Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH

To: netbsd-users%netbsd.org@localhost
Subject: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
From: tlaronde%polynum.com@localhost
Date: Tue, 5 Oct 2021 19:26:34 +0200

Le Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaronde%polynum.com@localhost a écrit :
> Hello,
> 
> I'm trying to set-up a node with sendmail(8).
> 
> In order to not be blocked, eventually, by some firewall rule on port
> 25, I'm relaying mail to a smart host, listening on port 587 for
> STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.
> 
> For relaying, forwarding to port 587 and starting TLS with sendmail, no
> problem after adding the needed options for the compilation of the
> package.
> 
> But whatever I'm trying to do, having added a
> /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
> cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
> sendmail, without dialoguing with the server (for this; STARTTLS
> is OK) always answers:
> 
> no worthy mechs found
> 
> So the blocking comes from sendmail. I have verified by telnet, that
> doing authenfication by hand works.
> 
> >From a search on the Web, when this kind of message is issued with
> Postfix, on Linux based distribution, the problem is solved whether
> by adding sasl modules or by specifying a configuration variable
> for Postfix allowing plaintext authenfications (that is not allowed
> by default).
> 
> But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
> are sufficient and there is no such thing as this sasl-security
> conf variable for sendmail.
> 
> FWIW, here is the relevant part of my .mc file:
> 
> define(`SMART_HOST',`mail.example.com')dnl
> dnl # Do I really need this since I'm not doing local authentification?
> define(`TRUST_AUTH_MECH', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`confAUTH_OPTIONS', `A p')dnl
> FEATURE(`authinfo')dnl
> FEATURE(`no_default_msa')dnl turn off default entry for MSA
> DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')dnl
> 
> If someone has any clue, I would be very grateful!


The solution was given by Jason Mitchell: one needs to add the sasl
modules, i.e., for pkgsrc, the security/cy2-* packages corresponding to
the mechanisms to use.

Once installed, it works.

Thank you to Jason for the helpful answer!
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

References:
- Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: tlaronde

Prev by Date: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Next by Date: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Previous by Thread: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Indexes:

Home | Main Index | Thread Index | Old Index