Roaming users & SMTP_AUTH

rajamalleswar
rajamalleswar used Ask the Experts™
on
Hello,
         I have setup my mail server(RH Linux 8.0, sendmail 8.11.6). Roaming users are not able to send their mails using this Mail server. So I'm thinking of configurring SMTP_AUTH.
So can any one assist me to configure that? Or any other simple solution to resolve my problem?

Thx,
Raja.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2005

Commented:
Are you using the sendmail that is distributed with 8.0? That copy (sendmail-8.12.5-7) is built with SASL support, so it's pretty easy to configure to support SMTP AUTH. If you only need the plaintext (PLAIN & LOGIN) mechs you can simply uncomment:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PL

in /etc/mail/sendmail.mc, build a new sendmail.cf, and restart sendmail.

Email clients that authenticate to the server will be granted relay privs.

One needs to keep in mind the security implications of this. Roving clients that use PLAIN or LOGIN are exposing their username and password to anyone with a sniffer or password capture program that's in a position to see the SMTP session. This isn't too much of a problem if there are no other Internet accessible services with login privs (like telnet, FTP, ssh, etc). However, if you have servers that could be exploited by someone with a valid username/password you should probably consider:

1) Using a separate (non-system) authentication database and an IMAP/POP server like Cyrus that supports that. A side benefit of that is that the secure methods (CRAM-MD5, DIGEST-MD5) become available.

2) Creating email only accounts that have no access to a shell.

Author

Commented:
Hi jlevie,
           Thanks alot for giving reply to me.

The sendmai I'm using is sendamail-8.11.6.
And info I'm getting when I give the command...
#sendmail -d0.1 -bv root |grep SASL
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SASL SCANF

The lines you said in the previous Answer are already uncommented.  Following is my sendmail.mc  for your reference.

******************************************************
divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/sendmail.cf by running the following command:
dnl
dnl        m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`linux')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`MASQUERADE_AS', `myhostname')dnl
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
dnl FEATURE(`masquerade_entire_domain')dnl
dnl FEATURE(`masquerade_envelope')dnl
dnl FEATURE(`promiscuous_relay')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl       a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl Cwlocalhost.localdomain
*******************************************************

Still I'm not able to send the mails(not relaying)

Thanks for your Support.

Regards,
Raja.

Author

Commented:
Hi jlevie,
           Please look at the above  sendmail.mc and figure-out what went wrong.

Thx & Rgds,
Raja.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Sorry...,The version of my RedHatLinux is 7.2. Sorry for my error in my Question.

Author

Commented:
Sorry...,The version of my RedHatLinux is 7.2. Sorry for my error in my Question.

Top Expert 2005
Commented:
RedHat 7.2 is not shipped with a sendmail built to support SMTP AUTH. To obtain that functionality in that version of RedHat you will have to build your own copy of sendmail. That's not terribly difficult to do, but there is a specific procedure needed. I've documented the procedure I use and it can be seen at http://www.entrophy-free.net/mail-server.html

You can ignore the part about building Cyrus IMAP. Please do make sure that your system is up to date w/respect to the RedHat errata for 7.2. There are a number of security & bug fixes that need to be in place.

Author

Commented:
Thank  you jlevie..!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial