Mark
asked on
How to configure sendmail to accept mobile relay
This is probably simple because all mail admins must set this up, but I'm not set up mobile phone connections except through Exchange.
We have switched from Exchange to Sendmail, IMAP, procmail. I have several uses with iPhones and Android who would like to connect and get their mail and reply. What do I need to set up on the server to do this? Setting up IMAP on Android suggest port 143, and I've checked TLS. Outgoing SMTP suggests port 587 (why not 25? and I've also set TLS. I've checked 'require sign in'.
The first message I get on the Android is "Server doesn't support TLS", but it does, so not sure why on that. For now I removed the TLS setting and tried again (specifying port 25 for SMTP) and got the Android message:
Server does not support authentication.
But when connecting to sendmail I have:
Where do I go from here?
We have switched from Exchange to Sendmail, IMAP, procmail. I have several uses with iPhones and Android who would like to connect and get their mail and reply. What do I need to set up on the server to do this? Setting up IMAP on Android suggest port 143, and I've checked TLS. Outgoing SMTP suggests port 587 (why not 25? and I've also set TLS. I've checked 'require sign in'.
The first message I get on the Android is "Server doesn't support TLS", but it does, so not sure why on that. For now I removed the TLS setting and tried again (specifying port 25 for SMTP) and got the Android message:
Server does not support authentication.
But when connecting to sendmail I have:
[000.521] --> EHLO checktls.com
[000.546] <-- 250-mail.hprs.local Hello www3.checktls.com [69.61.187.232], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
Does not the "250-AUTH" line indicate that the server accepts authentication?Where do I go from here?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
post the output of your sendmail.mc, please.
ASKER
I don't know how interrelated these issues are, but I'm having problems with sendmail authentication generally, which I think needs to be sorted out first before addressing the issue of mobile connection/authentication. I have a question posted https://www.experts-exchange.com/questions/28623328/sendmail-TLS-not-working-right.html which has sendmail.mc etc. Jan has been looking at that one. I think I need to resolve that issue first, then come back here.
that's me. i would suggest that you first test tls and smtp auth using a snake oil cert and using pem files as the link I provided directs. then you can move on to your crt and key files.
ASKER
OK, I think my TLS issue is limited to 2 particular recipients; all other TLS-required recipients are getting the messages just fine. So, I think I'll move on to this issue while I interact with the tech folk at those locations.
Arnold:
imap_urlauth_port = 143
imapc_port = 143
So I suppose my first step is to open port 143 on the firewall. Then I might need the auth statements configured in my sendmail .mc flle.
Jan: current sendmail.mc is:
But, if Dovecot is my IMAP server, does sendmail.cf matter?
Also, in looking at my Android IMAP config screen, it suggests incoming port 143 and outgoing port 587. Hmmm, I don't see a port 587 in my Dovecot config. Can I use 143 or should I set up 587 somehow?
Arnold:
using a separate port i.e. 465/587 rather than the 25 for this purpose may provide more options i.e. 465 being an encrypted connection with your own cert that the users will need to add/trust.I can use whatever port I want. Are you recommending 465 or 587? Are you saying these ports will automatically encrypt?
143 is an IMAP port, you could look at configuring Dovecot if possibleIn fact, I am using Dovecot as my IMAP server. `doveconf` indicates port 143:
imap_urlauth_port = 143
imapc_port = 143
So I suppose my first step is to open port 143 on the firewall. Then I might need the auth statements configured in my sendmail .mc flle.
Jan: current sendmail.mc is:
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
DOMAIN(generic)dnl
define(`confSMTP_LOGIN_MSG', `mail.ohprs.org Service ready; $b')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confCHECKPOINT_INTERVAL',`10')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`bl.spamcop.net')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`redirect')dnl
dnl#TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl#define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/etc/ssl/certs/')dnl
define(`confCACERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/gd_bundle.crt')dnl
define(`confSERVER_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confCLIENT_CERT',`/etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confCLIENT_KEY',`/etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confAUTH_OPTIONS', `A')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
INPUT_MAIL_FILTER(`milter-bcc',`S=local:/var/run/milter-bcc.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
MASQUERADE_AS(`ohprs.org')dnl
MASQUERADE_DOMAIN(`ohprs.org')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`always_add_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
I've got my AUTH directives commented out for the moment for debugging the TLS issu, but I can re-enable.But, if Dovecot is my IMAP server, does sendmail.cf matter?
Also, in looking at my Android IMAP config screen, it suggests incoming port 143 and outgoing port 587. Hmmm, I don't see a port 587 in my Dovecot config. Can I use 143 or should I set up 587 somehow?
ASKER
OK, I await your expertise. I re-enabled the AUTH lines in sendmail.mc, opened port 143 on the firewall (and tested with telnet). I configured my Android as mail server mail.ohprs.org, incoming IMAP 143 no security, outgoing SMTP 25 no security. Doesn't work. I get "Unable to connect to sever" on the Android, but no log message at all in /etc/log/maillog.
unfortunately, my sendmail experience from a while back has led to me using and being more knowledgeable with every other one. Since I am familiar how SMTP is supposed to work, I can based on input and output kind of figure where the issue might be within the black box that in this case is sendmail.
The port 25 these days are often blocked by ISP/carries to curb the impact of spam/virus type of mailers. A block by the ISP/carrier of port 25 would explain why you can not get through on 25.
The common practice is to use 465 SSL and 587 (simple port forward external 587 to internal 25 to your sendmail mail server) non-encrypted as alternative for client based use.
And try again.
143 is unencrypted, you should consider using/enabling 993 for IMAPS encrypted/secure.
The same certificate can be used. Though yours does not include imap as a host in Subject Alternative Name section.
The outgoing is always SMTP. I think dovecot could be configured to be an intermediary to the SMTP server/function like a proxy (saw a references in one of the config files when previously dealing with other questions).
The port 25 these days are often blocked by ISP/carries to curb the impact of spam/virus type of mailers. A block by the ISP/carrier of port 25 would explain why you can not get through on 25.
The common practice is to use 465 SSL and 587 (simple port forward external 587 to internal 25 to your sendmail mail server) non-encrypted as alternative for client based use.
And try again.
143 is unencrypted, you should consider using/enabling 993 for IMAPS encrypted/secure.
The same certificate can be used. Though yours does not include imap as a host in Subject Alternative Name section.
The outgoing is always SMTP. I think dovecot could be configured to be an intermediary to the SMTP server/function like a proxy (saw a references in one of the config files when previously dealing with other questions).
ASKER
Arnold:
Port 25 for smtp should not be a problem since ALL office mail arrives at that port -- unless you are talking about the mobile device ISP (Verizon in this case)?
Another point of interest, when I changed Dovecot from PLAIN authentication to:
auth_mechanisms = plain login digest-md5 cram-md5
webmail access from roundcube stopped working. In the roundcube error log I got:
In any case, if I just stick to plain login for the moment and forget about these encrypted things, it should still work from the mobile, right?
Didn't realize this was so complicated to set up!
143 is unencryptedYes, I know. I'm trying to introduce as few variables as possible, just to get started. I am fairly certain Outlook on the LAN computers are successfully using 143
Port 25 for smtp should not be a problem since ALL office mail arrives at that port -- unless you are talking about the mobile device ISP (Verizon in this case)?
Another point of interest, when I changed Dovecot from PLAIN authentication to:
auth_mechanisms = plain login digest-md5 cram-md5
webmail access from roundcube stopped working. In the roundcube error log I got:
[27-Feb-2015 13:05:10 -0500]: IMAP Error: Login failed for mark from 76.181.65.196. Authentication failed. in /user/util/src/roundcubemail-1.0.4/program/lib/Roundcube/rcube_imap.php on line 184 (POST /webmail/?_task=login?_task=login&_action=login)
No idea why. Certainly not related to ISP blocking. Perhaps if I get this working it will work for the mobile device.In any case, if I just stick to plain login for the moment and forget about these encrypted things, it should still work from the mobile, right?
Didn't realize this was so complicated to set up!
ASKER
more info: changed Android to SMTP on 587. Forwarded port 587 to 25 on mail server (tested externally with telnet). Still have "Unable to connect to server" on Android. Nothing in maillog at all.
btw - the Android is "Checking incoming server settings ...", so that would be the IMAP bit. No messages in /var/log/dovecot.info either
btw - the Android is "Checking incoming server settings ...", so that would be the IMAP bit. No messages in /var/log/dovecot.info either
I'll deal with the last first, it is not clear which app on android is trying to do wheat.
The preference on round might be to use encrypted when available so adding cram-md5 and the like triggered the self selection within round.. Look at the Dovecot log to see what method was being used when this error came up.
Complicated, it is a matter of perspective, one choice guides another.
The time constraint you are/were under is further exacerbating thing along with sequential changes to address one issue that could have an impact on another.
Are you using the mailserver hostname in the config, or is it trying to guess based in the domain lookup? Check advanced to make sure what it references is correct.
The preference on round might be to use encrypted when available so adding cram-md5 and the like triggered the self selection within round.. Look at the Dovecot log to see what method was being used when this error came up.
Complicated, it is a matter of perspective, one choice guides another.
The time constraint you are/were under is further exacerbating thing along with sequential changes to address one issue that could have an impact on another.
Are you using the mailserver hostname in the config, or is it trying to guess based in the domain lookup? Check advanced to make sure what it references is correct.
ASKER
Arnold:
incoming: IMAP, server = mail.ohprs.org, port 143, no security
outgoing: SMTP, server = mail.ohprs.org, port 25 (also tried 587), no security
Require sign-in = yes
When I then go to the next step for the Android to connect I get the message (on the Android), "Setup could not finish. User name of password incorrect. (535 5.7.0 authentication failed)". I've checked the ID and password several time. In the dovecot log I get:
I remain clueless.
As to the roundCube webmail, maybe we should leave that until later and get the Android connecting first. Perhaps that will simple solve the roundCube issue.
Are you using the mailserver hostname in the configYes. I am using the plain 'ole email > Accounts > Add Account feature of Android, nothing fancy. I am specifying:
incoming: IMAP, server = mail.ohprs.org, port 143, no security
outgoing: SMTP, server = mail.ohprs.org, port 25 (also tried 587), no security
Require sign-in = yes
When I then go to the next step for the Android to connect I get the message (on the Android), "Setup could not finish. User name of password incorrect. (535 5.7.0 authentication failed)". I've checked the ID and password several time. In the dovecot log I get:
Feb 27 20:38:11 auth: Debug: auth client connected (pid=2780)
Feb 27 20:38:11 auth: Debug: client in: AUTH 1 PLAIN service=imap session=6EC2CRwQUgBMtUHE lip=64.129.23.80 rip=76.181.65.196 lport=143 rport=42834 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:38:11 auth-worker(30756): Debug: shadow(mark,76.181.65.196): lookup
Feb 27 20:38:11 auth: Debug: client passdb out: OK 1 user=mark
Feb 27 20:38:11 auth: Debug: master in: REQUEST 2249588737 2780 1 f1b8d62d0c5fa829f6ecb776e62a2967 session_pid=2781 request_auth_token
Feb 27 20:38:11 auth-worker(30756): Debug: shadow(mark,76.181.65.196): lookup
Feb 27 20:38:11 auth: Debug: master userdb out: USER 2249588737 mark system_groups_user=mark uid=3000026 gid=100 home=/home/HPRS/mark auth_token=17ddfb37de85c588af3e3e69622da37e47879718
Feb 27 20:38:11 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=76.181.65.196, lip=64.129.23.80, mpid=2781, session=<6EC2CRwQUgBMtUHE>
Feb 27 20:38:11 imap(mark): Info: Connection closed in=0 out=353
In /var/log/maillog I get:Feb 27 20:38:11 mail sm-mta[23690]: t1S1SJUZ023690: cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Here's a dovecot logfile session from Roundcube that worksFeb 27 20:49:12 auth: Debug: auth client connected (pid=18573)
Feb 27 20:49:12 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=xMMgMRwQhgBAgRdQ lip=64.129.23.80 rip=64.129.23.80 lport=143 rport=59270 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:12 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:12 auth: Debug: client passdb out: OK 1 user=mark
Feb 27 20:49:12 auth: Debug: master in: REQUEST 1143341057 18573 1 06e13e39c3d50f8ac15d5f63a99b5f5b session_pid=18574 request_auth_token
Feb 27 20:49:12 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:12 auth: Debug: master userdb out: USER 1143341057 mark system_groups_user=mark uid=3000026 gid=100 home=/home/HPRS/mark auth_token=275bdb5912651f91b2b09d40407c956ada0fc62d
Feb 27 20:49:12 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18574, secured, session=<xMMgMRwQhgBAgRdQ>
Feb 27 20:49:12 imap(mark): Info: Disconnected: Logged out in=29 out=466
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18576)
Feb 27 20:49:13 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=jnoiMRwQhwBAgRdQ lip=64.129.23.80 rip=64.129.23.80 lport=143 rport=59271 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK 1 user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 3451125761 18576 1 4843d9167f4ff8b6d7b918f8a482302e session_pid=18577 request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER 3451125761 mark system_groups_user=mark uid=3000026 gid=100 home=/home/HPRS/mark auth_token=1fdbd7a6511ecec7b1f96dcf3c0c62ba40acb6d2
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18577, secured, session=<jnoiMRwQhwBAgRdQ>
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=44 out=820
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18581)
Feb 27 20:49:13 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=ZB0tMRwQiABAgRdQ lip=64.129.23.80 rip=64.129.23.80 lport=143 rport=59272 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK 1 user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 3857186817 18581 1 a2e6bad38666a589e5a04d81f29fe561 session_pid=18582 request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER 3857186817 mark system_groups_user=mark uid=3000026 gid=100 home=/home/HPRS/mark auth_token=4b9e3c1bcc422530bbbd86eda91a29651084e135
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18582, secured, session=<ZB0tMRwQiABAgRdQ>
Feb 27 20:49:13 auth: Debug: auth client connected (pid=18584)
Feb 27 20:49:13 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=XlItMRwQiQBAgRdQ lip=64.129.23.80 rip=64.129.23.80 lport=143 rport=59273 resp=AG1hcmsAZ2xhY29uXzk= (previous base64 data may contain sensitive data)
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: client passdb out: OK 1 user=mark
Feb 27 20:49:13 auth: Debug: master in: REQUEST 794820609 18584 1 d824cf699b06cd5f13c4cffed0525e27 session_pid=18585 request_auth_token
Feb 27 20:49:13 auth-worker(14207): Debug: shadow(mark,64.129.23.80): lookup
Feb 27 20:49:13 auth: Debug: master userdb out: USER 794820609 mark system_groups_user=mark uid=3000026 gid=100 home=/home/HPRS/mark auth_token=56c58fc7138e3cd209c5a872244a04efce7ba478
Feb 27 20:49:13 imap-login: Info: Login: user=<mark>, method=PLAIN, rip=64.129.23.80, lip=64.129.23.80, mpid=18585, secured, session=<XlItMRwQiQBAgRdQ>
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=533 out=1629
Feb 27 20:49:13 imap(mark): Info: Disconnected: Logged out in=337 out=23363
Differences of note: line 2 in the roundcube session says "secured session=" rather than simply "session=". Why? SSL? Things look virtually identical between the two logs until line 8 where again roundcube has "secured, session=" versus Android "session=". Otherwise, the main difference is that the roundcube session connects 3 more times after that, then give two logout at the end whereas with the Android the one connection is it.I remain clueless.
As to the roundCube webmail, maybe we should leave that until later and get the Android connecting first. Perhaps that will simple solve the roundCube issue.
ASKER
more info: I changed to a POP3 connection on incoming (might as well solve one piece of the puzzle at a time). That worked and I got by the 'incoming' configuration check on the Android.
SMTP still didn't work as long as I had 'Require sign-in' checked. Absolutely nothing appears in /var/log/maillog indicating rejection. I get "pop3d Authentication passed" in /var/log/messages and /var/log/secure.
When I removed the sign-in requirement for outgoing/smtp, the configuration was accepted.
I've checked and followed web steps in e.g. http://www.sendmail.org/~ca/email/auth.html, but mine just doesn't seem to work. I'm thinking about changing professions; night janitor perhaps.
So, first things first. I obviously don't have SMTP configured correctly for authentication on the server side. To restate, all I have configured in sendmail.mc for authentication is:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISM S', `LOGIN PLAIN')dnl
This is clearly insufficient. Telnet test gives:
SMTP still didn't work as long as I had 'Require sign-in' checked. Absolutely nothing appears in /var/log/maillog indicating rejection. I get "pop3d Authentication passed" in /var/log/messages and /var/log/secure.
When I removed the sign-in requirement for outgoing/smtp, the configuration was accepted.
I've checked and followed web steps in e.g. http://www.sendmail.org/~ca/email/auth.html, but mine just doesn't seem to work. I'm thinking about changing professions; night janitor perhaps.
So, first things first. I obviously don't have SMTP configured correctly for authentication on the server side. To restate, all I have configured in sendmail.mc for authentication is:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISM
This is clearly insufficient. Telnet test gives:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Fri, 27 Feb 2015 21:52:20 -0500
ehlo localhost
250-mail.hprs.local Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 mail.hprs.local closing connection
Connection closed by foreign host.
Should it be "PLAIN LOGIN"? Just "PLAIN"? Just "LOGIN"? Barking up the wrong tree?
ASKER
increased log level to 13 in sendmail:
Feb 27 22:56:28 mail sm-mta[481]: NOQUEUE: connect from cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196]
Feb 27 22:56:28 mail sm-mta[481]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN OTP, allowed mech=LOGIN PLAIN
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter (spamassassin): init success to negotiate
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter (milter-bcc): init success to negotiate
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: Milter: connect to filters
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: milter=spamassassin, action=connect, continue
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: milter=spamassassin, action=helo, continue
Feb 27 22:56:28 mail sm-mta[481]: t1S3uShs000481: AUTH failure (PLAIN): user not found (-20) SASL(-13): user not found: Password verification failed, relay=cpe-76-181-65-196.columbus.res.rr.com [76.181.65.196]
Yes, login plain, with TLS will achieve a more secure exchange.on port 587 and should work. You might have to use username@realm if plain username does not work.
ASKER
Arnold: no where near using TLS or any such thing yet. I cannot get Android to authorize smtp, port 25 or 587 using *no* encryption/security. If I can't accomplish that, no sense looking at TLS or such.
I've done the following several times with IDs and PW known to be correct. I've generated the Id and pw base64 by e.g. `echo mark | base64`:
I'm going to sleep on this and possibly start a fresh post on only one aspect tomorrow unless some new insight hits me (or you , or Jan). This should be simple. People get their Androids and iPhones connected all the time. I'm looking pretty stupid right now because my Director sits around the conference table with Directors from other agencies all who can get email on their phone, but not him! Hopefully, he won't consider me too stupid for that janitorial opening!
[end of rant]
I've done the following several times with IDs and PW known to be correct. I've generated the Id and pw base64 by e.g. `echo mark | base64`:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.ohprs.org ESMTP Service ready; Fri, 27 Feb 2015 23:23:29 -0500
ehlo localhost
250-mail.hprs.local Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
auth login
334 VXNlcm5hbWU6
bWZvbGV5Cg==
334 UGFzc3dvcmQ6
dHJ1c3RubzEK
535 5.7.0 authentication failed
auth login
334 VXNlcm5hbWU6
bWFyawo=
334 UGFzc3dvcmQ6
Z2xhY29uXzkK
535 5.7.0 authentication failed
I hate when these questions get to be the size of a telephone book (archaic reference?) and I'm no closer to a solution than when I started. I've followed the instructions from a dozen website which are all the same. I'm going to sleep on this and possibly start a fresh post on only one aspect tomorrow unless some new insight hits me (or you , or Jan). This should be simple. People get their Androids and iPhones connected all the time. I'm looking pretty stupid right now because my Director sits around the conference table with Directors from other agencies all who can get email on their phone, but not him! Hopefully, he won't consider me too stupid for that janitorial opening!
[end of rant]
ASKER
Here's someone that had the exact same error message as me: https://forums.gentoo.org/viewtopic-t-702614-start-0.html
Many sites I've checked talk about an saslauthd config file:
The problem lies in the fact that in sendmail.mc I have a directive like "Mailer(SMTP)dnl" at the bottom of the file... now, I had to copy /etc/pam.d/saslauthd to /etc/pam.d/smtp ... with the exact contents, because SASLd was looking up for a "[service=smtp]" file in /etc/pam.d, because I use the SMTP protocol to Send Mail....He's using PAM authentication, but maybe I have some similar config requirement with saslauthd to enable authentication for smtp?
I figured out that the service=OBJECT requires that the OBJECT must have a file in /etc/pam.d/ with that same name.
Many sites I've checked talk about an saslauthd config file:
Now have to configure cyrus to accept the request of sendmailIs this a piece of the puzzle I'm missing? I have no such directory or sedmail.conf file on my system. `man saslauthd` does not mention such files.
# cd /usr/lib/sasl2
# vi smtp.conf
or
# vim /etc/sasl2/sendmail.conf
pwcheck_method: saslauthd
Auth login plain should be fine.
Can you look at the same log when using plain auth?
Double check the username that is being sent? User, User@youraddomain or user@yourpublicdomain?
Can you look at the same log when using plain auth?
Double check the username that is being sent? User, User@youraddomain or user@yourpublicdomain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured out the solution to SMTP/Outgoing authentication. I'm giving points to Arnold for hanging in there.