AUTH confirmation with SENDMAIL

Michael aixtools at felt.demon.nl
Tue Apr 30 02:45:38 EDT 2019


On 29/04/2019 15:11, Michael wrote:
> If you have any experience with configuring SENDMAIL and AUTH - and
> willing to share - I'd appreciate some hints.
>
> Just to get things started:
>
> a) I am building sasl and sendmail myself - errors are likely
> self-inflicted.

And the answer is: not enough coffee - so I was blinded to my typo - not
using sendmail .... -C /tmp/sendmail.cf, and it kept using, over and
over and over, the system sendmail.cf. So, now I am getting "AUTH PLAIN"
as an option.

My many thanks to the replies - I shall post a short summary of my
"encounter" with sendmail+sasl.

FYI: I am working on AIX. IBM has apparently decided they do not plan to
support AUTH (on AIX), so this been quite the experience.

IMHO: the sendmail FAQ (which is very hard to find/access via the
portal, I doubt I ever actually managed that) - would need to have added
- a reminder - that sendmail ./Build pre-dates GNU autotools - and if
there is a DEFINE missing, you must provide it yourself! (HADURANDOMDEV
needed to get STARTTLS working)

IMHO2: SASL documentation is not easy for a newbie - to find things.
Working from defaults, so also an empty Sendmail.conf. I guess my task
today is to find howto/whatto add into the ./configure arguments for
SASL (as I am confused by the output of syslog re: SASL, compared to
output of saslauthd)

Apr 30 06:24:12 x066 mail:info sendmail[4194364]: AUTH: available
mech=SCRAM-SHA-1 SCRAM-SHA-256 DIGEST-MD5 OTP CRAM-MD5 PLAIN ANONYMOUS,
allowed ...

root at x066:[/]opt/sbin/saslauthd -v saslauthd authentication mechanisms
saslauthd 2.1.27
authentication mechanisms: getpwent pam rimap

My assumption at this point is that "getpwent" is the mechanism that
gets local users. A document I have looked at mentions (at version
2.1.22 time) the mechanisms: getpwent rimap shadow (and places emphasis
on shadow)

Anyway - long intro (as in as I gather my thoughts).

Suggestions on what to read first, then second - would be appreciated.

Thanks again for the suggestions on where to look. They all helped!

Sincerely,

Michael

knip
>
> ehlo says:
>
> ehlo x.y.z
> 250-x066.home.local Hello root at localhost, pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-EXPN
> 250-VERB
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-ETRN
> 250-AUTH DIGEST-MD5 CRAM-MD5
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
> auth
> 501 5.5.2 AUTH mechanism must be specified
> auth PLAIN
> 504 5.3.3 AUTH mechanism PLAIN not available
> AUTH LOGIN
> 504 5.3.3 AUTH mechanism LOGIN not available
> AUTH CRAM-MD5
> 334 PDEyMzI4NzU5MjEuMTMwMzk1NDZAeDA2Ni5ob21lLmxvY2FsPg==
>
> ***
>
> While I do not expect to run as "PLAIN", I am using these values to
> verify my understanding of the setup. Suggestions on how to activate
> PLAIN/LOGIN are welcome!
>
> Michael
>
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20190430/8f4ec94e/attachment.sig>


More information about the Cyrus-sasl mailing list