Re: sendmail auth

[t.liesner@creativ-consulting.de]

Am 16 Jun 2003 um 2:47 hat david l goodrich geschrieben:

> On Monday, June 16, 2003, at 02:30  am, Andrew Basterfield wrote:
> 
> > Hi
> >
> > I am trying to set up sendmail+sasl2 for smtp relaying auth. I wish to 
> > use
> > plaintext auth against the BSD passwd database (as SMTP will be over 
> > SSL).
> >
> > I have compiled sendmail with SASL by installing sasl2 from ports and
> > rebuilt sendmail with WANT_SMTPAUTH=y. In 
> > /usr/local/lib/sasl2/Sendmail.conf
> > I have 'pwcheck_method: passwd'. In my sendmail m4 I have
> >
> >   define(ConfAUTH_MECHANISMS',PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
> > KERBEROS_V4')dnl
> >   TRUST_AUTH_MECH('PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI 
> > KERBEROS_V4')dnl
> >
> > so I can telnet into port 25
> >
> >   ehlo localhost
> >   [...]
> >   250-AUTH GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

I cannot see any PLAIN here.
Have a look at your sasl makefile. Do you see anything like to following:

CONFIGURE_ARGS+=        --enable-plain \
                        --enable-static \
                        --enable-login \
                        --enable-krb4="/usr" \
                        --disable-gssapi \
                        --includedir="${PREFIX}/include/sasl" \
                        --with-pwcheck="/var/pwcheck"

If not, you have to recompile sasl to support auth plain.

Your sendmail should stat something like this:

250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN


> 
> if you're telnet'ing into the machine's port 25, it doesn't do anything 
> until you send it a line like AUTH CRAM-MD5 ... so either you're typing 
> that into the mail server via telnet, in which case we can't help you; 
> or you're using a mail client, which should be easily re-configured.

He probably didn' mean sniffing the telnet session...

His sendmail version doesn't support auth plain. Changing his mta config would not 
help a bit ;)

HTH,

//Tom