Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaronde%polynum.com@localhost wrote:
> Hello,
> 
> I'm trying to set-up a node with sendmail(8).
> 
> In order to not be blocked, eventually, by some firewall rule on port
> 25, I'm relaying mail to a smart host, listening on port 587 for
> STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.
> 
> For relaying, forwarding to port 587 and starting TLS with sendmail, no
> problem after adding the needed options for the compilation of the
> package.
> 
> But whatever I'm trying to do, having added a
> /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
> cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
> sendmail, without dialoguing with the server (for this; STARTTLS
> is OK) always answers:
> 
> no worthy mechs found
> 
> So the blocking comes from sendmail. I have verified by telnet, that
> doing authenfication by hand works.
> 
> >From a search on the Web, when this kind of message is issued with
> Postfix, on Linux based distribution, the problem is solved whether
> by adding sasl modules or by specifying a configuration variable
> for Postfix allowing plaintext authenfications (that is not allowed
> by default).
> 
> But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
> are sufficient and there is no such thing as this sasl-security
> conf variable for sendmail.

For sasl suport (as a server, not as a client though) I have to build sendmail
with
PKG_OPTIONS.sendmail+=sasl tls

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--