[lug] smtp authentication with sendmail

Charles Menzes charles at lunarmedia.net
Fri Apr 12 10:18:30 MDT 2002 

hello all,
i've been struggling with getting a sendmail 8.11.6 daemon up and running 
using cyrus-sasl for smtp authentication. my goal is to use simple PLAIN 
auth against the local /etc/shadow to allow roaming users smtp access 
without opening the server up to blind open relay.

it appears that i am getting sendmail to compile with sasl support, 
however it doesnt appear that anything authentication attempt is happening 
since telnet localhost 25; ehlo localhost doesnt show any 250 AUTH in the 
list.

my steps in short are...

1. compile and install cyrus-sasl. nothing special on the ./configure

2. stick the following into the site.config.m4 file in devtools

APPENDDEF(`confENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl')

3. build sendmail and the .cf file using ./Build

4. i run sendmail -d0.1 -bv root | grep SASL and i receive:

NETUNIX NEWDB QUEUE SASL SCANF SMTP USERDB XDEBUG

5. create /usr/lib/sasl/Sendmail.conf with the following contents:

srvtab: /var/app/srvtab
pwcheck_method: shadow

6. start sendmail and tail -f /var/log/maillog. no errors appear.

7. telnet localhost 25 and issue ehlo localhost, and receive:

220 10-12-71-248 ESMTP Sendmail 8.11.6/8.11.6; Fri, 12 Apr 2002 10:54:30 
-0500
ehlo localhost
250-10-12-71-248 Hello localhost.localdomain [127.0.0.1], pleased to meet 
you
250-ENHANCEDSTATUSCODES
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP

8. Looking at the maillog, the allowed mech do not seem to include PASSWD 
or SHADOW. i rebuilt my sendmail.cf file using the following .mc, adding 
in PASSWD and SHADOW explicitly

divert(0)dnl
VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp 
$')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
TRUST_AUTH_MECH(`PLAIN')dnl
define(`confAUTH_MECHANISMS', `PASSWD SHADOW')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(redirect)dnl
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

9. Now when looking through maillog and attempting to connecting to the 
local port 25, in my maillog I receive:

Apr 12 11:11:56 10-12-71-248 sendmail[4552]: SASL: available mech=PLAIN 
LOGIN ANONYMOUS, allowed mech=PASSWD SHADOW

however, when i issue AUTH at the telnet prompt, i receive:

220 10-12-71-248 ESMTP Sendmail 8.11.6/8.11.6; Fri, 12 Apr 2002 11:15:31 
-0500
AUTH SHADOW
503 5.3.3 AUTH mechanism SHADOW not available


Likewise, when using a local pop3/smtp application, the connection times 
out due to inactivity from the server. Can anyone point out my mistake 
that is causing this to fail?

thanks very much for your input -c

More information about the LUG mailing list