Hi. I have been using various clients to connect to my sendmail
server using port 587 and using starttls to encrypt the connections
and then using the plain mechanism to send the user name and password
to authenticate.
Last day or so this has stopped working -- I don't know that I changed anything (famous last words),
So, after all that, anyone have an idea as to how to fix?
Thanks.
saslauthd is running, but it seems to ignore the Sendmail.conf .
I used openssl s_client to connect to my sendmail, it was happy with
the certs, but in response to the ehlo gives me no auth line at all.
Very strange.
On 5/4/22 7:31 AM, John Covici wrote:
Hi. I have been using various clients to connect to my sendmail
server using port 587 and using starttls to encrypt the connections
and then using the plain mechanism to send the user name and password
to authenticate.
Last day or so this has stopped working -- I don't know that I changed anything (famous last words),
Assume that your configuration is at least acceptable until you
have a reason to think otherwise.
So, after all that, anyone have an idea as to how to fix?
Start with the simpler thing first.
Is the SASL authentication daemon running?
Did your (START)TLS certificate expire? Contemporary clients may
silently refuse to use expired certs.
Thanks.
You're welcome.
Feel free to poke things and respond with more questions /
details / errors / etc.
I do have a submit.mc file, but I have not changed this at all.
What is strange to me is that if I do saslauthd -v should not I get everything that my Sendmail.conf has?
I can check an old backup and see if I have one for my sendmail.mc and
get back.
On 5/5/22 10:39 AM, John Covici wrote:I do have a submit.mc file, but I have not changed this at all. What
saslauthd is running, but it seems to ignore the Sendmail.conf .
I think it's the other way around.
Sendmail is told to support authentication via one or more
methods, one of which can be SASL and co.
The actual SASL auth daemon just listens on a unix socket and /
or TCP port for clients to test authentication pairs, returning a
pass fail type message.
I used openssl s_client to connect to my sendmail, it was happy
with the certs, but in response to the ehlo gives me no auth
line at all.
:-/
Very strange.
Very annoying, definitely.
I don't know if it's strange yet or not. I think the strangeness
will be confirmed or refuted after finding out why Sendmail isn't
offering AUTH options.
My favorite thing to turn to when things that used to work and
now don't is to restore a backup of the configuration file and
compare them. Can you do that with your sendmail.cf or
sendmail.mc file?
There's also a chance that it's your submit.cf or submit.mc file
since we're talking about the MSA on port 587. (Unless you
aren't using the separate MSA which has been standard for 15+
years.)
On 5/5/22 10:39 AM, John Covici wrote:
saslauthd is running, but it seems to ignore the Sendmail.conf .
I think it's the other way around.
Sendmail is told to support authentication via one or more
methods, one of which can be SASL and co.
The actual SASL auth daemon just listens on a unix socket and /
or TCP port for clients to test authentication pairs, returning a
pass fail type message.
I used openssl s_client to connect to my sendmail, it was happy
with the certs, but in response to the ehlo gives me no auth
line at all.
:-/
Very strange.
Very annoying, definitely.
I don't know if it's strange yet or not. I think the strangeness
will be confirmed or refuted after finding out why Sendmail isn't
offering AUTH options.
My favorite thing to turn to when things that used to work and
now don't is to restore a backup of the configuration file and
compare them. Can you do that with your sendmail.cf or
sendmail.mc file?
There's also a chance that it's your submit.cf or submit.mc file
since we're talking about the MSA on port 587. (Unless you
aren't using the separate MSA which has been standard for 15+
years.)
--
Grant. . . .
unix || die
On 5/6/22 4:09 AM, John Covici wrote:
So, I restored all the files, I could like sendmail.mc and the Sendmail.conf, but no joy, still no authentication
mechanisms. I restored them to about first of April.
Well darn. :-/
This still leads me to saslauthd.
I didn't mean to imply that it /wasn't/ SASL, just that the two
are separate.
Have you been maintaining your sendmail.cf via the sendmail.mc
file? Or are there unaccounted for hand edits? -- I'll often
test new things in sendmail.cf directly and then promote them to
sendmail.mc once I have identified what I want.
Likewise with submit.cf / submit.mc.
Would you be willing to share your sendmail.mc and submit.mc
files? Feel free to "REDACT" things as necessary. (Please make
sure it's easy to tell what is redacted.)
So, I restored all the files, I could like sendmail.mc and the
Sendmail.conf, but no joy, still no authentication mechanisms.
I restored them to about first of April.
This still leads me to saslauthd.
On 5/6/22 4:09 AM, John Covici wrote:
So, I restored all the files, I could like sendmail.mc and the Sendmail.conf, but no joy, still no authentication
mechanisms. I restored them to about first of April.
Well darn. :-/
This still leads me to saslauthd.
I didn't mean to imply that it /wasn't/ SASL, just that the two
are separate.
Have you been maintaining your sendmail.cf via the sendmail.mc
file? Or are there unaccounted for hand edits? -- I'll often
test new things in sendmail.cf directly and then promote them to
sendmail.mc once I have identified what I want.
Likewise with submit.cf / submit.mc.
Would you be willing to share your sendmail.mc and submit.mc
files? Feel free to "REDACT" things as necessary. (Please make
sure it's easy to tell what is redacted.)
--
Grant. . . .
unix || die
So, I went on to the sasl mailing list and someone found a patch --
seems to be available for the freebsd port, and the patch was specific
to sendmail and dev-libs/cyrus-sasl 2.1.28. I modified it for gentoo
and it fixed everything up! I wonder if I should file this somewhere
-- funny no one else noticed this before -- I saw nothing on bgo.
On 5/12/22 8:42 AM, John Covici wrote:OK, I will see if I can find the maintainer, I saw lots of references
So, I went on to the sasl mailing list and someone found a
patch -- seems to be available for the freebsd port, and the
patch was specific to sendmail and dev-libs/cyrus-sasl 2.1.28.
I modified it for gentoo and it fixed everything up! I wonder
if I should file this somewhere -- funny no one else noticed
this before -- I saw nothing on bgo.
Hi John,
I'm glad that you found a solution.
I'm sorry that I've not responded to your detailed message yet.
Life / $WORK has been really busy this week. I was planing on
giving your message the attention it deserved this weekend.
Yes, I suspect that a patch or at least a bug report to Gentoo
would be good.
I'd suggest starting communications with the Gentoo package
maintainer if there is no better place. I expect that they will
receive the patch and / or redirect you somewhere better.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 302 |
Nodes: | 16 (2 / 14) |
Uptime: | 97:58:57 |
Calls: | 6,766 |
Calls today: | 4 |
Files: | 12,295 |
Messages: | 5,376,385 |
Posted today: | 1 |