Hi - I seem to have generated a problem in my efforts to follow the "Sendmail-SMTP-AUTH-TLS-Howto" for I have no authentication ability. The sendmail part of the equation seems to be working ok, but it looks like my problem is related to saslauthd failing. As set out in the HOW-To, I downloaded and built the three indicated files cd /tmp wget http://www.openssl.org/source/openssl-0.9.7c.tar.gz wget --passive-ftp ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.17.tar.gz wget --passive-ftp ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.11.tar.gz The build for sasl2 was exactly as indicated - --------- 3 Install Cyrus-sasl2 cd /tmp tar xvfz cyrus-sasl-2.1.17.tar.gz cd cyrus-sasl-2.1.17 ./configure --enable-anon --enable-plain --enable-login --disable-krb4 --with-saslauthd=/var/run/saslauthd --with-pam --with-openssl=/usr/local/ssl --with-plugindir=/usr/local/lib/sasl2 --enable-cram --enable-digest --enable-otp (1 line!) make make install --------- and the rests of the install seemed to progress without incident. When I attempted to start both saslauthd and sendmail I didn't at first notice that there was no real indication that saslauthd was not running. What I did notice was that when I provided my password in the effort to send a message I got a failure. To help localize the issue I edited my sendmail.cm to narrow the focus for the methods of authentication. ---------- [root@roadrunner cf]# cat sendmail.mc dnl ### do SMTPAUTH dnl ### define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl dnl ### define('confAUTH_OPTIONS', `A p y')dnl dnl ### define('confAUTH_OPTIONS', `A')dnl dnl ### define('confAUTH_MECHANISMS', `LOGIN PLAIN')dnl dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN')dnl dnl ### TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define('confLOG_LEVEL', `14')dnl dnl ### do STARTTLS define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl dnl ### define(`confDEF_CHAR_SET', `iso-8859-1')dnl define(`confMAX_MESSAGE_SIZE', `15000000')dnl Denial of Service Attacks define(`confMAX_DAEMON_CHILDREN', `30')dnl Denial of Service Attacks define(`confCONNECTION_RATE_THROTTLE', `2')dnl Denial of Service Attacks define(`confMAXRCPTSPERMESSAGE', `50')dnl Denial of service Attacks define(`confSINGLE_LINE_FROM_HEADER', `True')dnl define(`confSMTP_LOGIN_MSG', `$j')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`confTO_INITIAL', `6m')dnl define(`confTO_CONNECT', `20s')dnl define(`confTO_HELO', `5m')dnl define(`confTO_HOSTSTATUS', `2m')dnl define(`confTO_DATAINIT', `6m')dnl define(`confTO_DATABLOCK', `35m')dnl define(`confTO_DATAFINAL', `35m')dnl define(`confDIAL_DELAY', `20s')dnl define(`confNO_RCPT_ACTION', `add-apparently-to')dnl define(`confALIAS_WAIT', `0')dnl define(`confMAX_HOP', `35')dnl define(`confQUEUE_LA', `5')dnl define(`confREFUSE_LA', `12')dnl define(`confSEPARATE_PROC', `False')dnl define(`confCON_EXPENSIVE', `true')dnl define(`confWORK_RECIPIENT_FACTOR', `1000')dnl define(`confWORK_TIME_FACTOR', `3000')dnl define(`confQUEUE_SORT_ORDER', `Time')dnl define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun,needmailhelo')dnl OSTYPE(linux)dnl FEATURE(`delay_checks')dnl FEATURE(`generics_entire_domain')dnl FEATURE(`local_procmail')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`nouucp',`reject')dnl FEATURE(`redirect')dnl FEATURE(`relay_entire_domain')dnl FEATURE(`use_cw_file')dnl FEATURE(`virtuser_entire_domain')dnl FEATURE(dnsbl,`blackholes.mail-abuse.org', ` Mail from $&{client_addr} rejected; see http://mail-abuse.org/cgi-bin/lookup?$& {client_addr}')dnl FEATURE(dnsbl,`dialups.mail-abuse.org', ` Mail from dial-up rejected; see http://mail-abuse.org/dul/enduser.htm')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl FEATURE(access_db)dnl FEATURE(lookupdotdomain)dnl FEATURE(`blacklist_recipients')dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(procmail)dnl -------------- From this I then can make sendmail.cf and at least confirm the following: [root@roadrunner mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 roadrunner.jlazyh.com ESMTP EHLO localhost 250-roadrunner.jlazyh.com Hello localhost.localdomain [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 15000000 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP Converting a login and password to 64base and attempting to test the authentication I got an error - From this I started to look for causes, and tested saslauthd. I found that I had two versions on the system /usr/sbin/saslauthd (dating from 2002) /usr/local/sbin/saslauthd (Aug 3, 3006 - built yesterday) The existance of different versions is more clearly seen here: [root@roadrunner cf]# /usr/local/sbin/saslauthd -v saslauthd 2.1.17 authentication mechanisms: getpwent pam rimap shadow [root@roadrunner cf]# /usr/sbin/saslauthd -v saslauthd 2.1.10 authentication mechanisms: getpwent kerberos5 pam rimap shadow My /etc/init.d/saslauthd startup file initially referenced the /usr/sbin/saslauthd file - and when run would not indicate an error but ps -ax | grep saslauthd didn't show anything. Adjusting the path to the new file, and later copying the sasl* files into /usr/sbin/ directly, I find on startup I get an error - the same when I try to start it manually: [root@roadrunner mail]# /usr/sbin/saslauthd -a shadow saslauthd[24993] :detach_tty : Cannot start saslauthd saslauthd[24993] :detach_tty : could not read from startup_pipe [root@roadrunner mail]# And now I am stuck - I can't find any paths to follow on this issue, and am at a loss as to what the issue is with the startup_pile and/or detach_tty. I am sure there is more information that I can provide that would be helpful - but this note is long enough already. Truly would appreciate some help and guidance in resolving this. Thanks in advance. Cheers -
Why don't you use the /etc/init.d/saslauthd file that'S provided in this tutorial? http://www.howtoforge.com/howto_sendmail_smtp_auth_tls
First reply That's a reprint of the tutorial that I did use - The issue doesn't seem to be Sendmail itself - rather something with saslauthd [root@roadrunner mail]# /usr/sbin/saslauthd -a shadow saslauthd[24993] :detach_tty : Cannot start saslauthd saslauthd[24993] :detach_tty : could not read from startup_pipe I built it with the options presented in the how-to so as not to deviate from the example, but it seems that I should try again with fewer options. The thing is that I don't know is what options are truly necessary and what options I can try and leave out. There may be someother thing to try as well as the build itself went fine - just the error above shows something not right. I included the process that got me to this point as it seemed possible that I might have tripped up somewhere in route - so I thought it helpful to provide a summary of those steps. I did strip it out and try again, but same result.
The problem is that you already have another version of saslauthd installed on your system. That's why your version got installed to /usr/local/sbin/saslauthd instead of /usr/sbin/saslauthd. So in the saslauthd init script from the tutorial, replace Code: DAEMON="/usr/sbin/${NAME}" with Code: DAEMON="/usr/local/sbin/${NAME}" and try again.
