Re: sasl, sendmail, solaris, pam

• Previous message: Simon Brady: "Re: Warning about your e-mail account."
• Next in thread: Félix Izquierdo: "Re: sasl, sendmail, solaris, pam"
• Maybe reply: Félix Izquierdo: "Re: sasl, sendmail, solaris, pam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Claus Assmann wrote:

>>define(`confAUTH_MECHANISMS', `PLAIN')
>>define(`confAUTH_OPTIONS', `p,y')

> see doc/op/op.* in your sendmail distribution:

> AuthOptions
> p don't permit mechanisms susceptible to simple
> passive attack (e.g., PLAIN, LOGIN), unless a
> security layer is active.

> Hence you have to use STARTTLS before you can see
> AUTH PLAIN
>
> For initial testing, you should remove 'p'.

Hmm, I tried this. The behavior did not change.

: (r) voyager:/etc/mail/config; gdiff -u warthog.mailhost.mc.before.rob
warthog.mailhost.mc
--- warthog.mailhost.mc.before.rob Tue Mar 2 21:19:01 2004
+++ warthog.mailhost.mc Tue Mar 2 21:19:11 2004
@@ -91,7 +91,6 @@
  # `SASL stuff'
  TRUST_AUTH_MECH(`PLAIN DIGEST-MD5 CRAM-MD5')
  define(`confAUTH_MECHANISMS', `PLAIN')
-define(`confAUTH_OPTIONS', `p,y')
  FEATURE(`no_default_msa')
  DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')

: (r) voyager:/etc/mail/config; m4 -D_CF_DIR_=./cf/ ./cf/m4/cf.m4
warthog.mailhost.mc > warthog.mailhost.cf
: (r) voyager:/etc/mail/config; /usr/lib/sendmail -O LogLevel=14 -bs -Am
-C ./warthog.mailhost.cf
220 warthog.com ESMTP Sendmail 8.12.11/8.12.11; Tue, 2 Mar 2004 21:21:41
-0600 (CST)
EHLO localhost
250-warthog.com Hello root at localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE 10485760
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
QUIT
221 2.0.0 warthog.com closing connection

syslog reports the same as before:

Mar 2 21:21:41 voyager sendmail[2956]: [ID 801593 mail.info] NOQUEUE:
connect from root at localhost
Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.info]
STARTTLS=server, Diffie-Hellman init, key=512 bit (1)
Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.info]
STARTTLS=server, init=1
Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.warning] AUTH
warning: no mechanisms
Mar 2 21:21:41 voyager sendmail[2956]: [ID 801593 mail.info]
i233Lf9l002956: Milter: no active filter
Mar 2 21:21:45 voyager sendmail[2956]: [ID 801593 mail.info]
i233Lf9l002956: root at localhost did not issue MAIL/EXPN/VRFY/ETRN during
connection to stdin

ugh, this is killing me. :)

Rob++

-- 
Internet: windsor at warthog dot com                             __o
Life: Rob at Carrollton dot Texas dot USA dot Earth                    _`\<,_
                                                        (_)/ (_)
"They couldn't hit an elephant at this distance."
   -- Major General John Sedgwick

• Previous message: Simon Brady: "Re: Warning about your e-mail account."
• Next in thread: Félix Izquierdo: "Re: sasl, sendmail, solaris, pam"
• Maybe reply: Félix Izquierdo: "Re: sasl, sendmail, solaris, pam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]