Sendmail + SASL2 Auth Error

sendmail

My sendmail config is like so:

/usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

We are running "saslauthd"

root 32102 1 0 81 0 - 1128 fcntl_ 11:37 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

When I saslauth with account name "cccc" everything works OK. But when I saslauth with account name "cccc@domain.com" it fails.

/var/log/messages
saslauthd[32103]: do_auth : auth failure: [user=cccc] [service=smtp] [realm=domain.com] [mech=pam] [reason=PAM auth error]

What's the problem?

Best Answer

Your saslauthd is using pam as the backend for authentication.

Mostly on a system the smtp/imap check is just a lookup of you system account.

And there are no system accounts like whatever@domain.com. So pam cannot find such a user and so rejecting authentication.

Take a look in /etc/pam.d/smtp

If you really want using pam, which I would suggest you, you can use a mysql table for your authentication or other fancy things. Take a look at pam-mysql e.g.

Either use a apropriate setup for you pam or use sasldb as a backend for sasalauthd

saslauthd -a sasldb

Then you can use the userland tool saslpasswd2 for setting up your accounts.

Where are the logs?

The default location depends on your linux/unix system, but the most common places are

/var/log/maillog
/var/log/mail.log
/var/adm/maillog
/var/adm/syslog/mail.log

If it's not there, look up /etc/syslog.conf. You should see something like this

mail.*         -/var/log/maillog

sendmail writes logs to the mail facility of syslog. Therefore, which file it gets written to depends on how syslog was configured.

If you system uses syslog-ng (instead of the more "traditional" syslog), then you'll have to look up your syslog-ng.conf file. You'll should something like this:

# This files are the log come from the mail subsystem.
#
destination mail     { file("/var/log/mail.log"); };
destination maillog  { file("/var/log/maillog"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr  { file("/var/log/mail.err"); };

Unable to send out emails?

One of the most common reason I've seen for a freshly installed sendmail not being able to send out emails is the DAEMON_OPTIONS being set to listen only on 127.0.0.1

See /etc/mail/sendmail.mc

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

If that's your case, remove the "Addr=127.0.0.1" part, rebuild your conf file and you're good to go!

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

[root@server]$ m4 sendmail.mc > /etc/sendmail.cf
[root@server]$/etc/init.d/sendmail restart

If you've been making changes to /etc/sendmail.cf manually thus far (instead of the *.m4 file) you can make similar changes in /etc/sendmail.cf. The offending line will look like this:

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

Change it to:

O DaemonPortOptions=Port=smtp, Name=MTA

After reading lots of articles on sendmail relay tls port 587 gmail, still having problems

You seem to have a small typo in your password declaration, so try the following:

AuthInfo:googlemail.com "U:user@gmail.com" "P:xyzzy" "M:PLAIN"
AuthInfo:google.com "U:user@gmail.com" "P:xyzzy" "M:PLAIN"

Do not forget to run makemap and rebuild authinfo.db:

makemap hash authinfo < authinfo

Best Answer

Related Solutions

Where to check log of sendmail

Where are the logs?

Unable to send out emails?

After reading lots of articles on sendmail relay tls port 587 gmail, still having problems

Related Topic