SMTP authentication not working
Mike Kercher
mike at vesol.com
Mon Feb 19 01:51:28 CET 2007
Note:
Your configs do not list SASL as a trusted mechanism.
Mike
: -----Original Message-----
: From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
: bounces at lists.mailscanner.info] On Behalf Of Chris Yuzik
: Sent: Sunday, February 18, 2007 1:39 PM
: To: MailScanner discussion
: Subject: OT: SMTP authentication not working
:
: Hi everyone,
:
: I really need some help with Sendmail/Saslauthd; I cannot get this
: development server to authenticate an SMTP user to allow relaying.
I've
: spent hours RTFMing, googling, etc, but am obviously missing
something,
: and another pair of eyes might help.
:
: This system is running Centos 4.4, with Sendmail (8.13.1-3.RHEL4.5),
: and
: Cyrus (cyrus-sasl-md5-2.1.19-5.EL4, cyrus-sasl-plain-2.1.19-5.EL4,
: cyrus-sasl-2.1.19-5.EL4). It's also running MailScanner, ClamAV, etc.,
: but those are not likely involved in today's challenge.
:
: Here is the information I've been going over in an attempt to figure
: this out:
:
: Here are sections of sendmail.mc that seem to be related to this
issue:
:
: # grep AUTH sendmail.mc
: define(`confAUTH_OPTIONS',`A')
: dnl define(`confAUTH_OPTIONS', `A p')dnl
: dnl # Please remember that saslauthd needs to be running for AUTH.
: TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
: define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
: LOGIN
: PLAIN')dnl
:
: # cat /usr/lib/sasl2/Sendmail.conf
: pwcheck_method:saslauthd
:
: I think that saslauthd seems to be working because if I check it in
the
: shell with the correct password, it replies "Success", and fails with
: the wrong password.
:
: #testsaslauthd -u test at domain1.com -p testpass
: 0: OK "Success."
: #testsaslauthd -u test at domain1.com -p testpassxx
: 0: NO "authentication failed"
:
: I also tried stopping the saslauthd service and running it manually,
: then attempting to send a message:
:
: # /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow -d
: saslauthd[4587] :main : num_procs : 5
: saslauthd[4587] :main : mech_option: NULL
: saslauthd[4587] :main : run_path : /var/run/saslauthd
: saslauthd[4587] :main : auth_mech : shadow
: saslauthd[4587] :ipc_init : using accept lock file:
: /var/run/saslauthd/mux.accept
: saslauthd[4587] :detach_tty : master pid is: 0
: saslauthd[4587] :ipc_init : listening on socket:
: /var/run/saslauthd/mux
: saslauthd[4587] :main : using process model
: saslauthd[4588] :get_accept_lock : acquired accept lock
: saslauthd[4587] :have_baby : forked child: 4588
: saslauthd[4587] :have_baby : forked child: 4589
: saslauthd[4587] :have_baby : forked child: 4590
: saslauthd[4587] :have_baby : forked child: 4591
: saslauthd[4588] :rel_accept_lock : released accept lock
: saslauthd[4589] :get_accept_lock : acquired accept lock
: saslauthd[4588] :do_auth : auth failure: [user=test]
: [service=smtp] [realm=domain1.com] [mech=shadow] [reason=Unknown]
: saslauthd[4588] :do_request : response: NO
:
: # tail -f /var/log/maillog
: Feb 18 10:22:39 devel pop3-login: Login: test at domain1.com
: [::ffff:xx.xx.xx.xx]
: [here is a check from Vista "Windows Mail"]
: Feb 18 10:22:50 devel sendmail[4601]: l1IIMoiU004601:
: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN
: during connection to MTA
: [here is a check from Thunderbird]
: Feb 18 10:25:12 devel sendmail[4612]: l1IIP0Yu004612:
: testbox.someisp.net [xx.xx.xx.xx]: possible SMTP attack: command=AUTH,
: count=6
: Feb 18 10:25:36 devel sendmail[4612]: l1IIP0Yu004612:
: testbox.someisp.net [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN
: during connection to MTA
:
: # tail -f /var/log/messages
: Feb 18 11:25:12 devel saslauthd[4589]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:24 devel saslauthd[4588]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:43 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:43 devel sendmail[4894]: no secret in database
: Feb 18 11:25:43 devel saslauthd[4589]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:43 devel sendmail[4894]: Password verification failed
: Feb 18 11:25:43 devel saslauthd[4588]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:50 devel sendmail[4894]: unable to open Berkeley db
: /etc/sasldb2: Bad file descriptor
: Feb 18 11:25:50 devel sendmail[4894]: no secret in database
: Feb 18 11:25:50 devel saslauthd[4589]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
: Feb 18 11:25:50 devel sendmail[4894]: Password verification failed
: Feb 18 11:25:51 devel saslauthd[4588]: do_auth : auth failure:
: [user=test] [service=smtp] [realm=domain1.com] [mech=shadow]
: [reason=Unknown]
:
: As you can see, I'm stuck. Any assistance would be very much
: appreciated.
:
: Thanks,
: Chris
: --
: MailScanner mailing list
: mailscanner at lists.mailscanner.info
: http://lists.mailscanner.info/mailman/listinfo/mailscanner
:
: Before posting, read http://wiki.mailscanner.info/posting
:
: Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list