One last problem, I think (fingers crossed).

I just installed Cyrus-sasl and rebuilt my sendmail-8.12.11. The build
went OK so I enabled auth in my sendmail.cf and created an authinfo.db.
From outside my network everything works perfectly. My SMTP login works
and the "define(`FALLBACK_MX', `esmtp:[smtp.att.yahoo.com]')dnl" I added
also works. When I try to connect from inside my network I get prompted
for my login password, but the password isn't accepted and I get the
password prompt 3 more times and then an error dialog box saying the
client didn't issue commands (I wrote the error down, but left it home).
Again, everything works perfectly outside of my network. Can someone point
me in the direction of a solution?

Thanks,
Rick

On 29.11.2007 20:31, Rick Knight wrote:
> One last problem, I think (fingers crossed).
>
> I just installed Cyrus-sasl and rebuilt my sendmail-8.12.11. The build
> went OK so I enabled auth in my sendmail.cf and created an authinfo.db.
> From outside my network everything works perfectly. My SMTP login works
> and the "define(`FALLBACK_MX', `esmtp:[smtp.att.yahoo.com]')dnl" I added
> also works. When I try to connect from inside my network I get prompted
> for my login password, but the password isn't accepted and I get the
> password prompt 3 more times and then an error dialog box saying the
> client didn't issue commands (I wrote the error down, but left it home).
> Again, everything works perfectly outside of my network. Can someone point
> me in the direction of a solution?
>
> Thanks,
> Rick

Do you run saslauthd with pam?
If yes:
you might want to put the line "pwcheck_method: saslauthd"
in "/usr/lib/sasl2/Sendmail.conf"?

-Ingo

> Do you run saslauthd with pam?
> If yes:
> you might want to put the line "pwcheck_method: saslauthd"
> in "/usr/lib/sasl2/Sendmail.conf"?
>
> -Ingo

Ingo,

When I built SASL I used --without-pam to not include pam support.

Thanks,
Rick

On Thu, 29 Nov 2007 19:31:26 +0000, Rick Knight wrote:

> client didn't issue commands (I wrote the error down, but left it home).
> Again, everything works perfectly outside of my network. Can someone
> point me in the direction of a solution?
>
> Thanks,
> Rick

These are the errors I get in my maillog...

Nov 29 17:39:01 mail sm-mta[1843]: lAU1cEHI001843: [172.16.88.25] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Nov 29 17:39:25 mail sm-mta[1847]: lAU1d6d2001847: [172.16.88.25]:
possible SMTP attack: command=AUTH, count=4

Any ideas?

Thanks,
Rick Knight

On 29.11.2007 23:00, Rick Knight wrote (please find the answer below the original text):
>
> Ingo,
>
> When I built SASL I used --without-pam to not include pam support.
>
> Thanks,
> Rick

why?
If your system is running linux I suggest to compile sasl with pam
because most linux systems use pam system wide for authentication
purposes, so why not sasl?

-Ingo.

On 30.11.2007 06:00, Rick Knight wrote (please find the answer below the original text):
> On Thu, 29 Nov 2007 19:31:26 +0000, Rick Knight wrote:
>
>> client didn't issue commands (I wrote the error down, but left it home).
>> Again, everything works perfectly outside of my network. Can someone
>> point me in the direction of a solution?
>>
>> Thanks,
>> Rick
>
> These are the errors I get in my maillog...
>
> Nov 29 17:39:01 mail sm-mta[1843]: lAU1cEHI001843: [172.16.88.25] did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> Nov 29 17:39:25 mail sm-mta[1847]: lAU1d6d2001847: [172.16.88.25]:
> possible SMTP attack: command=AUTH, count=4
>
> Any ideas?
>
> Thanks,
> Rick Knight

what is the mechanism for sasl authentication in your system?
pam: we already talked about that.
sasldb: look for howto create a sasldb[2]

-Ingo

On 29.11.2007 20:31, Rick Knight wrote (please find the answer below the original text):
> One last problem, I think (fingers crossed).
>
> I just installed Cyrus-sasl and rebuilt my sendmail-8.12.11. The build
> went OK so I enabled auth in my sendmail.cf and created an authinfo.db.
> From outside my network everything works perfectly. My SMTP login works
> and the "define(`FALLBACK_MX', `esmtp:[smtp.att.yahoo.com]')dnl" I added
> also works. When I try to connect from inside my network I get prompted
> for my login password, but the password isn't accepted and I get the
> password prompt 3 more times and then an error dialog box saying the
> client didn't issue commands (I wrote the error down, but left it home).
> Again, everything works perfectly outside of my network. Can someone point
> me in the direction of a solution?
>
> Thanks,
> Rick


did you compile sendmail with SASL support?

in sendmail-x.xx.x/devtools/Site/site_config.m4 with:
dnl # for use with SMTP AUTHENTICATION
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')dnl path to sasl2 includes
APPENDDEF(`confENVDEF', `-DSASL')dnl
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')dnl

-Ingo

>
> why?
> If your system is running linux I suggest to compile sasl with pam
> because most linux systems use pam system wide for authentication
> purposes, so why not sasl?
>
> -Ingo.

Ingo,

The mail server is on slackware. Slackware doesn't use pam, and the
instructions I followed specifically said not to.

Thanks,
Rick

>
> did you compile sendmail with SASL support?
>
> in sendmail-x.xx.x/devtools/Site/site_config.m4 with:
> dnl # for use with SMTP AUTHENTICATION
> APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')dnl path to sasl2 includes
> APPENDDEF(`confENVDEF', `-DSASL')dnl
> APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')dnl
>
> -Ingo

Ingo,

When I added SASL (v1) support I added all the above lines to my sendmail
m4 file. Sendmail -d0.1 -bt shows SASL installed, and outside of my
private lan everything works.

Also, i'm using shadow as my auth mechanism. Sendmail.conf contains just
one line...
pwcheck_method: shadow

and everything is working from outside my private network.

Thanks again,
Rick

Am 30.11.2007 17:30, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
>
>
> Also, i'm using shadow as my auth mechanism. Sendmail.conf contains just
> one line...
> pwcheck_method: shadow
>
> and everything is working from outside my private network.
>

well, what does it mean "from outside..."?

How sendmail is used from outside?
Is sendmail used for relaying which means you call sendmail
on your server from outside to send mails
or is sendmail only receiving mails from outside to deliver
them to mailboxes (this way there normally is no authentification)?

The other thing is:
for what did you compile sendmail with sasl and dont use it
then.

You might have a look at:
http://slackwiki.org/Sendmail_TLS_SASL_SMTP-AUTH

where it seems to be showed very clearly how to setup
sendmail in your environment.

After following those recomendations without unsuccessfully
give a call again.

-Ingo

Am 30.11.2007 21:44, schrieb Ingo (Antwort folgt unter dem Originaltext):
> Am 30.11.2007 17:30, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
>>
>
> After following those recomendations without unsuccessfully
> give a call again.
>
Sorry for my English, it has been a long day and I lack concentration.
Better:
After following those recomendations without success give a call again.
You might post the content of your "sendmail.mc" file then.

-Ingo

On Fri, 30 Nov 2007 21:51:55 +0100, Ingo wrote:

> Am 30.11.2007 21:44, schrieb Ingo (Antwort folgt unter dem Originaltext):
>> Am 30.11.2007 17:30, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
>>>
>>
>> After following those recomendations without unsuccessfully
>> give a call again.
>>
> Sorry for my English, it has been a long day and I lack concentration.
> Better:
> After following those recomendations without success give a call again.
> You might post the content of your "sendmail.mc" file then.
>
> -Ingo

Ingo,
your English is fine. I don't where you're from but I'm sure I don't speak
your language at all.

I'll look at that url from you previous message and see if I can get
things working.

Thanks,
Rick

On Fri, 30 Nov 2007 21:44:32 +0100, Ingo wrote:

> Am 30.11.2007 17:30, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
>>
>>
>> Also, i'm using shadow as my auth mechanism. Sendmail.conf contains just
>> one line...
>> pwcheck_method: shadow
>>
>> and everything is working from outside my private network.
>>
>
> well, what does it mean "from outside..."?
>
> How sendmail is used from outside?
> Is sendmail used for relaying which means you call sendmail
> on your server from outside to send mails
> or is sendmail only receiving mails from outside to deliver
> them to mailboxes (this way there normally is no authentification)?
>
> The other thing is:
> for what did you compile sendmail with sasl and dont use it
> then.
>
> You might have a look at:
> http://slackwiki.org/Sendmail_TLS_SASL_SMTP-AUTH
>
> where it seems to be showed very clearly how to setup
> sendmail in your environment.
>
> After following those recomendations without unsuccessfully
> give a call again.
>
> -Ingo

Ingo,

What I mean by outside? I have home network on a dynamic IP (can't afford
static just now). I have a firewall/router that routes traffic to my
internal private network (172.16.88.0). The mail server is in this private
network and the router uses PORTFW to forward smtp, imap and pop3 to my
mail server. Outside is the internet. From the internet side everything
works perfectly. Inside, on my home network I am unable to login to
sendmail using authSMTP. Why am I trying to use auth SMTP? Because I need
to connect to my mail server from the internet. Also, I need to use auth
to connect to a FALLBACK_MX that is my ISPs mail server. SASL allows me to
do these things. Is there an easier way?

Thanks,
Rick

Am 30.11.2007 22:56, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
> On Fri, 30 Nov 2007 21:44:32 +0100, Ingo wrote:
>
>> Am 30.11.2007 17:30, schrieb Rick Knight (Antwort folgt unter dem Originaltext):
>>>
>>> Also, i'm using shadow as my auth mechanism. Sendmail.conf contains just
>>> one line...
>>> pwcheck_method: shadow
>>>
>>> and everything is working from outside my private network.
>>>
>> well, what does it mean "from outside..."?
>>
>> How sendmail is used from outside?
>> Is sendmail used for relaying which means you call sendmail
>> on your server from outside to send mails
>> or is sendmail only receiving mails from outside to deliver
>> them to mailboxes (this way there normally is no authentification)?
>>
>> The other thing is:
>> for what did you compile sendmail with sasl and dont use it
>> then.
>>
>> You might have a look at:
>> http://slackwiki.org/Sendmail_TLS_SASL_SMTP-AUTH
>>
>> where it seems to be showed very clearly how to setup
>> sendmail in your environment.
>>
>> After following those recomendations without unsuccessfully
>> give a call again.
>>
>> -Ingo
>
> Ingo,
>
> What I mean by outside? I have home network on a dynamic IP (can't afford
> static just now). I have a firewall/router that routes traffic to my
> internal private network (172.16.88.0). The mail server is in this private
> network and the router uses PORTFW to forward smtp, imap and pop3 to my
> mail server. Outside is the internet. From the internet side everything
> works perfectly. Inside, on my home network I am unable to login to
> sendmail using authSMTP. Why am I trying to use auth SMTP? Because I need
> to connect to my mail server from the internet. Also, I need to use auth
> to connect to a FALLBACK_MX that is my ISPs mail server. SASL allows me to
> do these things. Is there an easier way?
>
> Thanks,
> Rick

I think now I know why for you "all from outside" is ok.
sendmail is used to deliver mails to your lokal mailbox(es) but
not as a relay. If you used it for relaying you would notice
SMTP AUTH not working either.
There are different ways for SMTP AUTH:
client: sendmail acts as delivery client moving mails forward to your
SMART_HOST (FALLBACK) and needs to authentificate itself to the
receiving host. That's what you need it for and it seems to work.
server: sendmail acts as relay (eg. from inside of your LAN) and if not
switched off it wants SMTP AUTH to. There is an easy way to switch
SMTP AUTH off for your private LAN (where normally it is not really
neccessary): put a line like following into your access-file:
/etc/mail/access
172.16.88^^^^^RELAY
tab(s)
and make a new access.db (in /etc/mail):
makemap hash access.db < access
If you think you need SMTP AUTH for all, use the way which is described
in the link.

-Ingo.