Re: sendmail AUTH

Liste des GroupesRevenir à cm sendmail 
Sujet : Re: sendmail AUTH
De : wagnes (at) *nospam* jemoni.to (Wolfgang Agnes)
Groupes : comp.mail.sendmail
Date : 08. Nov 2024, 19:40:17
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <87ttchzi0e.fsf@jemoni.to>
References : 1 2 3 4
kalevi@kolttonen.fi (Kalevi Kolttonen) writes:

In comp.mail.sendmail Wolfgang Agnes <wagnes@jemoni.to> wrote:
Thanks!  Then I don't have support for authentication.
 
--8<-------------------------------------------------------->8---
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024
07:51:24 -0300 (-03)
EHLO localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
--8<-------------------------------------------------------->8---
 
I'll have to recompile Sendmail.
>
Not necessarily. I cannot remember the exact conditions, but
sometimes AUTH appears only after the client has issued
STARTTLS to enable the encryption layer. Clients do EHLO again
after the encryption layer is working.

Thanks!  I don't know how to investigate it further after I type
STARTTLS.  I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.

By the way, I think you're thinking is good---you might be thinking that
sendmail wouldn't want credentials traveling in the clear, but I believe
it does accept that if we compile it with AUTH PLAIN, say.  I think
saying STARTTLS before will not be required.

The book

  sendmail
  Bryan Costales, George Jansen
  & Claus Assmann with Gregory Neil Shapiro
  O'Reilly, 2007, fourth edition, ISBN 978-0-596-51029-9

seems to confirm that I don't have AUTH support.  On section 5.1.2.1, we
find:

--8<-------------------------------------------------------->8---
Before you install sendmail, test it to be sure the added SASL support
has worked.  You can do this by running sendmail from the directory in
which it was built. Note that you must do this as root:

# obj.*/sendmail/sendmail -bs -Am

Here, we run the newly built sendmail relative to the source
directory. The -bs tells sendmail to speak SMTP on its standard
input. The -Am tells sendmail to use its server configuration file (not
submit.cf), even though it is running in mail-submission mode.

Such a test session might look like this:

220 your.host.domain ESMTP Sendmail 8.14.1/8.14.1; Fri, 14 Dec 2007 11:43:02 -0700
(PST)
ehlo your.host.domain
250-your.host.domain Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5    <-- note this line
250-DELIVERBY
250 HELP
quit
221 2.0.0 your.host.domain closing connection

Here, the AUTH SMTP keyword appears, indicating that this site supports SASL
authentication and two modes of authentication as shown earlier.
--8<-------------------------------------------------------->8---

And here's my test:

--8<-------------------------------------------------------->8---
# /usr/sbin/sendmail -bs -Am
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 15:29:21 -0300 (-03)
help
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 Topics:
214-2.0.0       HELO    EHLO    MAIL    RCPT    DATA
214-2.0.0       RSET    NOOP    QUIT    HELP    VRFY
214-2.0.0       EXPN    VERB    ETRN    DSN     AUTH
214-2.0.0       STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0       http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
EHLO localhost
250-my.host.name Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
HELP                          <--- I lose the connection here
#
--8<-------------------------------------------------------->8---

In maillog, I find:

--8<-------------------------------------------------------->8---
Nov  8 15:29:44 my.host sendmail[16217]: tls_srv_features=(null), relay=(null) [0]
Nov  8 15:29:44 my.host sendmail[16217]: tls_srv_features=empty, stat=0, relay=(null) [0]
--8<-------------------------------------------------------->8---

besides other irrelevant lines.

I find curious, though, that if I don't have SASL support, why should I
see the command AUTH as the answer to HELP?  (I seem to have no
mechanism compiled-in for authentication.)

Date Sujet#  Auteur
7 Nov 24 * sendmail AUTH15Wolfgang Agnes
8 Nov 24 +* Re: sendmail AUTH13Andrzej Adam Filip
8 Nov 24 i`* Re: sendmail AUTH12Wolfgang Agnes
8 Nov 24 i +* Re: sendmail AUTH6Kalevi Kolttonen
8 Nov 24 i i`* Re: sendmail AUTH5Wolfgang Agnes
8 Nov 24 i i +* Re: sendmail AUTH2Kalevi Kolttonen
9 Nov 24 i i i`- Re: sendmail AUTH1Wolfgang Agnes
8 Nov 24 i i `* Re: sendmail AUTH2Bjørn Mork
9 Nov 24 i i  `- Re: sendmail AUTH1Wolfgang Agnes
8 Nov 24 i `* Re: sendmail AUTH5Andrzej Adam Filip
8 Nov 24 i  +- Re: sendmail AUTH1Wolfgang Agnes
9 Nov 24 i  `* Re: sendmail AUTH3Wolfgang Agnes
10 Nov 24 i   `* Re: sendmail AUTH2Claus Aßmann
11 Nov 24 i    `- Re: sendmail AUTH1Wolfgang Agnes
8 Nov 24 `- Re: sendmail AUTH1Wolfgang Agnes

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal