On Mon, Sep 12, 2022 at 12:42:00PM -0400, Dave Parker wrote: > On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann <hfollm...@itcfollmann.com> > wrote: > > > > > First, please do not top post. > > > > On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote: > > > Thanks for the advice. Just to clarify, this is an enterprise SMTP > > server > > > for a university, and we have used Sendmail for at least 25 years now. I > > > have deployed and configured Sendmail on probably hundreds of servers > > over > > > the years, but most of them are on internal networks and relay mail > > > through this SMTP server. This is a high traffic SMTP server and its > > > uptime is critical, so I would prefer to stay with Sendmail because it > > has > > > always been rock solid in the past. > > > > Understood. And I apologize. I assumed because of the old version of your > > existing installation a less actively maintained situation and made a snap > > judgement about your experience. > > I also never said sendmail is not a solid MTA. I stated it is extremely > > difficult to maintain. > > Also other MTA are well suited for high traffic servers. Exim is used > > by ISPs with extremely high traffic. > > > > > > > > The issue here is that Sendmail with SASL auth doesn't seem to work the > > > same way in Bullseye as it did in Wheezy, which is probably to be > > expected, > > > given the large gap between versions. I'm just trying to track down > > > anything I may have missed in my new Bullseye configuration, since the > > > exact same config works fine in Wheezy. > > > > > > > Well, in my previous post I might hinted at your issue. > > > > Please check if courier-authdaemon or dovecot-core is installed. > > Both provide an sasl authdaemon. > > I do not know anything about your old installation so you have to > > figure out, how and where the unix socket of the daemon is located. > > If you use a chroot environment you must make sure the socket is accessible > > to sendmail. > > > > > My apologies for the top post. We use Google for our institutional email, > and the Gmail interface defaults to that when I reply to a message. > > Looking at the existing Wheezy server which works correctly, I do not see > anything providing an auth daemon besides saslauthd: > > # dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot' > libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1 > libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1 > sasl2-bin 2.1.25.dfsg1-6+deb7u1 > sendmail 8.14.4-4 > sendmail-base 8.14.4-4 > sendmail-bin 8.14.4-4 > sendmail-cf 8.14.4-4 > > So I guess my question is, do I need one now on the Bullseye server, if > saslauthd always worked for this before? >
OK, that's an option too. Now I would check if sasl works. There is an little helper program; try: testsaslauthd -u <username> -p <password> you might have to specify the location (-f path) of the unix socket if it is located somewhere uncommon. If your authentication works then the communication between sendmail and saslauthd is not working. -H -- Henning Follmann | hfollm...@itcfollmann.com