From owner-freebsd-questions@FreeBSD.ORG Thu Jul 30 09:28:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D90431065709 for ; Thu, 30 Jul 2009 09:28:47 +0000 (UTC) (envelope-from reedlai@hotmail.com) Received: from snt0-omc4-s27.snt0.hotmail.com (snt0-omc4-s27.snt0.hotmail.com [65.55.90.230]) by mx1.freebsd.org (Postfix) with ESMTP id A1CEE8FC2B for ; Thu, 30 Jul 2009 09:28:47 +0000 (UTC) (envelope-from reedlai@hotmail.com) Received: from SNT121-DS5 ([65.55.90.201]) by snt0-omc4-s27.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 30 Jul 2009 02:28:46 -0700 X-Originating-IP: [59.125.83.147] X-Originating-Email: [reedlai@hotmail.com] Message-ID: From: "Reed Lai" To: "FreeBSD Question" References: <4A710A2F.1030407@cia.com> <4A713F34.5050404@cia.com> <4A7160C8.9050705@cia.com> In-Reply-To: <4A7160C8.9050705@cia.com> Date: Thu, 30 Jul 2009 17:28:07 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8064.206 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8064.206 X-OriginalArrivalTime: 30 Jul 2009 09:28:46.0908 (UTC) FILETIME=[239FA7C0:01CA10F8] Subject: Re: SMTP Authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jul 2009 09:28:48 -0000 The liblogin.so is in directory banyan# ll /usr/local/lib/sasl2/liblogin.so lrwxr-xr-x 1 root wheel 13 7 29 14:54 /usr/local/lib/sasl2/liblogin.so -> liblogin.so.2 banyan# ll /usr/local/lib/sasl2/liblogin.so.2 -rwxr-xr-x 1 root wheel 17172 7 29 14:54 /usr/local/lib/sasl2/liblogin.so.2 There is only confAUTH_MECHANISMS in .mc file, not confAUTH_OPTIONS dnl set SASL options dnl -------------------------------- TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl Reed From: Ihor Prystay Sent: Thursday, July 30, 2009 4:58 PM To: FreeBSD Question Subject: Re: SMTP Authentication Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to recompile sasl with LOGIN mech support. Check in your .mc file if you define confAUTH_OPTIONS macro. If you do make sure 'p' parameter is not on the list or LOGIN would be available only after TLS encryption which is not a case for you as your working configuration offers LOGIN during telnet session (it's actually a bad idea to do authentication clear text). Ihor Reed Lai wrote: > Yes, the new server leaks LOGIN in the 250-AUTH list! > > New server > ========= > 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 > > Functional server > ============== > 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > > I have checked the generated .cf file in the new server and there are > class and option listed > > C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > > The new server has same configuration to old server, but has not LOGIN > in the 250-AUTH list. > BTW, the new server has hostname changed once... I don't know if it does > matter or not.. > > Reed > > From: Ihor Prystay > Sent: Thursday, July 30, 2009 2:35 PM > To: freebsd-questions@freebsd.org > Subject: Re: SMTP Authentication > > > Tray telnet to port 25 of your working SMTP server and compare the output. > Check > 250-AUTH > According to the provided log from the working server it should be LOGIN > mech available in the list, which is not present on the new server. > > Ihor > > > Reed Lai wrote: >> The maillog does not log the sm-mta: AUTH=server action. The functional >> server has the AUTH=server action logged. How do I debug from this >> different? >> >> Reed >> >> From: Reed Lai >> Sent: Thursday, July 30, 2009 11:51 AM >> To: FreeBSD Questions >> Subject: Re: SMTP Authentication >> >> >> The mail client is Windows Live Mail and it work well with the functional >> server. Its SMTP authenication should be ok. >> >> Reed >> >> >> From: Ihor Prystay >> Sent: Thursday, July 30, 2009 10:49 AM >> To: freebsd-questions@freebsd.org >> Subject: Re: SMTP Authentication >> >> >> your working server does support LOGIN mech while other one dosn't. >> I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5 >> auth, usually it's PLAIN or/and LOGIN. >> >> Ihor >> >> >> >> Reed Lai wrote: >>> Instruction of the "SMTP AUTO in sendmail 8.10-8.13" to test the >>> Sendmail >>> >>> banyan# sendmail -d0.1 -bv root >>> Version 8.14.2 >>> Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 >>> NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING >>> SASLv2 >>> SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG >>> >>> ============ SYSTEM IDENTITY (after readcf) ============ >>> (short domain name) $w = banyan >>> (canonical domain name) $j = banyan...com >>> (subdomain name) $m = ..com >>> (node name) $k = banyan...com >>> ======================================================== >>> >>> root... deliverable: mailer local, user root >>> >>> banyan# telnet localhost 25 >>> Trying 127.0.0.1... >>> Connected to localhost. >>> Escape character is '^]'. >>> 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40 >>> +0800 (CST) >>> ehlo localhost >>> 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you >>> 250-ENHANCEDSTATUSCODES >>> 250-PIPELINING >>> 250-8BITMIME >>> 250-SIZE >>> 250-DSN >>> 250-ETRN >>> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 >>> 250-DELIVERBY >>> 250 HELP >>> >>> The Sendmail test seems OK >>> But the SMTP authentication does not work from my mail client. >>> >>> Reed >>> >>> >>> From: Reed Lai >>> Sent: Wednesday, July 29, 2009 5:37 PM >>> To: freebsd-questions@freebsd.org >>> Subject: SMTP Authentication >>> >>> >>> Hi, >>> >>> I have two freebsd mail servers both configured SMTP authentication: >>> >>> FreeBSD Handbook 28.10 SMTP Authenticatin >>> http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html >>> >>> SMTP AUTO in sendmail 8.10-8.13 >>> http://www.sendmail.org/~ca/email/auth.html >>> >>> One is functional, and the other one doesn't seem to work. Compare the >>> maillogs of the two servers, there is an AUTH=server message appear in >>> the >>> functional server, but the other one has not. >>> >>> The maillog of functional server >>> ====================== >>> Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-....net >>> [59...147], authid=a660407, mech=LOGIN, bits=0 >>> Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=, >>> size=1430, class=0, nrcpts=1, >>> msgid=<40F9CC65E8874D128639A39C1EEBD410@ReedXP>, proto=ESMTP, >>> daemon=IPv4, >>> relay=59-...net [59...147] >>> >>> The other one >>> ========= >>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt, >>> arg1=, relay=59-...-147.HINET-IP.hinet.net [59...147], >>> reject=550 5.7.1 ... Relaying denied >>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=, >>> size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, >>> relay=59-...-147.HINET-IP.hinet.net [59...147] >>> >>> It seems the other one's smtp authentication is not trigged. >>> >>> Please help or tip me for something I forget. >>> >>> Thank you! >>> >>> Reed >>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"