OT: SMTP authentication not working

Chris Yuzik itdept at fractalweb.com
Sun Feb 18 20:39:11 CET 2007


Hi everyone,

I really need some help with Sendmail/Saslauthd; I cannot get this 
development server to authenticate an SMTP user to allow relaying. I've 
spent hours RTFMing, googling, etc, but am obviously missing something, 
and another pair of eyes might help.

This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5), and 
Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4, 
cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc., 
but those are not likely involved in today's challenge.

Here is the information I've been going over in an attempt to figure 
this out:

Here are sections of sendmail.mc that seem to be related to this issue:

# grep AUTH sendmail.mc
define(`confAUTH_OPTIONS',`A')
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # Please remember that saslauthd needs to be running for AUTH.
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN 
PLAIN')dnl

# cat /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

I think that saslauthd seems to be working because if I check it in the 
shell with the correct password, it replies "Success", and fails with 
the wrong password.

#testsaslauthd -u test at domain1.com -p testpass
0: OK "Success."
#testsaslauthd -u test at domain1.com -p testpassxx
0: NO "authentication failed"

I also tried stopping the saslauthd service and running it manually, 
then attempting to send a message:

# /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d
saslauthd[4587] :main            : num_procs  : 5
saslauthd[4587] :main            : mech_option: NULL
saslauthd[4587] :main            : run_path   : /var/run/saslauthd
saslauthd[4587] :main            : auth_mech  : shadow
saslauthd[4587] :ipc_init        : using accept lock file: 
/var/run/saslauthd/mux.accept
saslauthd[4587] :detach_tty      : master pid is: 0
saslauthd[4587] :ipc_init        : listening on socket: 
/var/run/saslauthd/mux
saslauthd[4587] :main            : using process model
saslauthd[4588] :get_accept_lock : acquired accept lock
saslauthd[4587] :have_baby       : forked child: 4588
saslauthd[4587] :have_baby       : forked child: 4589
saslauthd[4587] :have_baby       : forked child: 4590
saslauthd[4587] :have_baby       : forked child: 4591
saslauthd[4588] :rel_accept_lock : released accept lock
saslauthd[4589] :get_accept_lock : acquired accept lock
saslauthd[4588] :do_auth         : auth failure: [user=test] 
[service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown]
saslauthd[4588] :do_request      : response: NO

# tail -f /var/log/maillog
Feb 18 10:22:39 devel pop3-login: Login: test at domain1.com 
[::ffff:xx.xx.xx.xx]
    [here is a check from Vista "Windows Mail"]
Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601: 
testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN 
during connection to MTA
    [here is a check from Thunderbird]
Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612: 
testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH, 
count=6
Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612: 
testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN 
during connection to MTA

# tail -f /var/log/messages
Feb 18 11:25:12 devel saslauthd[4589]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]
Feb 18 11:25:24 devel saslauthd[4588]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]
Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db 
/etc/sasldb2: Bad file descriptor
Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db 
/etc/sasldb2: Bad file descriptor
Feb 18 11:25:43 devel sendmail[4894]: no secret in database
Feb 18 11:25:43 devel saslauthd[4589]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]
Feb 18 11:25:43 devel sendmail[4894]: Password verification failed
Feb 18 11:25:43 devel saslauthd[4588]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]
Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db 
/etc/sasldb2: Bad file descriptor
Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db 
/etc/sasldb2: Bad file descriptor
Feb 18 11:25:50 devel sendmail[4894]: no secret in database
Feb 18 11:25:50 devel saslauthd[4589]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]
Feb 18 11:25:50 devel sendmail[4894]: Password verification failed
Feb 18 11:25:51 devel saslauthd[4588]: do_auth         : auth failure: 
[user=test] [service=smtp] [realm=domain1.com] [mech=shadow] 
[reason=Unknown]

As you can see, I'm stuck. Any assistance would be very much appreciated.

Thanks,
Chris


More information about the MailScanner mailing list