Thanks for the advice. Just to clarify, this is an enterprise SMTP server for a university, and we have used Sendmail for at least 25 years now. I have deployed and configured Sendmail on probably hundreds of servers over the years, but most of them are on internal networks and relay mail through this SMTP server. This is a high traffic SMTP server and its uptime is critical, so I would prefer to stay with Sendmail because it has always been rock solid in the past.
The issue here is that Sendmail with SASL auth doesn't seem to work the same way in Bullseye as it did in Wheezy, which is probably to be expected, given the large gap between versions. I'm just trying to track down anything I may have missed in my new Bullseye configuration, since the exact same config works fine in Wheezy. Thanks! On Mon, Sep 12, 2022 at 3:17 AM Henning Follmann <hfollm...@itcfollmann.com> wrote: > On Fri, Sep 09, 2022 at 11:55:06AM -0400, Dave Parker wrote: > > Hello, > > > > Years ago, I set up an SMTP server on Debian 7.5, running Sendmail > > configured for SASL authentication using an LDAP directory. I am now > > trying to set up a new one on Debian 11.5 in pretty much the same > > configuration, but SMTP auth does not work. I have verified that nslcd > and > > You have not "used" sendmail for several years. You should not use it. > Sendmail is very complex and extremely difficult to maintain, definetely > not > suitable for a "casual" user. > You should either use > 1) Exim (I do not like it, because it does not use standard logging. But > that > is personal taste) Its debians default. > > 2) Postfix > > I used sendmail for a decade but I switched over to Postfix years ago. > It is too hard to maintain. > > > > saslauthd are running, the sendmail, PAM and NSS configurations all look > > good, and ldapsearch returns a result using the settings from > > pam_ldap.conf. When I open a connection to the old server and issue AUTH > > PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials > as > > expected. But when I do the same on the new server, I get a "535 5.7.0 > > authentication failed" response. > > > > I ran a tcpdump on this SMTP server during an auth attempt, and there was > > no traffic to or from the LDAP server. > > > > I literally copied all of the configs over from the old server and > Sendmail > > starts up fine, but still no auth. Does anyone know where I might look > for > > the breakage? > > > > Old server (works): > > - Sendmail 8.14.4 > > - SASL (libs/modules/bin) 2.1.25 > > - libnss-ldap 264 > > - libpam-ldap 184 > > > > New server (doesn't work): > > - Sendmail 8.15.2 > > - SASL (lib/modules/bin) 2.1.27 > > - libnss-ldapd 0.9.11 (because libnss-ldap is deprecated) > > - libpam-ldap 186 > > You need an external authentication daemon for sasl to work. > I guess based on the age of your old system, it was courier in your case. > > Today I would prefer dovecot. > > > > > > > Thanks! > > Dave > > > > -- > > Dave Parker '11 > > Database & Systems Administrator > > Utica University > > Integrated Information Technology Services > > 315-792-3229 > > He/Him > > -- > Henning Follmann | hfollm...@itcfollmann.com > > -- Dave Parker '11 Database & Systems Administrator Utica University Integrated Information Technology Services 315-792-3229 He/Him
