Hi team, I am trying to setup sendmail so I can send emails from my thunderbird client. I am able to receive emails in the thunderbird email client with no problem. However, trying to send from thunderbird is not working. (I setup sendmail to deliver
emails with the milter, dkim, spf, reverse dns pointer) It sends well.

I have ubuntu 18 and sendmail 8.15

I am using thunderbird mail client to download emails. It talks to dovecot daemon on my server. I use the /etc/passwd file for user information from the server. When sending an email from thunderbird it should talk to sendmail, which should use saslauthd
daemon to check the /etc/passwd file for SMTP AUTH.

I don't think its getting that far based on the error in the /var/log/mail.log. Thunderbird seems unable to communicate with sendmail when sending email.

Oct 30 15:19:53 {servername} dovecot: imap-login: Login: user=<admin>, method=PLAIN, rip=x.x.x.x, lip=y.y.y.y, mpid=12821, TLS, session=<wmYgYEXsOsqIHAl+>
Oct 30 15:20:14 {servername} sm-mta[12822]: STARTTLS=server, relay=[x.x.x.x], version=TLSv1.2, verify=NOT, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Oct 30 15:21:35 {servername} sm-mta[12822]: 29UJKCmH012822: [x.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Basically the way i read the error, it says the client does nothing and sendmail just waits. I have set thunderbird to "starttls" and "encrypted" password for the outbound emails.

I tried changing to port 587 on sendmail. The log looks the same. The 2nd line from the log seems to tell me that TLS connection started ok... My only other thought is that if the connection in encrypted then its expecting a PLAIN password. Do i need to
install the PLAIN mechnism in sendmail? Would this expose my password if i set thunderbird to plain? Would that be safe configuration?

Any advice appreciated... below are my setup details. THANKS! --jake

user@server:/usr/lib/sasl2$ telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost. Escape character is '^]'.
220 mydomain.com
ESMTP Sendmail 8.15.2/8.15.2/Debian-3;
Fri, 28 Oct 2022 20:55:45 -0400;
(No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
ehlo localhost
250-mydomain.com
Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP


/etc/mail/sendmail.mc:
define(`confAUTH_OPTIONS', `y')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl



sudo testsaslauthd -u admin -p {password here} 0: OK "Success."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

My only other thought is that if the connection in encrypted then its expecting a PLAIN password. Do i need to install the PLAIN mechnism in sendmail?

I guess yes. I have
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

[@]# rpm -qa | grep sasl
cyrus-sasl-lib-2.1.27-21.el9.x86_64
cyrus-sasl-2.1.27-21.el9.x86_64
cyrus-sasl-plain-2.1.27-21.el9.x86_64
cyrus-sasl-gssapi-2.1.27-21.el9.x86_64

Would this expose my password if i set thunderbird to plain?

No, the connection should be encrypted by then

Would that be safe configuration?

Yes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 21.12.2022 um 15:26:52 Uhr schrieb jake:

Basically the way i read the error, it says the client does nothing
and sendmail just waits. I have set thunderbird to "starttls" and
"encrypted" password for the outbound emails.

If you use port 587, STARTTLS is right. If you use 465
(DAEMONPORT_Options s-flag needed!), you need to use TLS (not STARTTLS).
If you require authentication (I recommend using that instead of
whitelisting IP addresses), you need to tell TB the auth details and
configure it so it actually logs in. Check you /var/log/auth.log for
the login (if using system accounts (UNIX PAM etc.)) and your sendmail
log. You can also disable STARTTLS/TLS to see the content of the
traffic to check if the correct SMTP commands are issued by TB.

My only other thought is that if the connection in encrypted then its expecting a PLAIN password. Do i need to install the PLAIN mechnism
in sendmail? Would this expose my password if i set thunderbird to
plain? Would that be safe configuration?

You need to enable the PLAIN mechanism in sendmail if you like to use
it.

250-AUTH DIGEST-MD5 CRAM-MD5

It is currently not enabled, check confAUTH_MECHANISMS in sendmail.mc.

AuthMechanisms (confAUTH_MECHANISMS)
defines a list of mechanisms which are offered at most for
authentication. This list is intersected with the list of
available (i.e., installed) mechanisms, and the result of the
intersection is listed in the AUTH keyword value for the EHLO
response. default: GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

http://www.sendmail.org/~ca/email/auth.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 21.12.2022 um 17:22:26 Uhr schrieb None:

I guess yes. I have
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

That controls which auth methods allow relaying:

Per default, relaying is allowed for any user who authenticated via
a "trusted" mechanism, i.e., one that is defined via
TRUST_AUTH_MECH(`list of mechanisms') For example:
TRUST_AUTH_MECH(`KERBEROS_V4 DIGEST-MD5')

If the selected mechanism provides a security layer the number of bits
used for the key of the symmetric cipher is stored in the macro
${auth_ssf}.

https://www.sendmail.org/~ca/email/doc8.12/cf/m4/smtp_auth.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)