tech-pkg: Re: Sendmail SMTP auth w/ SASL2

Subject: Re: Sendmail SMTP auth w/ SASL2
To: Chris Ross <cross+netbsd@distal.com>
From: Adrian Portelli <adrianp@stindustries.net>
List: tech-pkg
Date: 11/17/2004 15:57:39
Sorry, I should probably explain myself a little better:

When you do an "EHLO foo.bar" the server should respond with the auth 
mechanisims it supports e.g. PLAIN, LOGIN etc

 From http://www.sendmail.org/~ca/email/auth.html#AUTH

% telnet localhost 25
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 local.sendmail.ORG ESMTP Sendmail 8.10.0/8.10.0; Thu, 9 Sep 1999 
10:48:44 -0700 (PDT)
ehlo localhost
250-local.sendmail.ORG Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250 HELP
quit

Each of the modes supported has a corresponding security/cy2-* package.
So if for example you wanted to allow the PLAIN and LOGIN methods you 
would need to install cy2-plain and cy2-login. (Of course this is a "bad 
idea" (tm) unless you are implementing TLS as well).  This would then 
use saslauthd to auth the users against /etc/passwd.

In addition to this there are cf (mc) directives as to what mechanisms 
set advertised so I'd check your cf (mc) files as well. Specifically 
look for confAUTH_MECHANISMS and I'm pretty sure there are others as well.

So my questions to you should really have been what cy2-* packages do 
you have installed and what AUTH mechanisms is sendmail actually 
advertising ?

Also have a look at http://www.sendmail.org/~ca/email/auth.html

adrian.


Chris Ross wrote:

> 
>   Hi there.  I have a 2.0_RC4 machine that I'm trying to get SMTP
> AUTH working on.
> 
>   I've built the pkgsrc sendmail 8.12.11 and replaced the system
> sendmail with it.  It seems to work alright, and "AUTH ..." is
> listed in response to EHLO.
> 
>   However, when prompted for a password, I give it only to be
> prompted again by my client.  The /var/log/authlog on the server
> says:
> 
> Nov 17 09:55:08 harmony sm-mta[19007]: could not find auxprop plugin, 
> was searching for [all]
> Nov 17 09:55:08 harmony sm-mta[19007]: OTP: auxprop backend can't store 
> properties
> 
>   I'm not sure why it's trying to use auxprop, nor do I know
> how to have it find it, if that is what I want to do.
> 
>   I've installed saslauthd, and it's running (-a getpwent).  But,
> I don't think it's being used.  I've created a 
> /usr/pkg/lib/sasl2/Sendmail.conf,
> which contains only the line:
> 
> pwcheck_method: saslauthd
> 
>   Does anyone see anything obvious I've done wrong?  Thanks...
> 
>                             - Chris
> 
>