Maybe I'm a bit slow, but I still don't get it. There's lots of
confusing information out there.
Basically, what I want to do is to enable relaying using smtp auth for
my users. Many of them are of course running an outlook client. No SSL
is neccessary, and I want to use their usual (shadow) password.

I take it I need authentication mechanism "OTP"?
I'm running slackware more or less out-of-the-box; using sendmail
8.13.8. OpenSSL and sasl2 was installed (as least it seems so) by
default. I actually configured an SSL certificate, and that seems to
work OK, but authentication from outlook still fails.

Tried to follow "http://www.sendmail.org/~ca/email/auth.html" but my
compiler doesn't seem to understand APPENDDEF(stuff).??

Do I need to recompile/reinstall sasl to enable support for shadow
passwords?
Part of my .mc file is attached below (the "OTP" mechanism I simply
added to the configuration, is there any other requirements?. All the
configures mechs *are* announced in the EHLO welcome message on my
server.

Also tried to add a user account into the SASL database but even those
credentials doesn't authenticate.

dnl# Allow SASL authentication/relaying:
define(`confAUTH_OPTIONS', `A y')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5
OTP')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5 OTP')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=E')dnl

Any help much appreciated.

hhnews1 [at] gmail.com unleashed the infinite monkeys on 31/10/2007 12:05
producing:
> Maybe I'm a bit slow, but I still don't get it. There's lots of
> confusing information out there.
> Basically, what I want to do is to enable relaying using smtp auth for
> my users. Many of them are of course running an outlook client. No SSL
> is neccessary, and I want to use their usual (shadow) password.
>
> I take it I need authentication mechanism "OTP"?

From memory it's either LOGIN or PLAIN, probably the former.

--
Rob MacGregor (BOFH)

Rule 37: "There is no 'overkill'. There is only 'open fire'
and 'I need to reload.'"

In article <1193832344.317909.208120 [at] d55g2000hsg.googlegroups.com>,
<hhnews1 [at] gmail.com> wrote:
>Maybe I'm a bit slow, but I still don't get it. There's lots of
>confusing information out there.
>Basically, what I want to do is to enable relaying using smtp auth for
>my users. Many of them are of course running an outlook client. No SSL
>is neccessary, and I want to use their usual (shadow) password.
>
>I take it I need authentication mechanism "OTP"?

I just got this working myself. Outlook (and Outlook Express) use
LOGIN. I found some documentation that they can also use NTLM, but
I could not find any information on how to set that up.

>I'm running slackware more or less out-of-the-box; using sendmail
>8.13.8. OpenSSL and sasl2 was installed (as least it seems so) by
>default. I actually configured an SSL certificate, and that seems to
>work OK, but authentication from outlook still fails.
>
>Tried to follow "http://www.sendmail.org/~ca/email/auth.html" but my
>compiler doesn't seem to understand APPENDDEF(stuff).??

See also "http://www.jonfullmer.com/smtpauth/". That is the "link
from Jon Fullmer" mentioned in the above page. The APPENDDEF
stuff should be devtools/Site/something.m4 (read the READMEs) and
will be handled by m4 when you run Build -c (I think that it is -c that
redoes the m4 stuff).

>
>Do I need to recompile/reinstall sasl to enable support for shadow
>passwords?

You have to run the saslauthd daemon with an argument of -a shadow
(or whatever is right for your system). You also have to put
pwcheck_method: saslauthd in Sendmail.conf. Again, see
"http://www.jonfullmer.com/smtpauth/".


>Part of my .mc file is attached below (the "OTP" mechanism I simply
>added to the configuration, is there any other requirements?. All the
>configures mechs *are* announced in the EHLO welcome message on my
>server.
>
>Also tried to add a user account into the SASL database but even those
>credentials doesn't authenticate.
>
>dnl# Allow SASL authentication/relaying:
>define(`confAUTH_OPTIONS', `A y')dnl
>define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5
>OTP')dnl
>TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5 OTP')dnl
>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
>DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=E')dnl
>
>Any help much appreciated.
>
--
Tom Schulz
schulz [at] adi.com