Join Log in
Score:0
tsc_chazz avatar Server

How does Sendmail figure out where SASL is listening?

vn flag
tsc_chazz

I'm trying to get SMTP-AUTH working on a Mint Linux 20.2 machine, and I'm having trouble getting authentication to happen. I have installed Cyrus sasl2, and apparently configured it properly - testsaslauthd -u <user> -p <password> -s smtp returns 0: OK "Success." But when I try to send mail from my client using the same credentials, sendmail can't authenticate. What is curious to me is that when I use testsaslauthd entries are generated in my auth log, but when Sendmail tries, there is nothing. Trying to use testsaslauthd from a non-root context also results in no auth entry, which leads me to believe that either sendmail does not have sufficient permission to connect to the sasl daemon, or that it doesn't know where that pipe is and is guessing wrong. So I guess the question is, how does sendmail find that pipe, and who is it being when it does that?

137
0 + 0
cn flag
Bob
Testsaslauthd does not use the sendmail configuration but only tests the SASL daemon and authentication process. Generally you will still need to configure authentication methods in Sendmail. https://serverfault.com/a/550606/546643 has quite a few useful pointers, with also the most prominent one, use something with learning curve not as steep as sendmail, such as Postfix or exim... What error messages does sendmail display after restarting and you testing authentication?
0
Reply
Score:1
dinoex avatar Server
in flag
dinoex

There should be a configuration file for each client using SASL, e.G. "/usr/lib/sasl2/Sendmail.conf"

pwcheck_method: saslauthd
0 + 0
tsc_chazz avatar
vn flag
tsc_chazz
And yes, I knew that, and I have that, but it isn't working. Log still indicates that Sendmail isn't looking anywhere for authentication on send.
0
Reply
Score:0
dinoex avatar Server
in flag
dinoex

Is your sendmail compiled with SASL? check:

sendmail -d0 < /dev/null | grep SASL

it should list "SASLv2"

Did you activate it in "sendmail.mc" ? Example:

define(`confAUTH_MECHANISMS', `PLAIN LOGIN CRAM-MD5')dnl
define(`confAUTH_OPTIONS', `y')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
0 + 0
tsc_chazz avatar
vn flag
tsc_chazz
That last point would seem to be the magical answer - specifically the `confDONT_BLAME_SENDMAIL' item. Adding that to the config seems to have made it all work.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.