Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH

To: Jason Mitchell <jmitchel%bigjar.com@localhost>
Subject: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
From: tlaronde%polynum.com@localhost
Date: Tue, 5 Oct 2021 18:48:59 +0200

Hello,

Le Tue, Oct 05, 2021 at 12:26:30PM -0400, Jason Mitchell a écrit :
> On 10/5/21 12:12 PM, Manuel Bouyer wrote:
> > On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaronde%polynum.com@localhost wrote:
> > > Hello,
> > > 
> > > I'm trying to set-up a node with sendmail(8).
> > > 
> > > In order to not be blocked, eventually, by some firewall rule on port
> > > 25, I'm relaying mail to a smart host, listening on port 587 for
> > > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.
> > > 
> > > For relaying, forwarding to port 587 and starting TLS with sendmail, no
> > > problem after adding the needed options for the compilation of the
> > > package.
> > > 
> > > But whatever I'm trying to do, having added a
> > > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
> > > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
> > > sendmail, without dialoguing with the server (for this; STARTTLS
> > > is OK) always answers:
> > > 
> > > no worthy mechs found
> > > 
> > > So the blocking comes from sendmail. I have verified by telnet, that
> > > doing authenfication by hand works.
> > > 
> > > >From a search on the Web, when this kind of message is issued with
> > > Postfix, on Linux based distribution, the problem is solved whether
> > > by adding sasl modules or by specifying a configuration variable
> > > for Postfix allowing plaintext authenfications (that is not allowed
> > > by default).
> > > 
> > > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
> > > are sufficient and there is no such thing as this sasl-security
> > > conf variable for sendmail.
> > For sasl suport (as a server, not as a client though) I have to build sendmail
> > with
> > PKG_OPTIONS.sendmail+=sasl tls
> > 
> It doesn't look like you installed the cy2_login and cy2_plain packages. I
> don't quite understand how it all fits together, but you need to install the
> cy2_ package for whatever mech you want to support. I guess these are where
> the modules live on NetBSD?

You are very probably right since this matches what other installations
(postfix on linuces) require: the modules.

It's a bit unfortunate that in pkgsrc the library and the saslauthd are
prefixed "cyrus" while the modules are prefixed "cy2". I brutally
grep'ed for "cyrus*" and found nothing more.

I will send a message for archive for other users if this is indeed the
solution, but it seems very likely---I gather that saslauthd is for
dialoguing with a user trying to connect to the sendmail server on the
node, but that sendmail, as a client, uses with authinfo the library and
hence the mechanisms provided and, at the moment, there is indeed
none...

Thanks a lot!
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

References:
- Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: tlaronde
- Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: Manuel Bouyer
- Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
  - From: Jason Mitchell

Prev by Date: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Next by Date: Re: Editing PDFs
Previous by Thread: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Next by Thread: Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH
Indexes:

Home | Main Index | Thread Index | Old Index