	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

slackware 12.2; sendmail 8.14; sasl 2.1; authentication always fails (Thunderbird 2.0)

Asked by BaconU in Linux Network Security, Computer Servers, Web Servers

In setting up a replacement email server (upgrading from sendmail 8.12), the biggest struggle I have had is getting sendmail to play nice with sasl for user authentication. The end result is going to be that only authenticated users can relay.

Anyway, I've been researching this problem and trying to fix it for a month and I'm soon going to beat myself to death with the sendmail book if I can't solve it. :) I would GREATLY appreciate any assistance for getting this resolved!

Sendmail is compiled with with STARTTLS and SASLv2, using the DIGEST-MD5 and CRAM-MD5 mechanisms:
---------------------
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF
SOCKETMAP STARTTLS TCPWRAPPERS USERDB XDEBUG
---------------------
and
---------------------
12760 >>> 250-AUTH DIGEST-MD5 CRAM-MD5
12760 >>> 250-STARTTLS
---------------------

The sendmail configuration options for this are set as I believe they should be (/etc/mail/sendmail.mc):
----------------------
define(`confAUTH_OPTIONS', `A p y')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
----------------------

saslauthd is up and running, using the 'shadow' mechanism, as I want for password authentication:
-----------------------
root 2891 0.0 0.0 2212 736 ? Ss Aug13 0:00 /usr/sbin/saslauthd -a shadow
-----------------------

And I've got the sasl Sendmail.conf file set for the same (/usr/lib/sasl2/Sendmail.conf):
-----------------------
pwcheck_method: saslauthd
mech_list: digest-md5 cram-md5
saslauthd_path: /var/state/saslauthd/
-----------------------

Though, I have absolutely no confidence that this file is even being read or used by sendmail.

I know that saslauthd is working because when I run testsaslauthd, it provides the following
response (password blurred for privacy):
-----------------------
> testsaslauthd -u caveman -p **********
0: OK "Success."
-----------------------

With sendmail up and running, I instruct Thunderbird to connect to the server and send a message
using 'username and password authentication'. SSL is disabled (in TB) for the moment because I am
simply testing, but the end result is the same whether it is enabled or not (in TB).

I put 'caveman', which is obviously a legitimate user, into the username field and then I click 'send'
on the email. Here is the authentication log from sendmail (hashes and domains obscured for privacy):
----------------------
12772 >>> 220 mail.domain.tld ESMTP Sendmail 8.14.3/8.14.3; Sat, 15 Aug 2009 15:35:46 -0500
12772 <<< EHLO [192.168.100.11]
12772 >>> 250-mail.domain.tld Hello mail.domain.tld [1.2.3.4], pleased to meet you
12772 >>> 250-ENHANCEDSTATUSCODES
12772 >>> 250-PIPELINING
12772 >>> 250-8BITMIME
12772 >>> 250-SIZE 20971520
12772 >>> 250-DSN
12772 >>> 250-AUTH DIGEST-MD5 CRAM-MD5
12772 >>> 250-DELIVERBY
12772 >>> 250 HELP
12772 <<< AUTH CRAM-MD5
12772 >>> 334 RDG53TZw3zH0KzGuPDf1KDE0A0L3v3iyHmOweWGunmI0Dg==
12772 <<< G2E2AW3hhiF1PTd4LGBiMDF4KmJmATF4WWCyHGP5YTCmWTXyKjf2Rw==
12772 >>> 535 5.7.0 authentication failed
12772 <<< QUIT
12772 >>> 221 2.0.0 mail.domain.tld closing connection
----------------------

For whatever reason, DIGEST-MD5 is being ignored, I don't know why (maybe this is a
limitation in Thunderbird?).

Anyway, it doesn't matter what I type into the password field for Thunderbird, it always
fails authentication. And, sendmail logs this as a result:
----------------------
Aug 15 15:35:58 mail sm-mta[11234]: n9GWXfEI923132: mail.domain.tld [1.2.3.4] did not issue MAIL/EXPN/VRFY/ETR
N during connection to MSA-SSL
----------------------

I've tried making every change I've read about online to the authentication mechanisms,
but it doesn't matter what I put.. if CRAM-MD5 is there, it is what it uses. I am also convinced
that the Sendmail.conf file is not being used at, because I've changed everything in it to
garbage or legitimate items and sendmail never bats an eye or logs anything out of the
ordinary. Maybe its not in the right path? The sendmail book says to put it in /usr/lib/sasl2
but since this version of sendmail was not compiled by me (by the Slackware team), I
don't know this for certain.

Now, if I remove the DIGEST-MD5 and CRAM-MD5 and put LOGIN and PLAIN in their place,
sendmail doesn't even ask for a password and the mail goes out just fine. As well (though
I'm not certain if it is truly relative), the server receives mail just fine, too (from outside
servers).

I really don't know what else do to here. I've tried everything I can find online, everything
I think of, and even some things that I'm sure are not going to work.. and nothing does.

What am I missing? I could really use assistance!

View the Solution FREE for 30 Days

20091021-EE-VQP-81 - Hierarchy / EE_QW_EXPERT_20070906

Hall of Fame

1. fosiul0132,475
2. Blaz31,566
3. KeremE27,463
4. noci20,606
5. omarfarid15,452
6. DaveHowe12,150
7. Tintin10,750
8. woolmilkp...10,725
9. uetian170710,415
10. oklit10,100
11. ahoffmann9,500
12. small_stu...9,394
13. giltjr8,500
14. fmarzocca8,000
15. it4soho6,775
16. rsivanandan6,500
16. rcflyr6,500
16. MiLLeNNiuM6,500
19. ai_ja_nai6,300
20. WizRd-Li...6,275
21. gheist5,825
22. jools5,800
23. _jesper_5,600
24. mwecom...5,575
25. Redimido5,500

1. ahoffmann200,276
2. ravenpl110,775
3. jlevie95,810
4. Blaz73,571
5. Redimido71,848
6. noci67,844
7. kblack0565,801
8. omarfarid48,131
9. fosiul0147,936
10. shakoush...47,887
11. KeremE39,963
12. Nopius36,400
13. Tintin35,905
14. xDamox32,605
15. wesly_c...31,085
16. decoleur29,587
17. XoF28,530
18. Mysidia25,470
19. DaveHowe23,514
20. slyong21,932
21. pjedmond21,733
22. giltjr19,930
23. chris_cal...19,816
24. uetian170717,515
25. rindi16,950

slackware 12.2; sendmail 8.14; sasl 2.1; authentication always fails (Thunderbird 2.0)

Asked by BaconU in Linux Network Security, Computer Servers, Web Servers

About this solution