7 = /lib/libc.so.7 (0x2808a000)
/lib/libutil.so.7:
libc.so.7 = /lib/libc.so.7 (0x2808a000)
banyan#
banyan# ll /usr/local/lib/sasl2/Sendmail.conf
-rw-r--r-- 1 root wheel 26 7 29 14:56 /usr/local/lib/sasl2/Sendmail.conf
banyan# cat /usr/local/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
Reed
From: Ihor Prystay
Sent: Friday, July 31, 2009 2:55 AM
To: FreeBSD Question
Subject: Re: SMTP Authentication
You may check the location of sasl2 lib which sendmail is compiled with
- do ldd on sendmail executable. And verify if Sendmail.conf in the
sasl2 lib folder doesn't have any restrictions on available mechs.
Ihor
Reed Lai wrote:
The liblogin.so is in directory
banyan# ll /usr/local/lib/sasl2/liblogin.so
lrwxr-xr-x 1 root wheel 13 7 29 14:54
/usr/local/lib/sasl2/liblogin.so - liblogin.so.2
banyan# ll /usr/local/lib/sasl2/liblogin.so.2
-rwxr-xr-x 1 root wheel 17172 7 29 14:54
/usr/local/lib/sasl2/liblogin.so.2
There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS
dnl set SASL options
dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 4:58 PM
To: FreeBSD Question
Subject: Re: SMTP Authentication
Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).
Ihor
Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!
New server
=
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
Functional server
==
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
I have checked the generated .cf file in the new server and there are
class and option listed
C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
Tray telnet to port 25 of your working SMTP server and compare the
output.
Check
250-AUTH list of supported auth mech
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.
Ihor
Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?
Reed
From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the
functional
server. Its SMTP authenication should be ok.
Reed
From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.
Ihor
Reed Lai wrote:
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the
Sendmail
banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP
Re: SMTP Authentication
Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail banyan# sendmail -d0.1 -bv root Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = banyan (canonical domain name) $j = banyan...com (subdomain name) $m = ..com (node name) $k = banyan...com root... deliverable: mailer local, user root banyan# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 +0800 (CST) ehlo localhost 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP The Sendmail test seems OK But the SMTP authentication does not work from my mail client. Reed From: Reed Lai Sent: Wednesday, July 29, 2009 5:37 PM To: freebsd-questions@freebsd.org Subject: SMTP Authentication Hi, I have two freebsd mail servers both configured SMTP authentication: FreeBSD Handbook 28.10 SMTP Authenticatin http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html SMTP AUTO in sendmail 8.10-8.13 http://www.sendmail.org/~ca/email/auth.html One is functional, and the other one doesn't seem to work. Compare the maillogs of the two servers, there is an AUTH=server message appear in the functional server, but the other one has not. The maillog of functional server == Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net [59...147], authid=a660407, mech=LOGIN, bits=0 Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@..., size=1430, class=0, nrcpts=1, msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP, daemon=IPv4, relay=59-...net [59...147] The other one = Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147], reject=550 5.7.1 reed...@.. Relaying denied Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@..., size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=59-...-147.HINET-IP.hinet.net [59...147] It seems the other one's smtp authentication is not trigged. Please help or tip me for something I forget. Thank you! Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SMTP Authentication
your working server does support LOGIN mech while other one dosn't. I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5 auth, usually it's PLAIN or/and LOGIN. Ihor Reed Lai wrote: Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail banyan# sendmail -d0.1 -bv root Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = banyan (canonical domain name) $j = banyan...com (subdomain name) $m = ..com (node name) $k = banyan...com root... deliverable: mailer local, user root banyan# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 +0800 (CST) ehlo localhost 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP The Sendmail test seems OK But the SMTP authentication does not work from my mail client. Reed From: Reed Lai Sent: Wednesday, July 29, 2009 5:37 PM To: freebsd-questions@freebsd.org Subject: SMTP Authentication Hi, I have two freebsd mail servers both configured SMTP authentication: FreeBSD Handbook 28.10 SMTP Authenticatin http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html SMTP AUTO in sendmail 8.10-8.13 http://www.sendmail.org/~ca/email/auth.html One is functional, and the other one doesn't seem to work. Compare the maillogs of the two servers, there is an AUTH=server message appear in the functional server, but the other one has not. The maillog of functional server == Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net [59...147], authid=a660407, mech=LOGIN, bits=0 Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@..., size=1430, class=0, nrcpts=1, msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP, daemon=IPv4, relay=59-...net [59...147] The other one = Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147], reject=550 5.7.1 reed...@.. Relaying denied Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@..., size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=59-...-147.HINET-IP.hinet.net [59...147] It seems the other one's smtp authentication is not trigged. Please help or tip me for something I forget. Thank you! Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SMTP Authentication
The mail client is Windows Live Mail and it work well with the functional server. Its SMTP authenication should be ok. Reed From: Ihor Prystay Sent: Thursday, July 30, 2009 10:49 AM To: freebsd-questions@freebsd.org Subject: Re: SMTP Authentication your working server does support LOGIN mech while other one dosn't. I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5 auth, usually it's PLAIN or/and LOGIN. Ihor Reed Lai wrote: Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail banyan# sendmail -d0.1 -bv root Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = banyan (canonical domain name) $j = banyan...com (subdomain name) $m = ..com (node name) $k = banyan...com root... deliverable: mailer local, user root banyan# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 +0800 (CST) ehlo localhost 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP The Sendmail test seems OK But the SMTP authentication does not work from my mail client. Reed From: Reed Lai Sent: Wednesday, July 29, 2009 5:37 PM To: freebsd-questions@freebsd.org Subject: SMTP Authentication Hi, I have two freebsd mail servers both configured SMTP authentication: FreeBSD Handbook 28.10 SMTP Authenticatin http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html SMTP AUTO in sendmail 8.10-8.13 http://www.sendmail.org/~ca/email/auth.html One is functional, and the other one doesn't seem to work. Compare the maillogs of the two servers, there is an AUTH=server message appear in the functional server, but the other one has not. The maillog of functional server == Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net [59...147], authid=a660407, mech=LOGIN, bits=0 Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@..., size=1430, class=0, nrcpts=1, msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP, daemon=IPv4, relay=59-...net [59...147] The other one = Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147], reject=550 5.7.1 reed...@.. Relaying denied Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@..., size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=59-...-147.HINET-IP.hinet.net [59...147] It seems the other one's smtp authentication is not trigged. Please help or tip me for something I forget. Thank you! Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SMTP Authentication
The maillog does not log the sm-mta: AUTH=server action. The functional server has the AUTH=server action logged. How do I debug from this different? Reed From: Reed Lai Sent: Thursday, July 30, 2009 11:51 AM To: FreeBSD Questions Subject: Re: SMTP Authentication The mail client is Windows Live Mail and it work well with the functional server. Its SMTP authenication should be ok. Reed From: Ihor Prystay Sent: Thursday, July 30, 2009 10:49 AM To: freebsd-questions@freebsd.org Subject: Re: SMTP Authentication your working server does support LOGIN mech while other one dosn't. I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5 auth, usually it's PLAIN or/and LOGIN. Ihor Reed Lai wrote: Instruction of the SMTP AUTO in sendmail 8.10-8.13 to test the Sendmail banyan# sendmail -d0.1 -bv root Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG SYSTEM IDENTITY (after readcf) (short domain name) $w = banyan (canonical domain name) $j = banyan...com (subdomain name) $m = ..com (node name) $k = banyan...com root... deliverable: mailer local, user root banyan# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 +0800 (CST) ehlo localhost 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP The Sendmail test seems OK But the SMTP authentication does not work from my mail client. Reed From: Reed Lai Sent: Wednesday, July 29, 2009 5:37 PM To: freebsd-questions@freebsd.org Subject: SMTP Authentication Hi, I have two freebsd mail servers both configured SMTP authentication: FreeBSD Handbook 28.10 SMTP Authenticatin http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html SMTP AUTO in sendmail 8.10-8.13 http://www.sendmail.org/~ca/email/auth.html One is functional, and the other one doesn't seem to work. Compare the maillogs of the two servers, there is an AUTH=server message appear in the functional server, but the other one has not. The maillog of functional server == Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-net [59...147], authid=a660407, mech=LOGIN, bits=0 Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=reed...@..., size=1430, class=0, nrcpts=1, msgid=40f9cc65e8874d128639a39c1eebd...@reedxp, proto=ESMTP, daemon=IPv4, relay=59-...net [59...147] The other one = Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, arg1=reed...@..., relay=59-...-147.HINET-IP.hinet.net [59...147], reject=550 5.7.1 reed...@.. Relaying denied Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=reed...@..., size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=59-...-147.HINET-IP.hinet.net [59...147] It seems the other one's smtp authentication is not trigged. Please help or tip me for something I forget. Thank you! Reed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: smtp authentication
David Southwell wrote: Hi I am really ignorant about this issue. I am running postfix on freebsd 7.0 using a dynamic IP address and am getting requests to turn on smtp authentication for outgoing mails to reach servers such as yahoo.com but do not know how to do it. I am using kmail as a client. If anyone could point me in the right direction I would be most grateful. Thank you David ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Google can help http://www.google.de/search?q=postfix+smtp+authenticationie=utf-8oe=utf-8aq=trls=org.mozilla:de:officialclient=firefox-a http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ Sektion 16 http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html looks interesting. Hope, it work. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: smtp authentication
In [EMAIL PROTECTED], David Southwell wrote: Hi I am really ignorant about this issue. I am running postfix on freebsd 7.0 using a dynamic IP address and am getting requests to turn on smtp authentication for outgoing mails to reach servers such as yahoo.com but do not know how to do it. I think that is probably due to your MTA running on a dynamic IP connection, which are blacklisted for abuse by spammers most of the times. How about you using a smarthost (probably your ISP's mail-server) to deliver your mails from your postfix. I'm using the similar way with Postfix running on my local mail server, relaying all outgoing mails via Google's SMTP servers. HTH Ashish -- ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpyqGOdNEHs3.pgp Description: PGP signature
Re: smtp authentication
David Southwell [EMAIL PROTECTED] wrote: I am running postfix on freebsd 7.0 using a dynamic IP address and am getting requests to turn on smtp authentication for outgoing mails to reach servers such as yahoo.com but do not know how to do it. This is a little unclear. Who is making these requests? And what do your logs currently show when you try to send email destined for yahoo.com? You might also want to take this discussion to the postfix-users mailing list. But in general, for help with SASL in Postfix, see: http://www.postfix.org/SASL_README.html -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: SMTP Authentication
On Sun, Oct 03, 2004 at 11:02:08AM -0400, Mike Jeays wrote: How do I tell sendmail to provide an authentication string when I ask it to send messages to my ISP (a cable provider)? They use PLAIN authentication, and I did not have too much trouble getting the base 64 string by snooping with Ethereal when I sent mail from Evolution, and can send out emails by hand or from an Expect script. The relevant part of my sendmail config file is: define(`SMART_HOST', `smtp.broadband.rogers.com') set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl That's fine as it goes, but that's mostly to do with the server side of SMTP AUTH. There doesn't seem any way to tell it what my userid and password for the ISP should be. I have tried reading various documentation, but haven't been able to find what is required. This is what the /etc/mail/authinfo file is for. This is the page you need to read -- specifically the second half: http://www.sendmail.org/m4/smtp_auth.html (or see the section Providing SMTP AUTH Data when sendmail acts as Client in /usr/share/sendmail/cf/README, which is basically the same text.) The define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl stuff is actually deprecated, but it still works for the time being. However, to be completely up to date and for maximum future proofing, instead of that line, you should use: FEATURE(`authinfo', `hash -o /etc/mail/authinfo')dnl Then edit the file /etc/mail/authinfo adding text as shown in the documentation: AuthInfo:other.dom U:user I:user P:secret R:other.dom M:DIGEST-MD5 AuthInfo:more.dom U:user P=c2VjcmV0 Then process that file into the db hash type read by Sendmail: # makemap hash authinfo.db authinfo and make sure that the authinfo data is properly secured: # chown root:wheel authinfo* # chmod 600 authinfo* Then restart sendmail and try a few tests. Note that if you're using PLAIN authentication you should also use privacy options 'goaway' to help prevent the password being trivially disclosed: define(`confPRIVACY_FLAGS', `authwarnings,goaway')dnl You can use this method (with certain small modifications) to authenticate your MSP sendmail instance to your MTA sendmail -- search for 'msp-authinfo' in /usr/share/sendmail/cf/README. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgprqVmzpvSc4.pgp Description: PGP signature
Re: SMTP Authentication
msg.pgp Description: PGP message
Re: SMTP Authentication
On Friday, March 21, 2003, at 09:26 AM, Paul Lathrop wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I recently configured the mail server I administrate to do SMTP Authentication using sasl. sasl is configured to use PAM for authentication, and the smtp PAM service calls pam_mysql. I know it's rather convoluted, but it's the only solution that matched my needs. But I digress. Shortly after configuring this system, my logs began reporting the following error: Mar 20 00:31:01 rackspace postfix/smtpd[45892]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure This error repeats upwards of 70 times per day. Unfortunately, I cannot track down the cause of this problem. I am not use kerberos anywhere on my system, and I cannot find a reference to libkerberos in any of the configuration files. Any ideas what could be causing this error and how I might track it down? Did you install SASL from the package or from the port? IIRC, the package is compiled with Kerberos support. - jim -- - jim mock. email: [EMAIL PROTECTED] web: http://soupnazi.org - - freebsd project: [EMAIL PROTECTED]opendarwin: [EMAIL PROTECTED] - To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SMTP Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Did you install SASL from the package or from the port? IIRC, the package is compiled with Kerberos support. - jim I installed from the ports collection, but used just the default configuration. I have looked all through my Postfix config files and can't find a setting that says it accepts kerberos authentication, but that could be because it is a default I was unaware of. I am rooting through postfix docs now. - -Paul -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+e358los2supvBQwRAsmRAJ90W6yXYslwVvv0/3/1tjqYFAOuFgCfYQYE FtRhEZick63pHRujkJMZkWY= =T/Qt -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SMTP Authentication
On Friday, March 21, 2003, at 01:04 PM, Paul Lathrop wrote:
Did you install SASL from the package or from the port? IIRC, the
package is compiled with Kerberos support.
I installed from the ports collection, but used just the default
configuration. I have looked all through my Postfix config files and
can't find a setting that says it accepts kerberos authentication, but
that could be because it is a default I was unaware of. I am rooting
through postfix docs now.
Both ports (cyrus-sasl and cyrus-sasl2) have the following:
.if defined(KRB5_HOME) exists(${KRB5_HOME})
CONFIGURE_ARGS+=--enable-gssapi=${KRB5_HOME}
.elif defined(HEIMDAL_HOME) exists(${HEIMDAL_HOME})
CONFIGURE_ARGS+=--enable-gssapi=${HEIMDAL_HOME}
.else
CONFIGURE_ARGS+=--disable-gssapi
GSSAPI= @comment
.endif
.if exists(/usr/lib/libkrb.a)
CONFIGURE_ARGS+=--enable-krb4
.else
CONFIGURE_ARGS+=--disable-krb4
EBONES= @comment
.endif
Check to see if you have either KRB5_HOME or HEIMDAL_HOME set in your
environment or if /usr/lib/libkrb.a exists.
- jim
--
- jim mock. email: [EMAIL PROTECTED] web: http://soupnazi.org -
- freebsd project: [EMAIL PROTECTED]opendarwin: [EMAIL PROTECTED] -
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Re: SMTP Authentication
On Fri, Mar 21, 2003 at 04:04:57PM -0500, Paul Lathrop wrote: Did you install SASL from the package or from the port? IIRC, the package is compiled with Kerberos support. - jim I installed from the ports collection, but used just the default configuration. I have looked all through my Postfix config files and can't find a setting that says it accepts kerberos authentication, but that could be because it is a default I was unaware of. I am rooting through postfix docs now. Paul, We (Jim and I) are pointing you in a good direction. Your problem has nothing to do with Postfix, it's SASL's. Cheers, greg -- Grzegorz Czaplinski [EMAIL PROTECTED] The Power to Serve, Right for the Power Users! - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: SMTP Authentication
Hi, Please try these steps 1) cd /usr/local/lib/sasl (most probably libkerberos4* files willbe in the /usr/local/lib/sasl directory) 2) mkdir libkerberosMOVED 3) mv libkerberos4* libkerberosMOVED These were what I did. Cheers SSR From: Paul Lathrop [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SMTP Authentication Date: Fri, 21 Mar 2003 12:26:41 -0500 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I recently configured the mail server I administrate to do SMTP Authentication using sasl. sasl is configured to use PAM for authentication, and the smtp PAM service calls pam_mysql. I know it's rather convoluted, but it's the only solution that matched my needs. But I digress. Shortly after configuring this system, my logs began reporting the following error: Mar 20 00:31:01 rackspace postfix/smtpd[45892]: add_plugin(/usr/local/lib/sasl/libkerberos4.so) failed: generic failure This error repeats upwards of 70 times per day. Unfortunately, I cannot track down the cause of this problem. I am not use kerberos anywhere on my system, and I cannot find a reference to libkerberos in any of the configuration files. Any ideas what could be causing this error and how I might track it down? Thank you, Paul D. Lathrop -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+e0s+los2supvBQwRArpJAJ9LHT0se2NrmJdNZvRjVRo/vVgX6gCdFLsr 0dfTMrYK+mnP9W61jgNMBDE= =FpoJ -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message _ Cricket World Cup 2003- News, Views and Match Reports. http://server1.msn.co.in/msnspecials/worldcup03/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
