Date: Mon, 07 Aug 2006 13:26:14 -0500 From: Greg Groth <ggroth@gregs-garage.com> To: Frank Staals <frankstaals@gmx.net> Cc: questions@FreeBSD.org Subject: Re: Sendmail Question; unable to send mail as normal user Message-ID: <44D785C6.10605@gregs-garage.com> In-Reply-To: <44D77B38.7020002@gmx.net> References: <44D3C56A.60806@gmx.net> <44D77B38.7020002@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've gotten a bit further this weekend but I'm not 'there' yet. I could > sucessfully send a e-mail by using 'mail' as normal user at my server. > Allthough when I tried to send an e-mail from my laptop with my server > as smtp server it kept prompting for my password and this is what was > displayed in /var/log/maillog : > > Aug 5 11:40:36 FStaals sm-mta[101]: k759eEva000101: Riza.FStaals.LAN > [192.168.2.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 > > When I googled if I could find a solution I came to this page : > http://www.issociate.de/board/post/246978/did_not_issue_MAIL/EXPN/VRFY/ETRN_during_connection_to_MTA.html > The solution oppered there was to add ' mech_list: login plain' to > /usr/local/lib/sasl2/Sendmail.conf . So I did and it kind of worked, > allthough now I can only send e-mail to other users at my server ( for > example root ), when I try to mail to an external adress my log 'says' > my message is rejected: > > Aug 5 13:10:30 FStaals sm-mta[1495]: k75BATko001495: > ruleset=check_rcpt, arg1=< > frankstaals@gmx.net>, relay=Riza.FStaals.LAN [192.168.2.5], reject=550 > 5.7.1 <fr > ankstaals@gmx.net>... Relaying denied > Aug 5 13:10:34 FStaals sm-mta[1495]: k75BATko001495: lost input channel > from Ri > za.FStaals.LAN [192.168.2.5] to IPv4 after rcpt > Aug 5 13:10:34 FStaals sm-mta[1495]: k75BATko001495: > from=<frank@fstaals.net>, > size=373, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, > relay=Riza.FStaals.LAN [1 > 92.168.2.5] > > > I'm not sure what I have to do to get working correctly and I was hoping > someone could give me some hints what I'm doing wrong. Also I'm not sure > if it's a good idea to add the 'mech_list: login plain' to sasl2's > Sendmail.conf ? Last but not least : I want sendmail to use SSL and > listen to port 465. sockstat shows It isn't listening to that port, but > I think it should, does anyone happen to know what it is I'm doing wrong > at that point: > > root@FStaals$ sockstat -4 | grep sendmail > root sendmail 1410 3 tcp4 *:25 *:* > root sendmail 1410 5 tcp4 *:587 *:* > > root@FStaals$ cat /etc/mail/FStaals.net.cf | grep smtps > O DaemonPortOptions=Port=smtps, Name=TLSMTA, M=s > > Many thanks, > Telnet to port 25 on the mail server. Once connected, issue an EHLO command and look for the AUTH line - for example: # telnet localhost 25 Trying ::1... Connected to localhost.servername.com. Escape character is '^]'. 220 mail.servername.com ESMTP Sendmail 8.13.4/8.13.4; Mon, 7 Aug 2006 13:11:37 -0500 (CDT) EHLO localhost 250-mail.servername.com Hello localhost.servername.com [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH PLAIN LOGIN 250-DELIVERBY 250 HELP If you don't see PLAIN LOGIN, you have a problem in how Sendmail was compiled. As far as getting SSL up and running, I had better luck using stunnel instead of compiling SSL into each service. With one certificate to manage, I now have SSL encryption on IMAP, POP3, SMTP & HTTP. Of course the sites that are being protected are for internal use at our company, so no one complains that we're using a self-signed certificate and the names don't match, YMMV. If Sendmail does return the right AUTH parameters, and you're still having issues, test saslauthd. Make sure you have the following in Sendmail.conf: pwcheck_method: saslauthd I have not needed to add "'mech_list: login plain'" to Sendmail.conf to get this to work. Make sure saslauthd is running. If not then: /usr/local/etc/rc.d/./saslauthd start test the authentication: # /usr/local/sbin/testsaslauthd -u username -p password 0: OK "Success." If you get an error with saslauthd at this point, the problem is there. If this works OK, but you're not getting the right AUTH response during your telnet connection, your problem is probably how Sendmail was compiled. HTH. If all seems to be in order, and you're still having issues, what other ports do you have on the machine? I've run into problems the same as yours with both Postfix and Sendmail after installing quite a few other ports. During my last rebuild, I installed Postfix and sasl2 out of the gate, and have had no issues. I think in my case, something else I installed before the MTA & SASL2 screwed something up, but I could not determine where the fault was and ended up reinstalling. Best regards, Greg Groth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44D785C6.10605>