Sendmail with relay (SMART_HOST), STARTTLS and AUTH

To: netbsd-users%netbsd.org@localhost
Subject: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
From: tlaronde%polynum.com@localhost
Date: Tue, 5 Oct 2021 16:27:27 +0200

Hello,

I'm trying to set-up a node with sendmail(8).

In order to not be blocked, eventually, by some firewall rule on port
25, I'm relaying mail to a smart host, listening on port 587 for
STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.

For relaying, forwarding to port 587 and starting TLS with sendmail, no
problem after adding the needed options for the compilation of the
package.

But whatever I'm trying to do, having added a
/usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
sendmail, without dialoguing with the server (for this; STARTTLS
is OK) always answers:

no worthy mechs found

So the blocking comes from sendmail. I have verified by telnet, that
doing authenfication by hand works.

From a search on the Web, when this kind of message is issued with
Postfix, on Linux based distribution, the problem is solved whether
by adding sasl modules or by specifying a configuration variable
for Postfix allowing plaintext authenfications (that is not allowed
by default).

But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
are sufficient and there is no such thing as this sasl-security
conf variable for sendmail.

FWIW, here is the relevant part of my .mc file:

define(`SMART_HOST',`mail.example.com')dnl
dnl # Do I really need this since I'm not doing local authentification?
define(`TRUST_AUTH_MECH', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p')dnl
FEATURE(`authinfo')dnl
FEATURE(`no_default_msa')dnl turn off default entry for MSA
DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl

If someone has any clue, I would be very grateful!

TIA,
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

Follow-Ups:
- Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: tlaronde
- Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: Manuel Bouyer

Prev by Date: Re: Editing PDFs
Next by Date: Re: GOP and using monitor
Previous by Thread: encrypted root triggers file system check after each boot
Next by Thread: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Indexes:

Home | Main Index | Thread Index | Old Index