Sendmail SMTP Auth and cyrus-sasl-2.1.17 glitch

Discussion in 'HOWTO-Related Questions' started by dan28088, Aug 4, 2006.

  1. dan28088

    dan28088 New Member

    Hi -
    I seem to have generated a problem in my efforts to follow the "Sendmail-SMTP-AUTH-TLS-Howto" for I have no authentication ability.

    The sendmail part of the equation seems to be working ok, but it looks like my problem is related to saslauthd failing.

    As set out in the HOW-To, I downloaded and built the three indicated files
    cd /tmp
    wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz
    wget --passive-ftp ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.17.tar.gz
    wget --passive-ftp ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.11.tar.gz

    The build for sasl2 was exactly as indicated -
    ---------
    3 Install Cyrus-sasl2

    cd /tmp
    tar xvfz cyrus-sasl-2.1.17.tar.gz
    cd cyrus-sasl-2.1.17
    ./configure --enable-anon --enable-plain --enable-login --disable-krb4 --with-saslauthd=/var/run/saslauthd --with-pam --with-openssl=/usr/local/ssl --with-plugindir=/usr/local/lib/sasl2 --enable-cram --enable-digest --enable-otp (1 line!)
    make
    make install
    ---------

    and the rests of the install seemed to progress without incident.

    When I attempted to start both saslauthd and sendmail I didn't at first notice that there was no real indication that saslauthd was not running. What I did notice was that when I provided my password in the effort to send a message I got a failure.

    To help localize the issue I edited my sendmail.cm to narrow the focus for the methods of authentication.
    ----------
    [root@roadrunner cf]# cat sendmail.mc
    dnl ### do SMTPAUTH
    dnl ### define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
    dnl ### define('confAUTH_OPTIONS', `A p y')dnl

    dnl ### define('confAUTH_OPTIONS', `A')dnl
    dnl ### define('confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
    dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

    dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

    define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
    TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

    define('confLOG_LEVEL', `14')dnl

    dnl ### do STARTTLS
    define(`confCACERT_PATH', `/etc/mail/certs')dnl
    define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
    define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
    define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
    define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
    define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
    DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl

    dnl ###
    define(`confDEF_CHAR_SET', `iso-8859-1')dnl
    define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks
    define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks
    define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks
    define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks
    define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
    define(`confSMTP_LOGIN_MSG', `$j')dnl
    define(`confDONT_PROBE_INTERFACES', `True')dnl
    define(`confTO_INITIAL', `6m')dnl
    define(`confTO_CONNECT', `20s')dnl
    define(`confTO_HELO', `5m')dnl
    define(`confTO_HOSTSTATUS', `2m')dnl
    define(`confTO_DATAINIT', `6m')dnl
    define(`confTO_DATABLOCK', `35m')dnl
    define(`confTO_DATAFINAL', `35m')dnl
    define(`confDIAL_DELAY', `20s')dnl
    define(`confNO_RCPT_ACTION', `add-apparently-to')dnl
    define(`confALIAS_WAIT', `0')dnl
    define(`confMAX_HOP', `35')dnl
    define(`confQUEUE_LA', `5')dnl
    define(`confREFUSE_LA', `12')dnl
    define(`confSEPARATE_PROC', `False')dnl
    define(`confCON_EXPENSIVE', `true')dnl
    define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
    define(`confWORK_TIME_FACTOR', `3000')dnl
    define(`confQUEUE_SORT_ORDER', `Time')dnl
    define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl
    OSTYPE(linux)dnl
    FEATURE(`delay_checks')dnl
    FEATURE(`generics_entire_domain')dnl
    FEATURE(`local_procmail')dnl
    FEATURE(`masquerade_envelope')dnl
    FEATURE(`nouucp',`reject')dnl
    FEATURE(`redirect')dnl
    FEATURE(`relay_entire_domain')dnl
    FEATURE(`use_cw_file')dnl
    FEATURE(`virtuser_entire_domain')dnl

    FEATURE(dnsbl,`blackholes.mail-abuse.org',
    ` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl
    FEATURE(dnsbl,`dialups.mail-abuse.org',
    ` Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm')dnl

    FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
    FEATURE(access_db)dnl
    FEATURE(lookupdotdomain)dnl
    FEATURE(`blacklist_recipients')dnl
    FEATURE(`no_default_msa')dnl
    DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
    MAILER(local)dnl
    MAILER(smtp)dnl
    MAILER(procmail)dnl
    --------------

    From this I then can make sendmail.cf and at least confirm the following:

    [root@roadrunner mail]# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 roadrunner.jlazyh.com ESMTP
    EHLO localhost
    250-roadrunner.jlazyh.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE 15000000
    250-DSN
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-STARTTLS
    250-DELIVERBY
    250 HELP

    Converting a login and password to 64base and attempting to test the authentication I got an error -

    From this I started to look for causes, and tested saslauthd.

    I found that I had two versions on the system
    /usr/sbin/saslauthd (dating from 2002)
    /usr/local/sbin/saslauthd (Aug 3, 3006 - built yesterday)

    The existance of different versions is more clearly seen here:
    [root@roadrunner cf]# /usr/local/sbin/saslauthd -v
    saslauthd 2.1.17
    authentication mechanisms: getpwent pam rimap shadow

    [root@roadrunner cf]# /usr/sbin/saslauthd -v
    saslauthd 2.1.10
    authentication mechanisms: getpwent kerberos5 pam rimap shadow

    My /etc/init.d/saslauthd startup file initially referenced the /usr/sbin/saslauthd file - and when run would not indicate an error but
    ps -ax | grep saslauthd didn't show anything.

    Adjusting the path to the new file, and later copying the sasl* files into /usr/sbin/ directly, I find on startup I get an error - the same when I try to start it manually:

    [root@roadrunner mail]# /usr/sbin/saslauthd -a shadow
    saslauthd[24993] :detach_tty : Cannot start saslauthd
    saslauthd[24993] :detach_tty : could not read from startup_pipe
    [root@roadrunner mail]#

    And now I am stuck - I can't find any paths to follow on this issue, and am at a loss as to what the issue is with the startup_pile and/or detach_tty.

    I am sure there is more information that I can provide that would be helpful - but this note is long enough already.

    Truly would appreciate some help and guidance in resolving this. Thanks in advance.

    Cheers -
     
  2. falko

    falko Super Moderator

  3. dan28088

    dan28088 New Member

    First reply

    That's a reprint of the tutorial that I did use -

    The issue doesn't seem to be Sendmail itself - rather something with saslauthd

    [root@roadrunner mail]# /usr/sbin/saslauthd -a shadow
    saslauthd[24993] :detach_tty : Cannot start saslauthd
    saslauthd[24993] :detach_tty : could not read from startup_pipe

    I built it with the options presented in the how-to so as not to deviate from the example, but it seems that I should try again with fewer options. The thing is that I don't know is what options are truly necessary and what options I can try and leave out.

    There may be someother thing to try as well as the build itself went fine - just the error above shows something not right.

    I included the process that got me to this point as it seemed possible that I might have tripped up somewhere in route - so I thought it helpful to provide a summary of those steps.

    I did strip it out and try again, but same result.
     
  4. falko

    falko Super Moderator

    The problem is that you already have another version of saslauthd installed on your system. That's why your version got installed to /usr/local/sbin/saslauthd instead of /usr/sbin/saslauthd. So in the saslauthd init script from the tutorial, replace
    Code:
    DAEMON="/usr/sbin/${NAME}"
    with
    Code:
    DAEMON="/usr/local/sbin/${NAME}"
    and try again.
     

Share This Page