Solved

How to configure sendmail to accept mobile relay

Posted on 2015-02-24
19
187 Views
Last Modified: 2015-03-05
This is probably simple because all mail admins must set this up, but I'm not set up mobile phone connections except through Exchange.

We have switched from Exchange to Sendmail,  IMAP, procmail. I  have several uses with iPhones and Android who would like to connect and get their mail and reply. What do I need to set up on the server to do this?  Setting up IMAP on Android suggest port 143, and I've checked TLS. Outgoing SMTP suggests port 587 (why not 25? and I've also set TLS. I've checked 'require sign in'.

The first message I get on the Android is "Server doesn't support TLS", but it does, so not sure why on that. For now I removed the TLS setting and tried again (specifying port 25 for SMTP) and got the Android message:

Server does not support authentication.

But when connecting to sendmail I have:
[000.521] --> EHLO checktls.com  
[000.546] <-- 250-mail.hprs.local Hello www3.checktls.com [69.61.187.232], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP  

Open in new window

Does not the  "250-AUTH" line indicate that the server accepts authentication?

Where do I go from here?
0
Comment
Question by:jmarkfoley
  • 12
  • 5
  • 2
19 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 500 total points
ID: 40629923
Yes, the 250 auth points to sendmail having the option to authenticate, now you have to determine whether the authnetication methods Cram-md5 and Digest-md5 are supported by the devices, or you have to add plain and login.
using a separate port i.e. 465/587 rather than the 25 for this purpose may provide more options i.e. 465 being an encrypted connection with your own cert that the users will need to add/trust.

143 is an IMAP port, you could look at configuring Dovecot if possible, to have an Outbox such that anything placed in there will be emailed out. The only one who can place anything in an outbox within the IMAP account is an authenticated user.
Quick glance/search after mentioning the above, it seems there was a discussion about this option missing in dovecot in 2007 only option seen dovecot list dealt with setting up a cron to scan a user's Maildir/.Outbox/ and running the sendmail with each message as input. (not a viable option)

unfortunately, while I understand what needs to be done, sendmail is not one of those that I am sufficiently knowledgeable to help other than point to using the sendmail FAQ on setting up Authentication. (Based on your setup the passwords have to be sent in plain text) such that using SSL type of connection for this purpose is advisable even though it may require additional steps on the user's side to either import your selfsigned CA as trusted or add the selfsigned certificate as trusted.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40630060
post the output of your sendmail.mc, please.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40630981
I don't know how interrelated these issues are, but I'm having problems with sendmail authentication generally, which I think needs to be sorted out first before addressing the issue of mobile connection/authentication. I have a question posted http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_28623328.html which has sendmail.mc etc. Jan has been looking at that one. I think I need to resolve that issue first, then come back here.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40630994
that's me.  i would suggest that you first test tls and smtp auth using a snake oil cert and using pem files as the link I provided directs.  then you can move on to your crt and key files.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40635736
OK, I think my TLS issue is limited to 2 particular recipients; all other TLS-required recipients are getting the messages just fine. So, I think I'll move on to this issue while I interact with the tech folk at those locations.

Arnold:
using a separate port i.e. 465/587 rather than the 25 for this purpose may provide more options i.e. 465 being an encrypted connection with your own cert that the users will need to add/trust.
I can use whatever port I want. Are you recommending 465 or 587? Are you saying these ports will automatically encrypt?
143 is an IMAP port, you could look at configuring Dovecot if possible
In fact, I am using Dovecot as my IMAP server. `doveconf` indicates port 143:

imap_urlauth_port = 143
imapc_port = 143

So I suppose my first step is to open port 143 on the firewall. Then I might need the auth statements configured in my sendmail .mc flle.

Jan: current sendmail.mc is:
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
DOMAIN(generic)dnl
define(`confSMTP_LOGIN_MSG', `mail.ohprs.org Service ready; $b')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confCHECKPOINT_INTERVAL',`10')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`bl.spamcop.net')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`redirect')dnl
dnl#TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl#define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCACERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/gd_bundle.crt')dnl
define(`confSERVER_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confCLIENT_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confCLIENT_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confAUTH_OPTIONS', `A')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
INPUT_MAIL_FILTER(`milter-bcc',`S=local:/var/run/milter-bcc.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
MASQUERADE_AS(`ohprs.org')dnl
MASQUERADE_DOMAIN(`ohprs.org')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window

I've got my AUTH directives commented out for the moment for debugging the TLS issu, but I can re-enable.

But, if Dovecot is my IMAP server, does sendmail.cf matter?

Also, in looking at my Android IMAP config screen, it suggests incoming port 143 and outgoing port 587. Hmmm, I don't see a port 587 in my Dovecot config. Can I use 143 or should I set up 587 somehow?
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40635791
OK, I await your expertise. I re-enabled the AUTH lines in sendmail.mc, opened port 143 on the firewall (and tested with telnet). I configured my Android as mail server mail.ohprs.org, incoming IMAP 143 no security, outgoing SMTP 25 no security. Doesn't work. I get  "Unable to connect to sever" on the Android, but no log message at all in /etc/log/maillog.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40635910
unfortunately, my sendmail experience from a while back has led to me using and being more knowledgeable with every other one.  Since I am familiar how SMTP is supposed to work, I can based on input and output kind of figure where the issue might be within the black box that in this case is sendmail.

The port 25 these days are often blocked by ISP/carries to curb the impact of spam/virus type of mailers.  A block by the ISP/carrier of port 25 would explain why you can not get through on 25.
The common practice is to use 465 SSL and 587 (simple port forward external 587 to internal 25 to your sendmail mail server) non-encrypted as alternative for client based use.
And try again.
 
143 is unencrypted, you should consider using/enabling 993 for IMAPS encrypted/secure.
The same certificate can be used. Though yours does not include imap as a host in Subject Alternative Name section.

The outgoing is always SMTP.  I think dovecot could be configured to be an intermediary to the SMTP server/function like a proxy (saw a references in one of the config files when previously dealing with other questions).
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636238
Arnold:
143 is unencrypted
Yes, I know. I'm trying to introduce as few variables as possible, just to get started. I am fairly certain Outlook on the LAN computers are successfully using 143

Port 25 for smtp should not be a problem since ALL office mail arrives at that port -- unless you are talking about the mobile device ISP (Verizon in this case)?

Another point of interest, when I changed Dovecot from PLAIN authentication to:

auth_mechanisms = plain login digest-md5 cram-md5

webmail access from roundcube stopped working. In the roundcube error log I got:
[27-Feb-2015 13:05:10 -0500]: IMAP Error: Login failed for mark from 76.181.65.196. Authentication failed. in /user/util/src/roundcubemail-1.0.4/program/lib/Roundcube/rcube_imap.php on line 184 (POST /webmail/?_task=login?_task=login&_action=login)

Open in new window

No idea why. Certainly not related to ISP blocking. Perhaps if I get this working it will work for the mobile device.

In any case, if I just stick to plain login for the moment and forget about these encrypted things, it should still work from the mobile, right?

Didn't realize this was so complicated to set up!
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636280
more info: changed Android to SMTP on 587. Forwarded port 587 to 25 on mail server (tested externally with telnet). Still have "Unable to connect to server" on Android. Nothing in maillog at all.

btw - the Android is "Checking incoming server settings ...", so that would be the IMAP bit. No messages in /var/log/dovecot.info either
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 76

Expert Comment

by:arnold
ID: 40636564
I'll deal with the last first, it is not clear which app on android is trying to do wheat.

The preference on round might be to use encrypted when available so adding cram-md5 and the like triggered the self selection within round.. Look at the Dovecot log to see what method was being used when this error came up.

Complicated, it is a matter of perspective, one choice guides another.  
The time constraint you are/were under is further exacerbating thing along with sequential changes to address one issue that could have an impact on another.

Are you using the mailserver hostname in the config, or is it trying to guess based in the domain lookup? Check advanced to make sure what it references is correct.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636686
Arnold:
Are you using the mailserver hostname in the config
Yes. I am using the plain 'ole email > Accounts > Add Account feature of Android, nothing fancy. I am specifying:

incoming: IMAP, server = mail.ohprs.org, port 143, no security
outgoing: SMTP, server = mail.ohprs.org, port 25 (also tried 587), no security
Require sign-in = yes

When I then go to the next step for the Android to connect I get the message (on the Android), "Setup could not finish. User name of password incorrect. (535 5.7.0 authentication failed)". I've checked the ID and password several time. In the dovecot log I get:
Feb 27 20:38:11 auth: Debug: auth client connected (pid=2780)
Feb 27 20:38:11 auth: Debug: client in: AUTH    1       PLAIN   service=imap    session=6EC2CRwQUgBMtUHE      lip=64.129.23.80 rip=76.181.65.196       lport=143       rport=42834     resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:38:11 auth-worker(30756): Debug: shadow(mark,76.181.65.196): lookup
Feb 27 20:38:11 auth: Debug: client passdb out: OK      1       user=mark
Feb 27 20:38:11 auth: Debug: master in: REQUEST 2249588737      2780    1       f1b8d62d0c5fa829f6ecb776e62a2967       session_pid=2781        request_auth_token
Feb 27 20:38:11 auth-worker(30756): Debug: shadow(mark,76.181.65.196): lookup
Feb 27 20:38:11 auth: Debug: master userdb out: USER    2249588737      mark    system_groups_user=mark uid=3000026    gid=100 home=/home/HPRS/mark    auth_token=17ddfb37de85c588af3e3e69622da37e47879718
Feb 27 20:38:11 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=76.181.65.196, lip=64.129.23.80, mpid=2781, session=<6EC2CRwQUgBMtUHE>
Feb 27 20:38:11 imap(mark): Info: Connection closed in=0 out=353

Open in new window

In /var/log/maillog I get:
Feb 27 20:38:11 mail sm-mta[23690]: t1S1SJUZ023690: cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Open in new window

Here's a dovecot logfile session from Roundcube that works
Feb 27 20:49:12 auth: Debug: auth client connected (pid=18573)
Feb 27 20:49:12 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured session=xMMgMRwQhgBAgRdQ       lip=64.129.23.80        rip=64.129.23.80        lport=143       rport=59270     resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:12 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:12 auth: Debug: client passdb out: OK      1       user=mark
Feb 27 20:49:12 auth: Debug: master in: REQUEST 1143341057      18573   1       06e13e39c3d50f8ac15d5f63a99b5f5b       session_pid=18574       request_auth_token
Feb 27 20:49:12 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:12 auth: Debug: master userdb out: USER    1143341057      mark    system_groups_user=mark uid=3000026    gid=100 home=/home/HPRS/mark    auth_token=275bdb5912651f91b2b09d40407c956ada0fc62d
Feb 27 20:49:12 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18574, secured, session=<xMMgMRwQhgBAgRdQ>
Feb 27 20:49:12 imap(mark): Info: Disconnected: Logged out in=29 out=466
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18576)
Feb 27 20:49:13 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured session=jnoiMRwQhwBAgRdQ       lip=64.129.23.80        rip=64.129.23.80        lport=143       rport=59271     resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK      1       user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 3451125761      18576   1       4843d9167f4ff8b6d7b918f8a482302e       session_pid=18577       request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER    3451125761      mark    system_groups_user=mark uid=3000026    gid=100 home=/home/HPRS/mark    auth_token=1fdbd7a6511ecec7b1f96dcf3c0c62ba40acb6d2
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18577, secured, session=<jnoiMRwQhwBAgRdQ>
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=44 out=820
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18581)
Feb 27 20:49:13 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured session=ZB0tMRwQiABAgRdQ       lip=64.129.23.80        rip=64.129.23.80        lport=143       rport=59272     resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK      1       user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 3857186817      18581   1       a2e6bad38666a589e5a04d81f29fe561       session_pid=18582       request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER    3857186817      mark    system_groups_user=mark uid=3000026    gid=100 home=/home/HPRS/mark    auth_token=4b9e3c1bcc422530bbbd86eda91a29651084e135
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18582, secured, session=<ZB0tMRwQiABAgRdQ>
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18584)
Feb 27 20:49:13 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured session=XlItMRwQiQBAgRdQ       lip=64.129.23.80        rip=64.129.23.80        lport=143       rport=59273     resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK      1       user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 794820609       18584   1       d824cf699b06cd5f13c4cffed0525e27       session_pid=18585       request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER    794820609       mark    system_groups_user=mark uid=3000026    gid=100 home=/home/HPRS/mark    auth_token=56c58fc7138e3cd209c5a872244a04efce7ba478
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18585, secured, session=<XlItMRwQiQBAgRdQ>
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=533 out=1629
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=337 out=23363

Open in new window

Differences of note: line 2 in the roundcube session says "secured session=" rather than simply "session=". Why? SSL? Things look virtually identical between the two logs until line 8 where again roundcube has "secured, session=" versus Android "session=". Otherwise, the main difference is that the roundcube session connects 3 more times after that, then give two logout at the end whereas with the Android the one connection is it.

I remain clueless.

As to the roundCube webmail, maybe we should leave that until later and get the Android connecting first. Perhaps that will simple solve the roundCube issue.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636698
more info: I changed to a POP3 connection on incoming (might as well solve one piece of the puzzle at a time). That worked and I got by the 'incoming' configuration check on the Android.

SMTP still didn't work as long as I had 'Require sign-in' checked. Absolutely nothing appears in /var/log/maillog indicating rejection. I get  "pop3d Authentication passed" in /var/log/messages and /var/log/secure.

When I removed the sign-in requirement for outgoing/smtp, the configuration was accepted.

I've checked and followed web steps in e.g. http://www.sendmail.org/~ca/email/auth.html, but mine just doesn't seem to work. I'm thinking about changing professions; night janitor perhaps.

So, first things first. I obviously don't have SMTP configured correctly for authentication on the server side. To restate, all I have configured in sendmail.mc for authentication is:

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

This is clearly insufficient. Telnet test gives:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Fri, 27 Feb 2015 21:52:20 -0500
ehlo localhost
250-mail.hprs.local Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 mail.hprs.local closing connection
Connection closed by foreign host.

Open in new window

Should it be "PLAIN LOGIN"? Just "PLAIN"? Just "LOGIN"? Barking up the wrong tree?
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636736
increased log level to 13 in sendmail:
Feb 27 22:56:28 mail sm-mta[481]: NOQUEUE: connect from cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196]
Feb 27 22:56:28 mail sm-mta[481]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN OTP, allowed mech=LOGIN PLAIN
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter (spamassassin): init success to negotiate
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter (milter-bcc): init success to negotiate
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter: connect to filters
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: milter=spamassassin, action=connect, continue
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: milter=spamassassin, action=helo, continue
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: AUTH failure (PLAIN): user not found (-20) SASL(-13): user not found: Password verification failed, relay=cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196]

Open in new window

0
 
LVL 76

Expert Comment

by:arnold
ID: 40636739
Yes, login plain, with TLS will achieve a more secure exchange.on port 587 and should work. You might have to use username@realm if plain username does not work.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636765
Arnold: no where near using TLS or any such thing yet. I cannot get Android to authorize smtp, port 25 or 587 using *no* encryption/security. If I can't accomplish that, no sense looking at TLS or such.

I've done the following several times with IDs and PW known to be correct. I've generated the Id and pw base64 by e.g. `echo mark | base64`:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Fri, 27 Feb 2015 23:23:29 -0500
ehlo localhost
250-mail.hprs.local Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
auth login
334 VXNlcm5hbWU6
bWZvbGV5Cg==
334 UGFzc3dvcmQ6
dHJ1c3RubzEK
535 5.7.0 authentication failed
auth login
334 VXNlcm5hbWU6
bWFyawo=
334 UGFzc3dvcmQ6
Z2xhY29uXzkK
535 5.7.0 authentication failed

Open in new window

I hate when these questions get to be the size of a telephone book (archaic reference?) and I'm no closer to a solution than when I started. I've followed the instructions from a dozen website which are all the same.

I'm going to sleep on this and possibly start a fresh post on only one aspect tomorrow unless some new insight hits me (or you , or Jan). This should be simple. People get their Androids and iPhones connected all the time. I'm looking pretty stupid right now because my Director sits around the conference table with Directors from other agencies all who can get email on their phone, but not him! Hopefully, he won't consider me too stupid for that janitorial opening!

[end of rant]
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40636797
Here's someone that had the exact same error message as me: https://forums.gentoo.org/viewtopic-t-702614-start-0.html

The problem lies in the fact that in sendmail.mc I have a directive like "Mailer(SMTP)dnl" at the bottom of the file... now, I had to copy /etc/pam.d/saslauthd to /etc/pam.d/smtp ... with the exact contents, because SASLd was looking up for a "[service=smtp]" file in /etc/pam.d, because I use the SMTP protocol to Send Mail....
 I figured out that the service=OBJECT requires that the OBJECT must have a file in /etc/pam.d/ with that same name.
He's using PAM authentication, but maybe I have some similar config requirement with saslauthd to enable authentication for smtp?

Many sites I've checked talk about an saslauthd config file:
Now have to configure cyrus to accept the request of sendmail

# cd /usr/lib/sasl2
# vi smtp.conf
or
# vim /etc/sasl2/sendmail.conf

pwcheck_method: saslauthd
Is this a piece of the puzzle I'm missing? I have no such directory or sedmail.conf file on my system. `man saslauthd` does not mention such files.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40637043
Auth login plain should be fine.
Can you look at the same log when using plain auth?
Double check the username that is being sent? User, User@youraddomain or user@yourpublicdomain?
0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
ID: 40637167
OK, I've figured out the SMTP/outgoing part of the problem. When sendmail starts up I get the message:

Feb 28 00:38:50 mail sm-mta[31632]: error: safesasl(/etc/sasl2/Sendmail.conf) failed: No such file or directory

After a bit of checking around, I created the file /etc/sasl2/Sendmail.conf with the following contents:

pwcheck_method: saslauthd
mech_list: EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

In fact, that worked to let me SMTP connect from my Android!

Now, on to IMAP/incoming ... I'm going to make that a new question as this one is very cluttered.

(later ....)

Actually, creating that /etc/sasl2 directory solved the problem with incoming/IMAP as well, even though there is nothing in that folder specifically for dovecot.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 40646476
I figured out the solution to SMTP/Outgoing authentication. I'm giving points to Arnold for hanging in there.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

When it comes to providing great business solutions, IBM and Microsoft are the two top companies excelling in the art. Both launch similar products aimed at a wide audience set and have a good customer satisfaction rate. Since their products are qui…
Microsoft Outlook is not just an email client but it is full featured Personal Information Manager. But sometimes Outlook gets disconnected and you simply can’t access it. What steps can you perform before calling IT support? In this article we will…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now