Re: SMTP Authentication

Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).

Ihor


Reed Lai wrote:
Yes, the new server leaks LOGIN in the 250-AUTH list!

New server
=========
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5

Functional server
==============
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN

I have checked the generated .cf file in the new server and there are
class and option listed

C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN

The new server has same configuration to old server, but has not LOGIN
in the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does
matter or not..

Reed

From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@xxxxxxxxxxx
Subject: Re: SMTP Authentication


Tray telnet to port 25 of your working SMTP server and compare the output.
Check
250-AUTH <list of supported auth mech>
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.

Ihor


Reed Lai wrote:
The maillog does not log the sm-mta: AUTH=server action. The functional
server has the AUTH=server action logged. How do I debug from this
different?

Reed

From: Reed Lai
Sent: Thursday, July 30, 2009 11:51 AM
To: FreeBSD Questions
Subject: Re: SMTP Authentication


The mail client is Windows Live Mail and it work well with the functional
server. Its SMTP authenication should be ok.

Reed


From: Ihor Prystay
Sent: Thursday, July 30, 2009 10:49 AM
To: freebsd-questions@xxxxxxxxxxx
Subject: Re: SMTP Authentication


your working server does support LOGIN mech while other one dosn't.
I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
auth, usually it's PLAIN or/and LOGIN.

Ihor



Reed Lai wrote:
Instruction of the "SMTP AUTO in sendmail 8.10-8.13" to test the
Sendmail

banyan# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = banyan
(canonical domain name) $j = banyan...com
(subdomain name) $m = ..com
(node name) $k = banyan...com
========================================================

root... deliverable: mailer local, user root

banyan# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
+0800 (CST)
ehlo localhost
250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP

The Sendmail test seems OK
But the SMTP authentication does not work from my mail client.

Reed


From: Reed Lai
Sent: Wednesday, July 29, 2009 5:37 PM
To: freebsd-questions@xxxxxxxxxxx
Subject: SMTP Authentication


Hi,

I have two freebsd mail servers both configured SMTP authentication:

FreeBSD Handbook 28.10 SMTP Authenticatin
http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html

SMTP AUTO in sendmail 8.10-8.13
http://www.sendmail.org/~ca/email/auth.html

One is functional, and the other one doesn't seem to work. Compare the
maillogs of the two servers, there is an AUTH=server message appear in
the
functional server, but the other one has not.

The maillog of functional server
======================
Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-....net
[59...147], authid=a660407, mech=LOGIN, bits=0
Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=<reedlai@...>,
size=1430, class=0, nrcpts=1,
msgid=<40F9CC65E8874D128639A39C1EEBD410@ReedXP>, proto=ESMTP,
daemon=IPv4,
relay=59-...net [59...147]

The other one
=========
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt,
arg1=<reedlai@...>, relay=59-...-147.HINET-IP.hinet.net [59...147],
reject=550 5.7.1 <reedlai@...>... Relaying denied
Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=<reedlai@...>,
size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4,
relay=59-...-147.HINET-IP.hinet.net [59...147]

It seems the other one's smtp authentication is not trigged.

Please help or tip me for something I forget.

Thank you!

Reed

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"



_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"


_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"


_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: SMTP Authentication
    ... And there is LOGIN option selected when installing the cyrus-sasl2. ... Subject: SMTP Authentication ... define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl ... Functional server ...
    (freebsd-questions)
  • Re: SMTP Authentication
    ... - do ldd on sendmail executable. ... Subject: SMTP Authentication ... recompile sasl with LOGIN mech support. ... Functional server ...
    (freebsd-questions)
  • Re: SMTP Authentication
    ... define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl ... Subject: SMTP Authentication ... recompile sasl with LOGIN mech support. ... Functional server ...
    (freebsd-questions)
  • Re: SMTP Authentication
    ... Subject: SMTP Authentication ... - do ldd on sendmail executable. ... recompile sasl with LOGIN mech support. ... Functional server ...
    (freebsd-questions)
  • Re: cannot access machine after apt-get dist-upgrade
    ... this is going to be my new server, so there's no GUI, only text mode, and it gets all the way to the login prompt, but the machine will not take keyboard input. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)