How Sendmail Determines SASL Listening Location

linuxsaslsendmail

I'm trying to get SMTP-AUTH working on a Mint Linux 20.2 machine, and I'm having trouble getting authentication to happen. I have installed Cyrus sasl2, and apparently configured it properly – testsaslauthd -u <user> -p <password> -s smtp returns 0: OK "Success." But when I try to send mail from my client using the same credentials, sendmail can't authenticate. What is curious to me is that when I use testsaslauthd entries are generated in my auth log, but when Sendmail tries, there is nothing. Trying to use testsaslauthd from a non-root context also results in no auth entry, which leads me to believe that either sendmail does not have sufficient permission to connect to the sasl daemon, or that it doesn't know where that pipe is and is guessing wrong. So I guess the question is, how does sendmail find that pipe, and who is it being when it does that?

Best Answer

Is your sendmail compiled with SASL? check:

sendmail -d0 < /dev/null | grep SASL

it should list "SASLv2"

Did you activate it in "sendmail.mc" ? Example:

define(`confAUTH_MECHANISMS', `PLAIN LOGIN CRAM-MD5')dnl
define(`confAUTH_OPTIONS', `y')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN CRAM-MD5')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

Where are the logs?

The default location depends on your linux/unix system, but the most common places are

/var/log/maillog
/var/log/mail.log
/var/adm/maillog
/var/adm/syslog/mail.log

If it's not there, look up /etc/syslog.conf. You should see something like this

mail.*         -/var/log/maillog

sendmail writes logs to the mail facility of syslog. Therefore, which file it gets written to depends on how syslog was configured.

If you system uses syslog-ng (instead of the more "traditional" syslog), then you'll have to look up your syslog-ng.conf file. You'll should something like this:

# This files are the log come from the mail subsystem.
#
destination mail     { file("/var/log/mail.log"); };
destination maillog  { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr  { file("/var/log/mail.err"); };

Unable to send out emails?

One of the most common reason I've seen for a freshly installed sendmail not being able to send out emails is the DAEMON_OPTIONS being set to listen only on 127.0.0.1

See /etc/mail/sendmail.mc

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

If that's your case, remove the "Addr=127.0.0.1" part, rebuild your conf file and you're good to go!

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

[root@server]$ m4 sendmail.mc > /etc/sendmail.cf
[root@server]$/etc/init.d/sendmail restart

If you've been making changes to /etc/sendmail.cf manually thus far (instead of the *.m4 file) you can make similar changes in /etc/sendmail.cf. The offending line will look like this:

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

Change it to:

O DaemonPortOptions=Port=smtp, Name=MTA

Sendmail relay authentication

if FEATURE(`authinfo') is used, then the hostname in the map entry must match exactly the hostname of the ISP mailserver

See at your SMART_HOST + client-info

What is "U:", really?

Well, SMTP Authentication states in pure English

U user (authorization) id

I authentication id

...

User or authentication id must exist as well as the password. All other entries have default values. If one of user or authentication id is missing, the existing value is used for the missing item.

Best Answer

Related Solutions

Where to check log of sendmail

Where are the logs?

Unable to send out emails?

Sendmail relay authentication

Related Topic