Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th August 2006, 18:39
dan28088 dan28088 is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Sendmail SMTP Auth and cyrus-sasl-2.1.17 glitch

Hi -
I seem to have generated a problem in my efforts to follow the "Sendmail-SMTP-AUTH-TLS-Howto" for I have no authentication ability.

The sendmail part of the equation seems to be working ok, but it looks like my problem is related to saslauthd failing.

As set out in the HOW-To, I downloaded and built the three indicated files
cd /tmp
wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
wget --passive-ftp ftp://ftp.andrew.cmu.edu/pub/cyrus-m...-2.1.17.tar.gz
wget --passive-ftp ftp://ftp.sendmail.org/pub/sendmail/...8.12.11.tar.gz

The build for sasl2 was exactly as indicated -
---------
3 Install Cyrus-sasl2

cd /tmp
tar xvfz cyrus-sasl-2.1.17.tar.gz
cd cyrus-sasl-2.1.17
./configure --enable-anon --enable-plain --enable-login --disable-krb4 --with-saslauthd=/var/run/saslauthd --with-pam --with-openssl=/usr/local/ssl --with-plugindir=/usr/local/lib/sasl2 --enable-cram --enable-digest --enable-otp (1 line!)
make
make install
---------

and the rests of the install seemed to progress without incident.

When I attempted to start both saslauthd and sendmail I didn't at first notice that there was no real indication that saslauthd was not running. What I did notice was that when I provided my password in the effort to send a message I got a failure.

To help localize the issue I edited my sendmail.cm to narrow the focus for the methods of authentication.
----------
[root@roadrunner cf]# cat sendmail.mc
dnl ### do SMTPAUTH
dnl ### define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
dnl ### define('confAUTH_OPTIONS', `A p y')dnl

dnl ### define('confAUTH_OPTIONS', `A')dnl
dnl ### define('confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

define('confLOG_LEVEL', `14')dnl

dnl ### do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl

dnl ###
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks
define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks
define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks
define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_CONNECT', `20s')dnl
define(`confTO_HELO', `5m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_DATAINIT', `6m')dnl
define(`confTO_DATABLOCK', `35m')dnl
define(`confTO_DATAFINAL', `35m')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
define(`confALIAS_WAIT', `0')dnl
define(`confMAX_HOP', `35')dnl
define(`confQUEUE_LA', `5')dnl
define(`confREFUSE_LA', `12')dnl
define(`confSEPARATE_PROC', `False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,ne edmailhelo')dnl
OSTYPE(linux)dnl
FEATURE(`delay_checks')dnl
FEATURE(`generics_entire_domain')dnl
FEATURE(`local_procmail')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`redirect')dnl
FEATURE(`relay_entire_domain')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`virtuser_entire_domain')dnl

FEATURE(dnsbl,`blackholes.mail-abuse.org',
` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl
FEATURE(dnsbl,`dialups.mail-abuse.org',
` Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm')dnl

FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(access_db)dnl
FEATURE(lookupdotdomain)dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
--------------

From this I then can make sendmail.cf and at least confirm the following:

[root@roadrunner mail]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 roadrunner.jlazyh.com ESMTP
EHLO localhost
250-roadrunner.jlazyh.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 15000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP

Converting a login and password to 64base and attempting to test the authentication I got an error -

From this I started to look for causes, and tested saslauthd.

I found that I had two versions on the system
/usr/sbin/saslauthd (dating from 2002)
/usr/local/sbin/saslauthd (Aug 3, 3006 - built yesterday)

The existance of different versions is more clearly seen here:
[root@roadrunner cf]# /usr/local/sbin/saslauthd -v
saslauthd 2.1.17
authentication mechanisms: getpwent pam rimap shadow

[root@roadrunner cf]# /usr/sbin/saslauthd -v
saslauthd 2.1.10
authentication mechanisms: getpwent kerberos5 pam rimap shadow

My /etc/init.d/saslauthd startup file initially referenced the /usr/sbin/saslauthd file - and when run would not indicate an error but
ps -ax | grep saslauthd didn't show anything.

Adjusting the path to the new file, and later copying the sasl* files into /usr/sbin/ directly, I find on startup I get an error - the same when I try to start it manually:

[root@roadrunner mail]# /usr/sbin/saslauthd -a shadow
saslauthd[24993] :detach_tty : Cannot start saslauthd
saslauthd[24993] :detach_tty : could not read from startup_pipe
[root@roadrunner mail]#

And now I am stuck - I can't find any paths to follow on this issue, and am at a loss as to what the issue is with the startup_pile and/or detach_tty.

I am sure there is more information that I can provide that would be helpful - but this note is long enough already.

Truly would appreciate some help and guidance in resolving this. Thanks in advance.

Cheers -
Reply With Quote
Sponsored Links
  #2  
Old 5th August 2006, 17:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Why don't you use the /etc/init.d/saslauthd file that'S provided in this tutorial? http://www.howtoforge.com/howto_sendmail_smtp_auth_tls
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 5th August 2006, 19:30
dan28088 dan28088 is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default First reply

That's a reprint of the tutorial that I did use -

The issue doesn't seem to be Sendmail itself - rather something with saslauthd

[root@roadrunner mail]# /usr/sbin/saslauthd -a shadow
saslauthd[24993] :detach_tty : Cannot start saslauthd
saslauthd[24993] :detach_tty : could not read from startup_pipe

I built it with the options presented in the how-to so as not to deviate from the example, but it seems that I should try again with fewer options. The thing is that I don't know is what options are truly necessary and what options I can try and leave out.

There may be someother thing to try as well as the build itself went fine - just the error above shows something not right.

I included the process that got me to this point as it seemed possible that I might have tripped up somewhere in route - so I thought it helpful to provide a summary of those steps.

I did strip it out and try again, but same result.
Reply With Quote
  #4  
Old 6th August 2006, 19:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
 
Default

The problem is that you already have another version of saslauthd installed on your system. That's why your version got installed to /usr/local/sbin/saslauthd instead of /usr/sbin/saslauthd. So in the saslauthd init script from the tutorial, replace
Code:
DAEMON="/usr/sbin/${NAME}"
with
Code:
DAEMON="/usr/local/sbin/${NAME}"
and try again.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP Auth doesnt work maxx Installation/Configuration 5 29th June 2006 22:51
troubleshooting cyrus and ldap auth kimba HOWTO-Related Questions 0 26th February 2006 14:56


All times are GMT +2. The time now is 12:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.