SMTP authentication not working

Mike Kercher mike at vesol.com
Mon Feb 19 01:49:55 CET 2007 

Here's the relevant section from my sendmail.mc:

dnl #
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
PLAIN SASL')dnl

dnl # The following causes sendmail to additionally listen to port 587
for
dnl # mail from MUAs that authenticate. Roaming users who can't reach
their
dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

Then:

[root at mail mail]# cat /etc/sysconfig/saslauthd 
# Directory in which to place saslauthd's listening socket, pid file,
and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a
list
# of which mechanism your installation was compiled to use.
MECH=pam

# Additional flags to pass to saslauthd on the command line.  See
saslauthd(8)
# for the list of accepted flags.
FLAGS=

That's all I do to get saslauthd running.

Mike



: -----Original Message-----
: From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
: bounces at lists.mailscanner.info] On Behalf Of Chris Yuzik
: Sent: Sunday, February 18, 2007 1:39 PM
: To: MailScanner discussion
: Subject: OT: SMTP authentication not working
: 
: Hi everyone,
: 
: I really need some help with Sendmail/Saslauthd; I cannot get this
: development server to authenticate an SMTP user to allow relaying.
I've
: spent hours RTFMing, googling, etc, but am obviously missing
something,
: and another pair of eyes might help.
: 
: This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5),
: and
: Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4,
: cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc.,
: but those are not likely involved in today's challenge.
: 
: Here is the information I've been going over in an attempt to figure
: this out:
: 
: Here are sections of sendmail.mc that seem to be related to this
issue:
: 
: # grep AUTH sendmail.mc
: define(`confAUTH_OPTIONS',`A')
: dnl define(`confAUTH_OPTIONS', `A p')dnl
: dnl # Please remember that saslauthd needs to be running for AUTH.
: TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
: define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
: LOGIN
: PLAIN')dnl
: 
: # cat /usr/lib/sasl2/Sendmail.conf
: pwcheck_method:saslauthd
: 
: I think that saslauthd seems to be working because if I check it in
the
: shell with the correct password, it replies "Success", and fails with
: the wrong password.
: 
: #testsaslauthd -u test at domain1.com -p testpass
: 0: OK "Success."
: #testsaslauthd -u test at domain1.com -p testpassxx
: 0: NO "authentication failed"
: 
: I also tried stopping the saslauthd service and running it manually,
: then attempting to send a message:
: 
: # /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d
: saslauthd[4587] :main            : num_procs  : 5
: saslauthd[4587] :main            : mech_option: NULL
: saslauthd[4587] :main            : run_path   : /var/run/saslauthd
: saslauthd[4587] :main            : auth_mech  : shadow
: saslauthd[4587] :ipc_init        : using accept lock file:
: /var/run/saslauthd/mux.accept
: saslauthd[4587] :detach_tty      : master pid is: 0
: saslauthd[4587] :ipc_init        : listening on socket:
: /var/run/saslauthd/mux
: saslauthd[4587] :main            : using process model
: saslauthd[4588] :get_accept_lock : acquired accept lock
: saslauthd[4587] :have_baby       : forked child: 4588
: saslauthd[4587] :have_baby       : forked child: 4589
: saslauthd[4587] :have_baby       : forked child: 4590
: saslauthd[4587] :have_baby       : forked child: 4591
: saslauthd[4588] :rel_accept_lock : released accept lock
: saslauthd[4589] :get_accept_lock : acquired accept lock
: saslauthd[4588] :do_auth         : auth failure: [user=test]
: [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown]
: saslauthd[4588] :do_request      : response: NO
: 
: # tail -f /var/log/maillog
: Feb 18 10:22:39 devel pop3-login: Login: test at domain1.com
: [::ffff:xx.xx.xx.xx]
:     [here is a check from Vista "Windows Mail"]
: Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601:
: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN
: during connection to MTA
:     [here is a check from Thunderbird]
: Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612:
: testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH,
: count=6
: Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612:
: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN
: during connection to MTA
: 
: # tail -f /var/log/messages
: Feb 18 11:25:12 devel saslauthd[4589]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:24 devel saslauthd[4588]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:43 devel sendmail[4894]: no secret in database
: Feb 18 11:25:43 devel saslauthd[4589]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:43 devel sendmail[4894]: Password verification failed
: Feb 18 11:25:43 devel saslauthd[4588]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:50 devel sendmail[4894]: no secret in database
: Feb 18 11:25:50 devel saslauthd[4589]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:50 devel sendmail[4894]: Password verification failed
: Feb 18 11:25:51 devel saslauthd[4588]: do_auth         : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: 
: As you can see, I'm stuck. Any assistance would be very much
: appreciated.
: 
: Thanks,
: Chris
: --
: MailScanner mailing list
: mailscanner at lists.mailscanner.info
: http://lists.mailscanner.info/mailman/listinfo/mailscanner
: 
: Before posting, read http://wiki.mailscanner.info/posting
: 
: Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list