Re: sasl, sendmail, solaris, pam

From: Rob Windsor (windsor at warthog dot com)
Date: Tue Mar 02 2004 - 22:27:16 EST

  • Next message: Chris Murley: "unsubscribe"

    Claus Assmann wrote:

    >>define(`confAUTH_MECHANISMS', `PLAIN')
    >>define(`confAUTH_OPTIONS', `p,y')

    > see doc/op/op.* in your sendmail distribution:

    > AuthOptions
    > p don't permit mechanisms susceptible to simple
    > passive attack (e.g., PLAIN, LOGIN), unless a
    > security layer is active.

    > Hence you have to use STARTTLS before you can see
    > AUTH PLAIN
    >
    > For initial testing, you should remove 'p'.

    Hmm, I tried this. The behavior did not change.

    : (r) voyager:/etc/mail/config; gdiff -u warthog.mailhost.mc.before.rob
    warthog.mailhost.mc
    --- warthog.mailhost.mc.before.rob Tue Mar 2 21:19:01 2004
    +++ warthog.mailhost.mc Tue Mar 2 21:19:11 2004
    @@ -91,7 +91,6 @@
      # `SASL stuff'
      TRUST_AUTH_MECH(`PLAIN DIGEST-MD5 CRAM-MD5')
      define(`confAUTH_MECHANISMS', `PLAIN')
    -define(`confAUTH_OPTIONS', `p,y')
      FEATURE(`no_default_msa')
      DAEMON_OPTIONS(`Port=587, Name=MSA, M=E')

    : (r) voyager:/etc/mail/config; m4 -D_CF_DIR_=./cf/ ./cf/m4/cf.m4
    warthog.mailhost.mc > warthog.mailhost.cf
    : (r) voyager:/etc/mail/config; /usr/lib/sendmail -O LogLevel=14 -bs -Am
    -C ./warthog.mailhost.cf
    220 warthog.com ESMTP Sendmail 8.12.11/8.12.11; Tue, 2 Mar 2004 21:21:41
    -0600 (CST)
    EHLO localhost
    250-warthog.com Hello root at localhost, pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-EXPN
    250-VERB
    250-8BITMIME
    250-SIZE 10485760
    250-DSN
    250-ETRN
    250-STARTTLS
    250-DELIVERBY
    250 HELP
    QUIT
    221 2.0.0 warthog.com closing connection

    syslog reports the same as before:

    Mar 2 21:21:41 voyager sendmail[2956]: [ID 801593 mail.info] NOQUEUE:
    connect from root at localhost
    Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.info]
    STARTTLS=server, Diffie-Hellman init, key=512 bit (1)
    Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.info]
    STARTTLS=server, init=1
    Mar 2 21:21:41 voyager sendmail[2956]: [ID 702911 mail.warning] AUTH
    warning: no mechanisms
    Mar 2 21:21:41 voyager sendmail[2956]: [ID 801593 mail.info]
    i233Lf9l002956: Milter: no active filter
    Mar 2 21:21:45 voyager sendmail[2956]: [ID 801593 mail.info]
    i233Lf9l002956: root at localhost did not issue MAIL/EXPN/VRFY/ETRN during
    connection to stdin

    ugh, this is killing me. :)

    Rob++

    -- 
    Internet: windsor at warthog dot com                             __o
    Life: Rob at Carrollton dot Texas dot USA dot Earth                    _`\<,_
                                                            (_)/ (_)
    "They couldn't hit an elephant at this distance."
       -- Major General John Sedgwick
    

  • Next message: Chris Murley: "unsubscribe"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD