Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Jul 2009 16:01:24 +0800
From:      "Reed Lai" <reedlai@hotmail.com>
To:        "FreeBSD Question" <freebsd-questions@freebsd.org>
Subject:   Re: SMTP Authentication
Message-ID:  <SNT121-DS18FFEA0FFD32E09E6E3A6CBD130@phx.gbl>
In-Reply-To: <4A713F34.5050404@cia.com>
References:  <SNT121-DS22FFA13B8EF7D0C809E5EEBD120@phx.gbl><SNT121-DS3913F7028CC66BC1DB91DBD120@phx.gbl><4A710A2F.1030407@cia.com>	<SNT121-DS3A839A2860EC867519737BD130@phx.gbl><SNT121-DS20B22A0DCF9EF49120C4C9BD130@phx.gbl> <4A713F34.5050404@cia.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Yes, the new server leaks LOGIN in the 250-AUTH list!

New server
=========
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5

Functional server
==============
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN

I have checked the generated .cf file in the new server and there are class 
and option listed

C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN

The new server has same configuration to old server, but has not LOGIN in 
the 250-AUTH list.
BTW, the new server has hostname changed once... I don't know if it does 
matter or not..

Reed

From: Ihor Prystay
Sent: Thursday, July 30, 2009 2:35 PM
To: freebsd-questions@freebsd.org
Subject: Re: SMTP Authentication


Tray telnet to port 25 of your working SMTP server and compare the output.
Check
250-AUTH <list of supported auth mech>
According to the provided log from the working server it should be LOGIN
mech available in the list, which is not present on the new server.

Ihor


Reed Lai wrote:
> The maillog does not log the sm-mta: AUTH=server action. The functional
> server has the AUTH=server action logged. How do I debug from this
> different?
>
> Reed
>
> From: Reed Lai
> Sent: Thursday, July 30, 2009 11:51 AM
> To: FreeBSD Questions
> Subject: Re: SMTP Authentication
>
>
> The mail client is Windows Live Mail and it work well with the functional
> server. Its SMTP authenication should be ok.
>
> Reed
>
>
> From: Ihor Prystay
> Sent: Thursday, July 30, 2009 10:49 AM
> To: freebsd-questions@freebsd.org
> Subject: Re: SMTP Authentication
>
>
> your working server does support LOGIN mech while other one dosn't.
> I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
> auth, usually it's PLAIN or/and LOGIN.
>
> Ihor
>
>
>
> Reed Lai wrote:
>> Instruction of the "SMTP AUTO in sendmail 8.10-8.13" to test the Sendmail
>>
>> banyan# sendmail -d0.1 -bv root
>> Version 8.14.2
>> Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
>>                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
>> SASLv2
>>                SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
>>
>> ============ SYSTEM IDENTITY (after readcf) ============
>>      (short domain name) $w = banyan
>>  (canonical domain name) $j = banyan...com
>>         (subdomain name) $m = ..com
>>              (node name) $k = banyan...com
>> ========================================================
>>
>> root... deliverable: mailer local, user root
>>
>> banyan# telnet localhost 25
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
>> +0800 (CST)
>> ehlo localhost
>> 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-8BITMIME
>> 250-SIZE
>> 250-DSN
>> 250-ETRN
>> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
>> 250-DELIVERBY
>> 250 HELP
>>
>> The Sendmail test seems OK
>> But the SMTP authentication does not work from my mail client.
>>
>> Reed
>>
>>
>> From: Reed Lai
>> Sent: Wednesday, July 29, 2009 5:37 PM
>> To: freebsd-questions@freebsd.org
>> Subject: SMTP Authentication
>>
>>
>> Hi,
>>
>> I have two freebsd mail servers both configured SMTP authentication:
>>
>>    FreeBSD Handbook 28.10 SMTP Authenticatin
>>    http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
>>
>>    SMTP AUTO in sendmail 8.10-8.13
>>    http://www.sendmail.org/~ca/email/auth.html
>>
>> One is functional, and the other one doesn't seem to work. Compare the
>> maillogs of the two servers, there is an AUTH=server message appear in
>> the
>> functional server, but the other one has not.
>>
>> The maillog of functional server
>> ======================
>> Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-....net
>> [59...147], authid=a660407, mech=LOGIN, bits=0
>> Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=<reedlai@...>,
>> size=1430, class=0, nrcpts=1,
>> msgid=<40F9CC65E8874D128639A39C1EEBD410@ReedXP>, proto=ESMTP,
>> daemon=IPv4,
>> relay=59-...net [59...147]
>>
>> The other one
>> =========
>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt,
>> arg1=<reedlai@...>, relay=59-...-147.HINET-IP.hinet.net [59...147],
>> reject=550 5.7.1 <reedlai@...>... Relaying denied
>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=<reedlai@...>,
>> size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4,
>> relay=59-...-147.HINET-IP.hinet.net [59...147]
>>
>> It seems the other one's smtp authentication is not trigged.
>>
>> Please help or tip me for something I forget.
>>
>> Thank you!
>>
>> Reed
>>
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe@freebsd.org"
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe@freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SNT121-DS18FFEA0FFD32E09E6E3A6CBD130>