Red Hat Bugzilla – Bug 16064
SMTP Auth is not enabled by default
Last modified: 2008-05-01 11:37:57 EDT
This is sendmail-8.11.0-6 rebuilt on RH6x. The same thing happens with
SMTP Authentication seems to be disabled by default.
telnet localhost smtp, EHLO localhost doesn't show 'AUTH [...]' as
described in http://www.sendmail.org/~ca/email/auth.html.
A clip from maillog with debuglevel 13:
starting daemon (8.11.0): SMTP+queueing@01:00:00
NOQUEUE: connect from localhost [127.0.0.1]
error: safesasl(/usr/lib/sasl/Sendmail.conf) failed: No such file or directory
error: safesasl(/etc/sasldb) failed: No such file or directory
SASL: available mech=PLAIN LOGIN ANONYMOUS, allowed mech=GSSAPI KERBEROS_V4
It seems certain configuration files are missing, at least?
Created attachment 2435 [details]
sendmail mc file for sources
The listed problem seems to indicate that there is no Sendmail.conf in
/usr/lib/sasl. The contents of that file should be:
In the case of PAM, sendmail will have to run as root, because PAM only allows
root to check passwords for users other than itself (THX Nalin).
Also, in the case of sasldb being set as the pwcheck_method, someone has to run
saslpasswd first. I'm not sure if just touching the sasldb will do any good, I
think it still causes an error.
I have an SRPM that was working on 6.2 that I can forward on if it is needed.
Setting SASL password first (with saslpasswd), thus creating /etc/sasldb,
will make sendmail advertize DIGEST-MD5 method which is what I was looking for.
I kinda agree with Nalin that "plain" etc. probably shouldn't be an allowed
method yet, as the link isn't encrypted.
But perhaps TRUST_AUTH_MECH should be defined to something like
(as above). CRAM-MD5 is disabled while building cyrus-sasl anyway.
Sendmail already runs as root. Cyrus-SASL 1.5.24-4 will include CRAM support.
Sendmail-8.11.0-7 will include a default Sendmail.conf to try to not confuse
people. If a sasldb exists, both DIGEST and CRAM are advertised if supported by