I'm probably missing something obvious, but I can get sendmail to give me AUTH PLAIN and LOGIN options. What I have is fairly standard configuration. The relevant part of sendmail.mc looks something like this: define(`confCACERT_PATH',`/etc/ssl/certs') define(`confCACERT',`/etc/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/ssl/smtp.crt') define(`confSERVER_KEY',`/etc/ssl/smtp.key') define(`confAUTH_OPTIONS', `A p') TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN') define(`confAUTH_MECHANISMS', `EXTERNAL LOGIN PLAIN') DAEMON_OPTIONS(`Port=25, Name=MTA') DAEMON_OPTIONS(`Port=465, Name=TLSMTA, M=s') So basically, LOGIN and PLAIN should be offered when SSL/TLS is in use (but not for plaintext sessions). However, when connecting over TLS, sendmail doesn't advertise them: $ openssl s_client -connect localhost:465 [ SSL/TLS handshake output deleted, AES256 cipher was used ] 220 testbox.miliv.org ESMTP Unauthorized access prohibited EHLO localhost 250-testbox.miliv.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DELIVERBY 250 HELP Attempt to "brute-force" use them results in error (as expected): AUTH PLAIN 504 5.3.3 AUTH mechanism PLAIN not available I'm sure I'm missing something obvious here, probably a flag or two either in confAUTH_OPTIONS or in DAEMON_OPTIONS, but couldn't dig out which. Alraedy drank all coffe, and becoming desparate ;-) ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Probably a silly question, but did you rebuild your sendmail.cf after modifying the sendmail.mc? Mike -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of alex at milivojevic.org Sent: Wednesday, July 06, 2005 1:16 PM To: CentOS mailing list Subject: [CentOS] sendmail + plain auth I'm probably missing something obvious, but I can get sendmail to give me AUTH PLAIN and LOGIN options. What I have is fairly standard configuration. The relevant part of sendmail.mc looks something like this: define(`confCACERT_PATH',`/etc/ssl/certs') define(`confCACERT',`/etc/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/ssl/smtp.crt') define(`confSERVER_KEY',`/etc/ssl/smtp.key') define(`confAUTH_OPTIONS', `A p') TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN') define(`confAUTH_MECHANISMS', `EXTERNAL LOGIN PLAIN') DAEMON_OPTIONS(`Port=25, Name=MTA') DAEMON_OPTIONS(`Port=465, Name=TLSMTA, M=s') So basically, LOGIN and PLAIN should be offered when SSL/TLS is in use (but not for plaintext sessions). However, when connecting over TLS, sendmail doesn't advertise them: $ openssl s_client -connect localhost:465 [ SSL/TLS handshake output deleted, AES256 cipher was used ] 220 testbox.miliv.org ESMTP Unauthorized access prohibited EHLO localhost 250-testbox.miliv.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DELIVERBY 250 HELP Attempt to "brute-force" use them results in error (as expected): AUTH PLAIN 504 5.3.3 AUTH mechanism PLAIN not available I'm sure I'm missing something obvious here, probably a flag or two either in confAUTH_OPTIONS or in DAEMON_OPTIONS, but couldn't dig out which. Alraedy drank all coffe, and becoming desparate ;-) ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
Am Mi, den 06.07.2005 schrieb alex at milivojevic.org um 20:16:> I'm probably missing something obvious, but I can get sendmail to give me AUTH > PLAIN and LOGIN options. > > What I have is fairly standard configuration. The relevant part of sendmail.mc > looks something like this: > > define(`confCACERT_PATH',`/etc/ssl/certs') > define(`confCACERT',`/etc/ssl/ca-bundle.crt') > define(`confSERVER_CERT',`/etc/ssl/smtp.crt') > define(`confSERVER_KEY',`/etc/ssl/smtp.key') > define(`confAUTH_OPTIONS', `A p') > TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN') > define(`confAUTH_MECHANISMS', `EXTERNAL LOGIN PLAIN') > DAEMON_OPTIONS(`Port=25, Name=MTA') > DAEMON_OPTIONS(`Port=465, Name=TLSMTA, M=s')Looks good (though it is a good idea to end each line with a "dnl") The cyrus-sasl-plain rpm is installed? Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 21:43:47 up 11 days, 4:35, load average: 0.99, 0.46, 0.27 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: <http://lists.centos.org/pipermail/centos/attachments/20050706/884fc214/attachment-0002.sig>
Quoting Alexander Dalloz <ad+lists at uni-x.org>:> Looks good (though it is a good idea to end each line with a "dnl") > > The cyrus-sasl-plain rpm is installed?Ha, I *knew* it was something trivial :-) Nope, it was not installed. As soon as I installed it, voila, PLAIN and LOGIN are there. Many thanks Alexander. Aleksandar ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.