SASL Auth not working SMTP with STARTTLS/SSL

Scott Ellentuch tuctboh at gmail.com
Mon Sep 21 13:40:44 EDT 2020


Hi,

I'm using sendmail 8.14.4 and Sasl 2.1.23 .  Config info

# more /etc/sasl2/Sendmail.conf

pwcheck_method:saslauthd


# egrep -v "^#" /etc/sysconfig/saslauthd

SOCKETDIR=/var/run/saslauthd

MECH=pam

FLAGS=-d


# cat /etc/pam.d/smtp

#%PAM-1.0

auth       include password-auth

account    include password-auth


I'm having an issue when using "AUTH LOGIN" but not in every case.


*Port 25:

  SENDMAIL -

    235 2.0.0 OK Authenticated


  SASLAUTHD -

saslauthd[26872] :released accept lock

saslauthd[26871] :acquired accept lock

saslauthd[26872] :auth success: [user=USER] [service=smtp] [realm=]
[mech=pam]

saslauthd[26872] :response: OK


---

*Port 587:

  SENDMAIL -

    235 2.0.0 OK Authenticated


  SASLAUTHD -

saslauthd[26871] :released accept lock

saslauthd[26875] :acquired accept lock

saslauthd[26871] :auth success: [user=USER] [service=smtp] [realm=]
[mech=pam]

saslauthd[26871] :response: OK


---

*Port 25 STARTTLS:

  SENDMAIL (Via openssl s_client -connect)

RENEGOTIATING

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3

verify return:1

depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

verify return:1

depth=0 CN = MYSERVERNAME

verify return:1

(I HIT RETURN HERE)

535 5.7.0 authentication failed


  SASLAUTHD-

saslauthd[26875] :released accept lock

saslauthd[26875] :NULL password received

saslauthd[26875] :acquired accept lock


---

*Port 465

  SENDMAIL - (Via openssl s_client -connect)

RENEGOTIATING

depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3

verify return:1

depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

verify return:1

depth=0 CN = MYSERVERNAME

verify return:1

(I HIT RETURN HERE)

535 5.7.0 authentication failed


  SASLAUTHD-

saslauthd[26875] :released accept lock

saslauthd[26874] :acquired accept lock

saslauthd[26875] :NULL password received


---

*testsaslauthd non existent service -

  TESTSASLAUTHD -

    0: NO "authentication failed"


  SASLAUTHD-

saslauthd[26873] :released accept lock

saslauthd[26872] :acquired accept lock

saslauthd[26873] :auth failure: [user=USER] [service=nonexistant] [realm=]
[mech=pam] [reason=PAM auth error]


---

*testsaslauthd smtp service

  TESTSASLAUTHD -

    0: OK "Success."


  SASLAUTHD -

saslauthd[26872] :released accept lock

saslauthd[26871] :acquired accept lock

saslauthd[26872] :auth success: [user=user] [service=smtp] [realm=]
[mech=pam]

saslauthd[26872] :response: OK


---


I'm not sure why things work fine during plaintext, and then gives ":NULL
password received" when it's STARTTLS / SSL.


Any pointers to look / tweak / etc?


Tnx, Tuc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20200921/acde134a/attachment-0001.html>


More information about the Cyrus-sasl mailing list