If you are one of the 20 or so people who saw this query elsewhere, my apologies for repeating this, but I got no responses there at all.
For reasons I can't get into at the moment, I'm authenticating to an
SMB domain (using Samba 4.9.5 on a Debian host as the DC, if it
matters) with a Mint Linux server in the domain with Samba 4.11.6
using Sendmail 8.15.2. I have Thunderbird on a third, Windows
machine. The mail server also has Dovecot 2.3.7.2 installed. From Thunderbird, I can view, open and manipulate mailboxes with domain credentials. However, I cannot send mail, the same credentials that
work to open the mailbox via Dovecot fail password validation when
trying to send to port 587 on Sendmail. I do have a local account for
the domain user, I'm told Dovecot needs that in order to keep its
data. It seems to me that I somehow have to tell Sendmail to use the
domain credentials rather than the local ones, but while I can see how
to tell it how to accept credentials from the mail client, I don't see
how to tell it how to authenticate them. Am I missing something?
Thunderbird, I can view, open and manipulate mailboxes with domain credentials. However, I cannot send mail, the
same credentials that work to open the mailbox via Dovecot fail password validation when trying to send to port
587 on Sendmail. I do have a local account for the domain user, I'm told Dovecot needs that in order to keep its
For reasons I can't get into at the moment, I'm authenticating to
an SMB domain (using Samba 4.9.5 on a Debian host as the DC, if it
matters) with a Mint Linux server in the domain with Samba 4.11.6 using Sendmail 8.15.2. I have Thunderbird on a third, Windows machine. The
mail server also has Dovecot 2.3.7.2 installed. From Thunderbird, I can
view, open and manipulate mailboxes with domain credentials. However,
I cannot send mail, the same credentials that work to open the mailbox
via Dovecot fail password validation when trying to send to port 587
on Sendmail. I do have a local account for the domain user, I'm told
Dovecot needs that in order to keep its data. It seems to me that I
somehow have to tell Sendmail to use the domain credentials rather
than the local ones, but while I can see how to tell it how to accept credentials from the mail client, I don't see how to tell it how to authenticate them. Am I missing something?
Is the domain account integration complete enough that you can run "id"
on "user@domain" and get back similar information as when run against
the "user" unix account?
Have you considered using MSA (port 587 server) provided by dovecot?
Yes; I get the same response back for both "id user" and "id
user@domain" except that the groups are listed in a slightly different
order. The user "user" has GID "user", group named after the user;
the user "user@domain" does not include that group but shoes GID
"Domain Users".
sendmail use Cyrus-SASL - so that's where you have to look.
You need to tell Cyrus-SASL2 which "backend" to use (for
autentication).
Check whether there is any documentation for it specific to your
system, otherwise you have to look into the generic info.
So I'm not going to quote all that went before because it's beginning
to look like I'm barking up a stump here.
Sep 6 13:06:37 xxmail sm-mta[94855]: 186K6b0F094855: Milter (greylist): local socket name /var/run/milter-greylist/milter-greylist.sock unsafe
Sep 6 13:06:37 xxmail sm-mta[94855]: 186K6b0F094855: Milter (greylist): to error state
Sep 6 13:06:42 xxmail sm-mta[94855]: 186K6b0F094855: [10.2.0.162] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP
From this it would appear that the milter is getting the connection
before Sendmail is, and it's not getting through the greylist
milter.
Gives me a whole new place to investigate. I've had problems with
the milter failing this way on another system years ago, and now I
have to try and recall how I dealt with it.
name /var/run/milter-greylist/milter-greylist.sock unsafe
From this it would appear that the milter is getting the connection before Sendmail
Charles Wangersky wrote:
From this it would appear that the milter is getting the connection before SendmailThat is impossible because sendmail provides the information to the milter. --
Then I don't know what is going on. Thunderbird reports bad password, and asks for a
new one. Sendmail, on the other hand, reports the milter is unhappy, and that Thunderbird has gone away without doing anything. I will try to find the fine documentation - all I've found so far is the man pages - and will correct that... but
On Monday, September 6, 2021 at 10:31:50 PM UTC-7, Claus Aßmann wrote:
Charles Wangersky wrote:
From this it would appear that the milter is getting the connection >before SendmailThat is impossible because sendmail provides the information to the milter. >> --
Then I don't know what is going on. Thunderbird reports bad password,
and asks for a new one. Sendmail, on the other hand, reports the milter
is unhappy, and that Thunderbird has gone away without doing anything. I
will try to find the fine documentation - all I've found so far is the
man pages - and will correct that... but the longer I look at this the
loster I seem to get.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 89:17:40 |
Calls: | 6,658 |
Files: | 12,203 |
Messages: | 5,334,026 |