Re: sendmail AUTH

Claus Aßmann
<INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_ml+sendmail(-no-copies-please)@esmtp.org>
writes:

Wolfgang Agnes  wrote:
>

I made sure not to add PLAIN or LOGIN, although I'd accept such
authentications if I can make sure the conversation would be always
wrapped in TLS, which I think it would be desirable for port 587.  But I
don't if that's easy to do.

>
Did you read the fine documentation?
>
>
      AuthOptions
                    p   don't permit mechanisms susceptible to simple
                        passive attack (e.g., PLAIN, LOGIN), unless a
                        security layer is active.

Thanks!  I am.  I'm reading a fine and well-written book in its fourth
edition---thanks very much for your attention. :) Now you reminded me
about AuthOptions.  And the p-option is now in place and things look
brigther now.  Thanks very much.

%openssl s_client -starttls smtp -connect my.host.name:587 -quiet
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = E5
verify return:1
depth=0 CN = my.host.name
verify return:1
250 HELP
ehlo localhost
250-my.host.name Hello my.host.name [1.2.3.4], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 my.host.name closing connection

(I then enabled PLAIN as well.)

%telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Mon, 11 Nov 2024 08:23:43 -0300 (-03)
ehlo localhost
250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 my.host.name closing connection
Connection closed by foreign host.