Mark Weaver
2017-Mar-08 21:57 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 11:00 AM, Paul Heinlein wrote:> On Wed, 8 Mar 2017, Mark Weaver wrote: > > > Hello all, > > > > I've been googling my brains out since yesterday looking for up-to-date > > information on this matter, and have found information that is > anywhere from > > 15 to 5 years old. I'd really like some information that much more > up to date > > on the subject. Specifically configuring Sendmail SMTP > authentication (_no > > smart host stuff_). > > I wrote this article years ago: > > https://www.madboa.com/geek/sendmail-auth/ > > The configuration outlined there is essentially unchanged today. I > have it running on a CentOS 7 machine with sendmail 8.14. > > The only real change is the SOCKETDIR setting in > /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than > /var/run/saslauthd). And, of course, I use systemctl rather > thachkconfig to control boot-time behavior. > > The trickier bit for me was stopping and restarting the whole SMTP > toolchain, which includes spamassassin, clavav, and opendmarc. Below > my .sig, I've included the shell script I use for that. > > -- > Paul Heinlein <> heinlein at madboa.com <mailto:heinlein at madboa.com> <> > http://www.madboa.com/Hi Paul, I followed your guide to the letter, however I think it seems I missed something. When I test with telnet to port 25 this is the result: > telnet merlin 25 Trying 10.10.3.6... Connected to merlin.ciss.local. Escape character is '^]'. 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500 ehlo merlin 250-mdw1982.com Hello [10.10.3.102], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP > auth login 504 5.3.3 AUTH mechanism login not available thoughts?
Alexander Dalloz
2017-Mar-08 23:21 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
Am 08.03.2017 um 22:57 schrieb Mark Weaver:> On 03/08/2017 11:00 AM, Paul Heinlein wrote: >> On Wed, 8 Mar 2017, Mark Weaver wrote:>> I wrote this article years ago: >> >> https://www.madboa.com/geek/sendmail-auth/> Hi Paul, > > I followed your guide to the letter, however I think it seems I missed > something. When I test with telnet to port 25 this is the result: > >> telnet merlin 25 > Trying 10.10.3.6... > Connected to merlin.ciss.local. > Escape character is '^]'. > 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31That makes your mistake obvious: the .cf version is 8.13.8 - it does not match the Sendmail version 8.14.7. So you did not build the sendmail.cf from the modified sendmail.mc. Make sure you have run "yum install sendmail-cf" so that "cd /etc/mail; make" can do what it should do.> -0500 > ehlo merlin > 250-mdw1982.com Hello [10.10.3.102], pleased to meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-ETRN > 250-DELIVERBY > 250 HELP >> auth login > 504 5.3.3 AUTH mechanism login not available > > thoughts?Alexander
Mark Weaver
2017-Mar-08 23:41 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 06:21 PM, Alexander Dalloz wrote:> Am 08.03.2017 um 22:57 schrieb Mark Weaver: > > On 03/08/2017 11:00 AM, Paul Heinlein wrote: > >> On Wed, 8 Mar 2017, Mark Weaver wrote: > > >> I wrote this article years ago: > >> > >> https://www.madboa.com/geek/sendmail-auth/ > > > Hi Paul, > > > > I followed your guide to the letter, however I think it seems I missed > > something. When I test with telnet to port 25 this is the result: > > > >> telnet merlin 25 > > Trying 10.10.3.6... > > Connected to merlin.ciss.local. > > Escape character is '^]'. > > 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 > > That makes your mistake obvious: the .cf version is 8.13.8 - it does not > match the Sendmail version 8.14.7. So you did not build the sendmail.cf > from the modified sendmail.mc. > > Make sure you have run "yum install sendmail-cf" so that "cd /etc/mail; > make" can do what it should do. > > > -0500 > > ehlo merlin > > 250-mdw1982.com Hello [10.10.3.102], pleased to meet you > > 250-ENHANCEDSTATUSCODES > > 250-PIPELINING > > 250-8BITMIME > > 250-SIZE > > 250-DSN > > 250-ETRN > > 250-DELIVERBY > > 250 HELP > >> auth login > > 504 5.3.3 AUTH mechanism login not available > > > > thoughts? > > AlexanderAnd now? > telnet merlin 25 Trying 10.10.3.6... Connected to merlin.ciss.local. Escape character is '^]'. 220 mdw1982.com ESMTP Sendmail 8.14.7/8.14.7; Wed, 8 Mar 2017 18:39:51 -0500 ehlo merlin 250-mdw1982.com Hello [10.10.3.102], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP > auth login 504 5.3.3 AUTH mechanism login not available
Paul Heinlein
2017-Mar-08 23:42 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On Wed, 8 Mar 2017, Mark Weaver wrote:> On 03/08/2017 11:00 AM, Paul Heinlein wrote: >> On Wed, 8 Mar 2017, Mark Weaver wrote: >> >> > Hello all, >> > >> > I've been googling my brains out since yesterday looking for >> > up-to-date information on this matter, and have found >> > information that is anywhere from 15 to 5 years old. I'd really >> > like some information that much more up to date on the subject. >> > Specifically configuring Sendmail SMTP authentication (_no smart >> > host stuff_). >> >> I wrote this article years ago: >> >> https://www.madboa.com/geek/sendmail-auth/ >> >> The configuration outlined there is essentially unchanged today. I >> have it running on a CentOS 7 machine with sendmail 8.14. >> >> The only real change is the SOCKETDIR setting in >> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than >> /var/run/saslauthd). And, of course, I use systemctl rather >> thachkconfig to control boot-time behavior. > > Hi Paul, > > I followed your guide to the letter, however I think it seems I > missed something. When I test with telnet to port 25 this is the > result: > >> telnet merlin 25 > Trying 10.10.3.6... > Connected to merlin.ciss.local. > Escape character is '^]'. > 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500 > ehlo merlin > 250-mdw1982.com Hello [10.10.3.102], pleased to meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-ETRN > 250-DELIVERBY > 250 HELP >> auth login > 504 5.3.3 AUTH mechanism login not available > > thoughts?Many. :-) Check your mail log for clues. Ensure you have a valid SSL certificate and key. Sendmail is touchy about permissions on the key file. Try googling for confDONT_BLAME_SENDMAIL and GroupReadableKeyFile. Make sure saslauthd is configured and running. Compile your .mc (m4) file with the macros distributed with the version of sendmail you're actually running. This line suggests you're not: mdw1982.com ESMTP Sendmail 8.14.7/8.13.8 That's a first stab at things to try. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
Mark Weaver
2017-Mar-09 00:09 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 06:42 PM, Paul Heinlein wrote:> On Wed, 8 Mar 2017, Mark Weaver wrote: > > > On 03/08/2017 11:00 AM, Paul Heinlein wrote: > >> On Wed, 8 Mar 2017, Mark Weaver wrote: > >> > >> > Hello all, > >> > > >> > I've been googling my brains out since yesterday looking for > >> > up-to-date information on this matter, and have found > >> > information that is anywhere from 15 to 5 years old. I'd really > >> > like some information that much more up to date on the subject. > >> > Specifically configuring Sendmail SMTP authentication (_no smart > >> > host stuff_). > >> > >> I wrote this article years ago: > >> > >> https://www.madboa.com/geek/sendmail-auth/ > >> > >> The configuration outlined there is essentially unchanged today. I > >> have it running on a CentOS 7 machine with sendmail 8.14. > >> > >> The only real change is the SOCKETDIR setting in > >> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than > >> /var/run/saslauthd). And, of course, I use systemctl rather > >> thachkconfig to control boot-time behavior. > > > > Hi Paul, > > > > I followed your guide to the letter, however I think it seems I > > missed something. When I test with telnet to port 25 this is the > > result: > > > >> telnet merlin 25 > > Trying 10.10.3.6... > > Connected to merlin.ciss.local. > > Escape character is '^]'. > > 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 > 16:53:31 -0500 > > ehlo merlin > > 250-mdw1982.com Hello [10.10.3.102], pleased to meet you > > 250-ENHANCEDSTATUSCODES > > 250-PIPELINING > > 250-8BITMIME > > 250-SIZE > > 250-DSN > > 250-ETRN > > 250-DELIVERBY > > 250 HELP > >> auth login > > 504 5.3.3 AUTH mechanism login not available > > > > thoughts? > > Many. :-) > > Check your mail log for clues. > > Ensure you have a valid SSL certificate and key. Sendmail is touchy > about permissions on the key file. Try googling for > confDONT_BLAME_SENDMAIL and GroupReadableKeyFile. > > Make sure saslauthd is configured and running. > > Compile your .mc (m4) file with the macros distributed with the > version of sendmail you're actually running. This line suggests you're > not: > > mdw1982.com ESMTP Sendmail 8.14.7/8.13.8 > > That's a first stab at things to try. >I fixed the version mis-match by installing sendmail-cf package and recompiling sendmail.mc. saslauthd is running and conigured according to your specs. So, I'm not sure what's missing.