PHWinfo - Afficher un message - sendmail + auth as client to ISP, but internally (imap) no auth wanted

17/08/2006, 15h20

On Thu, 17 Aug 2006 15:23:29 +0200 Uwe Behle wrote:

> my ISP informed me that they will be using smtp auth soon, so I made the
> necessary changes in my sendmail.mc:
>
> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> PLAIN')dnl
> FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
>
> The ISP suggests not to use TLS/SSL (no idea why), but seems to accept
> STARTTLS, so the LOGIN and PLAIN methods are at least encrypted:
>
> Aug 17 10:51:52 webbie sendmail[13782]: STARTTLS=client, relay=...,
> version=TLSv1/SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168
>
>
> Now I have the problem, that local authentication does not work. I get
> this error with the new sendmail.cf:
>
> Aug 17 11:05:45 webbie sendmail[13858]: k7H95hHn013857: AUTH=client,
> available mechanisms do not fulfill requirements
> Aug 17 11:05:45 webbie sendmail[13858]: AUTH=client, relay=localhost,
> temporary failure, connection abort
> Aug 17 11:05:45 webbie sendmail[13858]: k7H95hHn013857: to=posting3,
> delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=162089,
> relay=localhost, dsn=4.7.1, stat=Deferred: Temporary AUTH failure
>
>
> Since on my mail-gw sendmail passes any incoming mail on to cyrus-imap,
> I don't need this type of authentication and would like to use it only
> for sending mail to my ISP's relay.

In access_db you have set relay for localhost / 127.0.0.1?

> MAILER(smtp)dnl
> MAILER(procmail)dnl
> MAILER(local)dnl
> MAILER(cyrusv2)dnl
> define(`CYRUSV2_MAILER_FLAGS',`A5@W')dnl
> define(`CYRUSV2_LMTP_SOCKET',`/var/lib/imap/socket/lmtp')dnl
> define(`confLOCAL_MAILER',`cyrusv2')dnl

Do not set such mailer modifications below any MAILER.

> dnl LOCAL_RULE_0
> dnl R$=N $: $#local $: $1
> dnl R$=N < @ $=w . > $: $#local $: $1
> dnl Rbb + $+ < @ $=w . > $#cyrusbb $: $1
>
>
> Is there any way to configure that? Can I disable AUTH for local mail
> delivery? Do I need to enable some AUTH-METHODS (PLAIN and LOGIN) for
> local delivery (and sasl)?

First + second question: yes, use access_db
Third question: no.

> Uwe

Alexander

--
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 16:17:23 up 2 days, 21:23, load average: 0.34, 0.25, 0.26

17/08/2006, 15h20	#2
Alexander Dalloz Messages: n/a Hébergeur:	Re: sendmail + auth as client to ISP, but internally (imap) no auth wanted On Thu, 17 Aug 2006 15:23:29 +0200 Uwe Behle wrote: > my ISP informed me that they will be using smtp auth soon, so I made the > necessary changes in my sendmail.mc: > > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl > > The ISP suggests not to use TLS/SSL (no idea why), but seems to accept > STARTTLS, so the LOGIN and PLAIN methods are at least encrypted: > > Aug 17 10:51:52 webbie sendmail[13782]: STARTTLS=client, relay=..., > version=TLSv1/SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168 > > > Now I have the problem, that local authentication does not work. I get > this error with the new sendmail.cf: > > Aug 17 11:05:45 webbie sendmail[13858]: k7H95hHn013857: AUTH=client, > available mechanisms do not fulfill requirements > Aug 17 11:05:45 webbie sendmail[13858]: AUTH=client, relay=localhost, > temporary failure, connection abort > Aug 17 11:05:45 webbie sendmail[13858]: k7H95hHn013857: to=posting3, > delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=162089, > relay=localhost, dsn=4.7.1, stat=Deferred: Temporary AUTH failure > > > Since on my mail-gw sendmail passes any incoming mail on to cyrus-imap, > I don't need this type of authentication and would like to use it only > for sending mail to my ISP's relay. In access_db you have set relay for localhost / 127.0.0.1? > MAILER(smtp)dnl > MAILER(procmail)dnl > MAILER(local)dnl > MAILER(cyrusv2)dnl > define(`CYRUSV2_MAILER_FLAGS',`A5@W')dnl > define(`CYRUSV2_LMTP_SOCKET',`/var/lib/imap/socket/lmtp')dnl > define(`confLOCAL_MAILER',`cyrusv2')dnl Do not set such mailer modifications below any MAILER. > dnl LOCAL_RULE_0 > dnl R$=N $: $#local $: $1 > dnl R$=N < @ $=w . > $: $#local $: $1 > dnl Rbb + $+ < @ $=w . > $#cyrusbb $: $1 > > > Is there any way to configure that? Can I disable AUTH for local mail > delivery? Do I need to enable some AUTH-METHODS (PLAIN and LOGIN) for > local delivery (and sasl)? First + second question: yes, use access_db Third question: no. > Uwe Alexander -- Alexander Dalloz \| Löhne, Germany \| GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 16:17:23 up 2 days, 21:23, load average: 0.34, 0.25, 0.26