> Recently I turned on SMTP AUTH, and everything was working well. Sendmail > would relay mail for authenticated users using SASL. A few days ago, > users > were unable to send mail anymore using SASL. Outlook Express (and other > various mail clients) would not authenticate. > > If I telnet to port 25, I get: > > [EMAIL PROTECTED] mail]# telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 brueggers.com ESMTP Sendmail 8.12.8/8.12.8; Tue, 5 Aug 2003 13:38:43 > -0400 > ehlo brueggers.com > 250-brueggers.com Hello atlas.brueggers.com [127.0.0.1], pleased to meet > you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-ETRN > 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN > 250-DELIVERBY > 250 HELP > QUIT > > It looks as if it is set up to use AUTH. I have users in my sasl > database: > > [EMAIL PROTECTED] mail]# sasldblistusers > user: daustin realm: mail.brueggers.com mech: PLAIN > user: ccampbell realm: mail.brueggers.com mech: CRAM-MD5 > user: daustin realm: mail.brueggers.com mech: DIGEST-MD5 > user: ccampbell realm: mail.brueggers.com mech: PLAIN > user: daustin realm: mail.brueggers.com mech: CRAM-MD5 > user: ccampbell realm: mail.brueggers.com mech: DIGEST-MD5 > > I seem to be able to be authenticated (ccampbell), but the other user > (daustin) is unable. ccampbell has a user account on the machine, but > daustin doesn't (and never has). > > I've tried deleting the users, and recreating them in the sasl database. > I've even removed the /etc/sasldb and started fresh. > > Any ideas why daustin wouldn't be able to authenticate? > > I'm running on RH8.0. > > Thanks in advance, > > Christian
Obviously, something has changed if it was working before. Here's a couple of things to check. In /etc/mail/sendmail.mc look for the following lines... dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. In other words, if this line is not commented out (dnl infront) try removing the "p" so that it looks like... define(`confAUTH_OPTIONS', `A')dnl Also, I had to add the following DONT_BLAME_SENDMAIL directive to get sendmail to read the sasldb after making /etc/sasldb group readable. define(`confDONT_BLAME_SENDMAIL',`groupreadablesasldbfile')dnl If you do make changes remember to do a "make -C /etc/mail" and restart sendmail. Gerry -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
