Hello folks, I have a CentOS 6.4 installation running Sendmail, and after some serious hair tear stare and compare I'm a bit stumped. When I connect to the server either with telnet or SSL, sendmail is not presenting the AUTH capability after an EHLO. Everything looks like it should be working, but no amount of tweaking is getting the AUTH capability advertised (and it doesn't work if you just try it anyway). Here's the config bits from sendmail.mc-- define(`confAUTH_OPTIONS', `A p')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl Note: Also tried define(`confAUTH_OPTIONS', `A')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl just to keep things simple. saslauthd is running, and configured--/etc/sysconfig/saslauthd SOCKETDIR=/var/run/saslauthd MECH=pam FLAGS /etc/sasl2/Sendmail.conf contains-- pwcheck_method:saslauthd /etc/pam.d/smtp contains-- #%PAM-1.0 auth include password-auth account include password-auth But when I do "openssl s_client -starttls smtp -connect localhost:587" I don't get any AUTH capability-- ehlo localhost 250-pennzoil.gizmopartners.com Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-DELIVERBY 250 HELP quit All the certs are built, and if I connect via telnet, the server does advertise STARTTLS. So anyone able to point out the obvious or not so obvious config mistakes?
Alexander Dalloz
2013-Oct-09 05:55 UTC
[CentOS] Sendmail not presenting AUTH option after EHLO
Am 08.10.2013 23:50, schrieb Chris Boyd:> Hello folks, > > I have a CentOS 6.4 installation running Sendmail, and after some serious hair tear stare and compare I'm a bit stumped. When I connect to the server either with telnet or SSL, sendmail is not presenting the AUTH capability after an EHLO. Everything looks like it should be working, but no amount of tweaking is getting the AUTH capability advertised (and it doesn't work if you just try it anyway). > > Here's the config bits from sendmail.mc-- > > define(`confAUTH_OPTIONS', `A p')dnl > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnlGeneral advise: only offer those mechanisms your SASL backend can provide. As you are using saslauthd the shared secret mechanisms do not work.> Note: Also tried > define(`confAUTH_OPTIONS', `A')dnl > define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl > TRUST_AUTH_MECH(`LOGIN PLAIN')dnl > just to keep things simple. > > saslauthd is running, and configured--/etc/sysconfig/saslauthd > > SOCKETDIR=/var/run/saslauthd > MECH=pam > FLAGS> > > /etc/sasl2/Sendmail.conf contains-- > pwcheck_method:saslauthd > > > /etc/pam.d/smtp contains-- > #%PAM-1.0 > auth include password-auth > account include password-auth > > > But when I do "openssl s_client -starttls smtp -connect localhost:587" I don't get any AUTH capability-- > > ehlo localhost > 250-pennzoil.gizmopartners.com Hello localhost [127.0.0.1], pleased to meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-DELIVERBY > 250 HELP > quit > > > All the certs are built, and if I connect via telnet, the server does advertise STARTTLS. > > So anyone able to point out the obvious or not so obvious config mistakes?I see no mistake. Make sure you have the sendmail-cf package installed, else the .cf files can't be rebuild based on modified .mc files. Make too sure that you have the necessary cyrus-* packages installed. Regards Alexander