Bug 16064 - SMTP Auth is not enabled by default
SMTP Auth is not enabled by default
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
7.1
noarch Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-08-12 09:01 EDT by Pekka Savola
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-14 11:58:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sendmail mc file for sources (1.58 KB, text/plain)
2000-08-12 18:41 EDT, Todd Nemanich
no flags Details

  None (edit)
Description Pekka Savola 2000-08-12 09:01:27 EDT
This is sendmail-8.11.0-6 rebuilt on RH6x.  The same thing happens with
plain RC1.

SMTP Authentication seems to be disabled by default.

telnet localhost smtp, EHLO localhost doesn't show 'AUTH [...]' as
described in http://www.sendmail.org/~ca/email/auth.html.

A clip from maillog with debuglevel 13:
----
starting daemon (8.11.0): SMTP+queueing@01:00:00
NOQUEUE: connect from localhost [127.0.0.1]
error: safesasl(/usr/lib/sasl/Sendmail.conf) failed: No such file or directory
error: safesasl(/etc/sasldb) failed: No such file or directory
SASL: available mech=PLAIN LOGIN ANONYMOUS, allowed mech=GSSAPI KERBEROS_V4
DIGEST-MD5 CRAM-MD5
-----

It seems certain configuration files are missing, at least?
Comment 1 Todd Nemanich 2000-08-12 18:41:04 EDT
Created attachment 2435 [details]
sendmail mc file for sources
Comment 2 Todd Nemanich 2000-08-12 18:45:56 EDT
The listed problem seems to indicate that there is no Sendmail.conf in
/usr/lib/sasl. The contents of that file should be:
pwcheck_method: sasldb
or
pwcheck_method: PAM

In the case of PAM, sendmail will have to run as root, because PAM only allows
root to check passwords for users other than itself (THX Nalin).
	Also, in the case of sasldb being set as the pwcheck_method, someone has to run
saslpasswd first. I'm not sure if just touching the sasldb will do any good, I
think it still causes an error.
	I have an SRPM that was working on 6.2 that I can forward on if it is needed.
Comment 3 Pekka Savola 2000-08-13 03:25:15 EDT
Setting SASL password first (with saslpasswd), thus creating /etc/sasldb,
will make sendmail advertize DIGEST-MD5 method which is what I was looking for.

I kinda agree with Nalin that "plain" etc. probably shouldn't be an allowed
method yet, as the link isn't encrypted.

But perhaps TRUST_AUTH_MECH should be defined to something like
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl

(as above).  CRAM-MD5 is disabled while building cyrus-sasl anyway.


Comment 4 Nalin Dahyabhai 2000-08-14 13:04:07 EDT
Sendmail already runs as root.  Cyrus-SASL 1.5.24-4 will include CRAM support. 
Sendmail-8.11.0-7 will include a default Sendmail.conf to try to not confuse
people.  If a sasldb exists, both DIGEST and CRAM are advertised if supported by
Cyrus-SASL.

Note You need to log in before you can comment on or make changes to this bug.