0

I'm trying to get SMTP-AUTH working on a Mint Linux 20.2 machine, and I'm having trouble getting authentication to happen. I have installed Cyrus sasl2, and apparently configured it properly - testsaslauthd -u <user> -p <password> -s smtp returns 0: OK "Success." But when I try to send mail from my client using the same credentials, sendmail can't authenticate. What is curious to me is that when I use testsaslauthd entries are generated in my auth log, but when Sendmail tries, there is nothing. Trying to use testsaslauthd from a non-root context also results in no auth entry, which leads me to believe that either sendmail does not have sufficient permission to connect to the sasl daemon, or that it doesn't know where that pipe is and is guessing wrong. So I guess the question is, how does sendmail find that pipe, and who is it being when it does that?

tsc_chazz
  • 905
  • 3
  • 14
  • Testsaslauthd does not use the sendmail configuration but only tests the SASL daemon and authentication process. Generally you will still need to configure authentication methods in Sendmail. https://serverfault.com/a/550606/546643 has quite a few useful pointers, with also the most prominent one, use something with learning curve not as steep as sendmail, such as Postfix or exim... What error messages does sendmail display after restarting and you testing authentication? – Bob Dec 18 '21 at 08:33

2 Answers2

1

There should be a configuration file for each client using SASL, e.G. "/usr/lib/sasl2/Sendmail.conf"

pwcheck_method: saslauthd
dinoex
  • 141
  • 5
  • And yes, I knew that, and I have that, but it isn't working. Log still indicates that Sendmail isn't looking anywhere for authentication on send. – tsc_chazz Mar 16 '22 at 17:17
1

Is your sendmail compiled with SASL? check:

sendmail -d0 < /dev/null | grep SASL

it should list "SASLv2"

Did you activate it in "sendmail.mc" ? Example:

define(`confAUTH_MECHANISMS', `PLAIN LOGIN CRAM-MD5')dnl
define(`confAUTH_OPTIONS', `y')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl
dinoex
  • 141
  • 5
  • That last point would seem to be the magical answer - specifically the `confDONT_BLAME_SENDMAIL' item. Adding that to the config seems to have made it all work. – tsc_chazz Mar 18 '22 at 20:52