This is sendmail-8.11.0-6 rebuilt on RH6x. The same thing happens with plain RC1. SMTP Authentication seems to be disabled by default. telnet localhost smtp, EHLO localhost doesn't show 'AUTH [...]' as described in http://www.sendmail.org/~ca/email/auth.html. A clip from maillog with debuglevel 13: ---- starting daemon (8.11.0): SMTP+queueing@01:00:00 NOQUEUE: connect from localhost [127.0.0.1] error: safesasl(/usr/lib/sasl/Sendmail.conf) failed: No such file or directory error: safesasl(/etc/sasldb) failed: No such file or directory SASL: available mech=PLAIN LOGIN ANONYMOUS, allowed mech=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 ----- It seems certain configuration files are missing, at least?
Created attachment 2435 [details] sendmail mc file for sources
The listed problem seems to indicate that there is no Sendmail.conf in /usr/lib/sasl. The contents of that file should be: pwcheck_method: sasldb or pwcheck_method: PAM In the case of PAM, sendmail will have to run as root, because PAM only allows root to check passwords for users other than itself (THX Nalin). Also, in the case of sasldb being set as the pwcheck_method, someone has to run saslpasswd first. I'm not sure if just touching the sasldb will do any good, I think it still causes an error. I have an SRPM that was working on 6.2 that I can forward on if it is needed.
Setting SASL password first (with saslpasswd), thus creating /etc/sasldb, will make sendmail advertize DIGEST-MD5 method which is what I was looking for. I kinda agree with Nalin that "plain" etc. probably shouldn't be an allowed method yet, as the link isn't encrypted. But perhaps TRUST_AUTH_MECH should be defined to something like TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl (as above). CRAM-MD5 is disabled while building cyrus-sasl anyway.
Sendmail already runs as root. Cyrus-SASL 1.5.24-4 will include CRAM support. Sendmail-8.11.0-7 will include a default Sendmail.conf to try to not confuse people. If a sasldb exists, both DIGEST and CRAM are advertised if supported by Cyrus-SASL.