centos 6.4 sendmail SMTP-AUTH not working

Question

I want cinfugiure centos 6.4 server with sendmail and dovecot to SMTP-AUTH , I configure saslauthd and sendmail, but the SMTP-AUTH is not function,actual configuration is

[root@server sasl2]# rpm -qa | grep sendmail sendmail-8.14.4-8.el6.x86_64 sendmail-cf-8.14.4-8.el6.noarch

[root@server sasl2]# sendmail -d0.1 -bv
Version 8.14.4
 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
                NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
                TCPWRAPPERS USERDB USE_LDAP_INIT

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = server
  (canonical domain name) $j = server.itzena.cz
         (subdomain name) $m = itzena.cz
              (node name) $k = server.itzena.cz
========================================================

Recipient names must be specified


[root@server sasl2]#  grep -v ^dnl /etc/mail/sendmail.mc
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

[root@server sasl2]# saslauthd -v
saslauthd 2.1.23
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap


[root@server sasl2]# cat /etc/sasl2/Sendmail.conf
pwcheck_method:saslauthd
mech_list: PLAIN LOGIN

[root@server sasl2]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.itzena.cz ESMTP Sendmail 8.14.4/8.14.4; Sat, 6 Jul 2013 14:58:49 +0200
ehlo localhost
250-server.itzena.cz Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP

i have uncommented line

    TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

but if

[root@server ~]# telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server.itzena.cz ESMTP Sendmail 8.14.4/8.14.4; Sun, 7 Jul 2013 09:17:08 +0200
ehlo localhost
250-server.itzena.cz Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
AUTH LOGIN
503 5.3.3 AUTH not available

how I can configure the centos 6.4 server with sendamil to SMTP_AUTH ? — mardon, Jul 06 '13 at 17:20
If your problem is solved, click the check mark next to the answer that worked for you. This marks the question as solved. — Michael Hampton, Jul 07 '13 at 16:29

MadHatter · Accepted Answer · 2013-07-08T07:16:07.263

You currently have two contradictory lines in your m4:

define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_OPTIONS', `A p')dnl

Assuming the second of these takes precedence, the p flag tells sendmail not to offer authentication unless encryption is in place, which means you will need to have TLS up and running to be offered authentication. Here's a comparable pair of conversations with my mail server. The first one's in plaintext, using telnet:

[me@risby iplayer]$ telnet www.teaparty.net 25
Trying 2a01:8000:0:4::1:1...
Connected to www.teaparty.net.
Escape character is '^]'.
220 : ESMTP you accept terms at http://www.teaparty.net/smtp.html
ehlo me
250-lory.teaparty.net Hello [IPv6:2001:4d48:ad51:3500:7271:bcff:feac:445a], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 14000000
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 lory.teaparty.net closing connection
Connection closed by foreign host.

Because it's a plaintext connection, authentication is not offered. Now I'll try using openssl to make a TLS-enabled connection:

[me@risby iplayer]$ openssl s_client -connect www.teaparty.net:25 -starttls smtp
CONNECTED(00000003)
[much crypto stuff deleted]
250 HELP
ehlo me
250-lory.teaparty.net Hello [IPv6:2001:4d48:ad51:3500:7271:bcff:feac:445a], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 14000000
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 lory.teaparty.net closing connection

Note how AUTH options are offered. I note that in addition to telling sendmail only to offer AUTH if encryption is in place, you haven't configured TLS; you're going to need to configure that before you can test to see if AUTH is offered. Configuring TLS under sendmail is outside the scope of this question, but there are already answers on SF that can help with that.

score 0 · Answer 2 · answered Jul 06 '13 at 17:58

Open /etc/mail/sendmail.mc.

Look for the lines that say:

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Uncomment them by removing "dnl".

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Save the file and restart sendmail with service sendmail restart. If this does not work, what are you seeing when you attempt to authenticate?

This line I uncomment but in telnet localhost ehlo is not the AUTH, how i test from localhost if the auth is function? — mardon, Jul 06 '13 at 18:04

centos 6.4 sendmail SMTP-AUTH not working

2 Answers2