Re: Configuring SASL correctly for SMTP AUTH


Subject: Re: Configuring SASL correctly for SMTP AUTH
From: Edward Rudd (eddie at omegaware dot com)
Date: Wed May 28 2003 - 12:12:46 EDT


It seems as though you are running cyrus version 2.1.x which is compiled
against Sasl2... Is your SendMail compiled against sasl2?? if it's
compiled against sasl1 (which I am thinking it is) then that's your
problem.. Sasl1 does not use/have saslauthd as a pwcheck method..
you need to recompile sendmail with sasl2 support.. (I'm not sure on how
to do that one,, search the mailing list, I use postfix now)

As for why netscape is ALWAYS asking for a password when sending mail..
NEtscape 4.7.x has an annoying "bug" (well I think it is).. If the smtp
server CAN support authentication then netscape WILL use it.. I've seen
no way to disable it.. If you don't want netscape to authenticate then
have your mailserver NOT broadcast that it can..

On Wed, 2003-05-28 at 10:23, Mark London wrote:
> Excuse me if these questions sound dumb:
>
> Another person set up our cyrus imap with saslauthd authentication mechanism:
>
> imapd.conf: sasl_pwcheck_method: saslauthd
>
> I want to use the same username/passwords that are being used for imap, to be
> used for SMTP authentication in sendmail. So I defined pwcheck_method:
> saslauthd in /usr/local/lib/sasl/Sendmail.conf. I compiled sendmail with
> SASL. I defined PLAIN to be a trusted authentication method. Should this
> configuration work, and will it allow me to use SMTP authentication using
> either Eudora or Netscape Messenger, using the same username and passwords
> that you are used in imap? It unfortunately doesn't work, and the error
> message in /var/log/messages is:
>
> May 28 11:00:05 alcserv1 sendmail[15789]: unrecognized plaintext verifier
> saslauthd
>
> Bummer. I can't find out why this is happening. A configuration problem? A
> protection problem? Any ideas? Thanks. - Mark
>
> P.s. As an aside, with PLAIN authentication method enabled, Netscape 4.78
> seems to require entering a username and password, there doesn't seem to be a
> way to turn it off. Yeah this netscape is ancient, but it's hard to believe
> that this is the case, so if there's a better configuration that avoids this
> problem, I would appreciate knowing, although I realize this question might be
> better posed on another mailing list.

-- 
Edward Rudd <eddie at omegaware dot com>







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD