PHWinfo - Afficher un message - sendmail + auth as client to ISP, but internally (imap) no auth wanted

19/08/2006, 09h27

Alexander Dalloz wrote:
> On Fri, 18 Aug 2006 20:06:26 +0200 Uwe Behle wrote:
>
>> I am still not any further. As soon as I put the line
>>
>> FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
>
> What did you set in the client-info file? Especially the "M:" setting is
> of interest. And please tell us which MECHs your ISP's MTA offers you.

To make that clear: the authentication to my ISP works just fine with
the authinfo feature; her is the data:

AuthInfo: "U:xxx" "I:xxx@yyyy.de" "P:zzzz" "M:LOGIN"
and ISP:

250-DSN
250-SIZE 10485760
250-STARTTLS
250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM
250-ETRN
250-TURN
250-ATRN
250-NO-SOLICITING
250-
250-PIPELINING
250 EHLO

>>
>> saslauthd -v
>> saslauthd 2.1.18
>> authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
>
> That is of interest if you would offer AUTH with Sendmail as server. You
> try to configure Sendmail as client side.
>

Actually, The client side works fine. I am not sure how to
configure/disable the server part of sendmail. Is that the
TRUST_AUTH_MECH in sendmail.mc?

My understanding is that the AuthInfo feature only affects the client
side. The only explanation would be that sendmail acts as client when
communicating with the cyrus2 mailer. The following lines seem to
support that:

(without AuthInfo method):
Aug 19 05:10:44 webbie lmtpunix[7023]: lmtp connection preauth'd as postman
Aug 19 05:10:44 webbie sendmail[7022]: AUTH=client, relay=localhost,
mech=, bits=0

(with AuthInfo method):

Aug 17 10:53:52 webbie lmtpunix[13720]: lmtp connection preauth'd as postman
Aug 17 10:53:52 webbie master[13786]: about to exec
/usr/lib/cyrus-imapd/lmtpd
Aug 17 10:53:52 webbie sendmail[13784]: k7H8rnFe013783: AUTH=client,
available mechanisms do not fulfill requirements
Aug 17 10:53:52 webbie sendmail[13784]: AUTH=client, relay=localhost,
temporary failure, connection abort

>> and in sendmail I have:
>>
>> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
>>
>> So I changed the /usr/lib/sasl2/Sendmail.conf: pwcheck_method:saslauthd
>> mech_list:EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
>
> Sendmail server SMTP AUTH configuration. For that it too matter how
> saslauthd is configured to run.

My SMTP AUTH settings are:

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250

How do I get saslauthd to use the LOGIN method or configure sendmail to
use saslauthd compatible methods?

Is my understanding correct that saslauthd -v displays only the
"external" authentication methods, involving the os (passwd or shadow)
or other autenticators (PAM, ldap, kerberos).
The Sendmail.conf affects the "internal" methods (namely in comunication
with sendmail). But how do I check if they are configured and work?

I am also not sure what the role of lmtpd is. It is configured to run
with -a (preauth'd). Could that be the problem?

Uwe

19/08/2006, 09h27	#8
Uwe Behle Messages: n/a Hébergeur:	Re: sendmail + auth as client to ISP, but internally (imap) no authwanted Alexander Dalloz wrote: > On Fri, 18 Aug 2006 20:06:26 +0200 Uwe Behle wrote: > >> I am still not any further. As soon as I put the line >> >> FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl > > What did you set in the client-info file? Especially the "M:" setting is > of interest. And please tell us which MECHs your ISP's MTA offers you. To make that clear: the authentication to my ISP works just fine with the authinfo feature; her is the data: AuthInfo: "U:xxx" "I:xxx@yyyy.de" "P:zzzz" "M:LOGIN" and ISP: 250-DSN 250-SIZE 10485760 250-STARTTLS 250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM 250-ETRN 250-TURN 250-ATRN 250-NO-SOLICITING 250- 250-PIPELINING 250 EHLO >> >> saslauthd -v >> saslauthd 2.1.18 >> authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap > > That is of interest if you would offer AUTH with Sendmail as server. You > try to configure Sendmail as client side. > Actually, The client side works fine. I am not sure how to configure/disable the server part of sendmail. Is that the TRUST_AUTH_MECH in sendmail.mc? My understanding is that the AuthInfo feature only affects the client side. The only explanation would be that sendmail acts as client when communicating with the cyrus2 mailer. The following lines seem to support that: (without AuthInfo method): Aug 19 05:10:44 webbie lmtpunix[7023]: lmtp connection preauth'd as postman Aug 19 05:10:44 webbie sendmail[7022]: AUTH=client, relay=localhost, mech=, bits=0 (with AuthInfo method): Aug 17 10:53:52 webbie lmtpunix[13720]: lmtp connection preauth'd as postman Aug 17 10:53:52 webbie master[13786]: about to exec /usr/lib/cyrus-imapd/lmtpd Aug 17 10:53:52 webbie sendmail[13784]: k7H8rnFe013783: AUTH=client, available mechanisms do not fulfill requirements Aug 17 10:53:52 webbie sendmail[13784]: AUTH=client, relay=localhost, temporary failure, connection abort >> and in sendmail I have: >> >> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl >> >> So I changed the /usr/lib/sasl2/Sendmail.conf: pwcheck_method:saslauthd >> mech_list:EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN > > Sendmail server SMTP AUTH configuration. For that it too matter how > saslauthd is configured to run. My SMTP AUTH settings are: 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 How do I get saslauthd to use the LOGIN method or configure sendmail to use saslauthd compatible methods? Is my understanding correct that saslauthd -v displays only the "external" authentication methods, involving the os (passwd or shadow) or other autenticators (PAM, ldap, kerberos). The Sendmail.conf affects the "internal" methods (namely in comunication with sendmail). But how do I check if they are configured and work? I am also not sure what the role of lmtpd is. It is configured to run with -a (preauth'd). Could that be the problem? Uwe