<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=Big5" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Alexander Dalloz wrote:<br>
<blockquote cite="mid46EEC4A2.9040201@uni-x.org" type="cite">
<pre wrap=""><a class="moz-txt-link-abbreviated" href="mailto:edwardspl@ita.org.mo">edwardspl@ita.org.mo</a> schrieb:
</pre>
<blockquote type="cite">
<pre wrap="">Hello Alex,
I just found the method ( the setting of mc file ) is fail ( password is
correct, but auth is fail )...
So, any more help ?
Edward.
</pre>
</blockquote>
<pre wrap=""><!---->
Please be specific about your setup!
Does saslauthd run (given that you use that)?
service saslauthd status
</pre>
</blockquote>
[root@host1 ~]# service saslauthd status<br>
saslauthd (pid 6223 6222 6221 6220 6219) is running...<br>
[root@host1 ~]#<br>
<br>
cat /etc/sysconfig/saslauthd<br>
<br>
[root@host1 ~]# cat /etc/sysconfig/saslauthd<br>
# Directory in which to place saslauthd's listening socket, pid file,
and so<br>
# on. This directory must already exist.<br>
SOCKETDIR=/var/run/saslauthd<br>
<br>
# Mechanism to use when checking passwords. Run "saslauthd -v" to get
a list<br>
# of which mechanism your installation was compiled with the ablity to
use.<br>
MECH=pam<br>
<br>
# Additional flags to pass to saslauthd on the command line. See
saslauthd(8)<br>
# for the list of accepted flags.<br>
FLAGS=<br>
[root@host1 ~]#<br>
<br>
cat /usr/lib/sasl2/Sendmail.conf<br>
<br>
[root@host1 ~]# cat /usr/lib/sasl2/Sendmail.conf<br>
pwcheck_method:saslauthd<br>
[root@host1 ~]#<br>
<br>
egrep -v '^#|^$' /etc/mail/sendmail.mc<br>
<br>
[root@host1 ~]# egrep -v '^#|^$' /etc/mail/sendmail.mc<br>
divert(-1)dnl<br>
dnl #<br>
dnl # This is the sendmail macro config file for m4. If you make
changes to<br>
dnl # /etc/mail/sendmail.mc, you will need to regenerate the<br>
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf
package is<br>
dnl # installed and then performing a<br>
dnl #<br>
dnl # make -C /etc/mail<br>
dnl #<br>
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl<br>
VERSIONID(`setup for linux')dnl<br>
OSTYPE(`linux')dnl<br>
dnl #<br>
dnl # Do not advertize sendmail version.<br>
dnl #<br>
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl<br>
dnl #<br>
dnl # default logging level is 9, you might want to set it higher to<br>
dnl # debug the configuration<br>
dnl #<br>
dnl define(`confLOG_LEVEL', `9')dnl<br>
dnl #<br>
dnl # Uncomment and edit the following line if your outgoing mail needs
to<br>
dnl # be sent out through an external mail server:<br>
dnl #<br>
dnl define(`SMART_HOST', `smtp.your.provider')dnl<br>
dnl #<br>
define(`confDEF_USER_ID', ``8:12'')dnl<br>
dnl define(`confAUTO_REBUILD')dnl<br>
define(`confTO_CONNECT', `1m')dnl<br>
define(`confTRY_NULL_MX_LIST', `True')dnl<br>
define(`confDONT_PROBE_INTERFACES', `True')dnl<br>
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl<br>
define(`ALIAS_FILE', `/etc/aliases')dnl<br>
define(`STATUS_FILE', `/var/log/mail/statistics')dnl<br>
define(`UUCP_MAILER_MAX', `2000000')dnl<br>
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl<br>
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl<br>
define(`confAUTH_OPTIONS', `A')dnl<br>
dnl #<br>
dnl # The following allows relaying if the user authenticates, and
disallows<br>
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links<br>
dnl #<br>
dnl define(`confAUTH_OPTIONS', `A p')dnl<br>
dnl #<br>
dnl # PLAIN is the preferred plaintext authentication method and used by<br>
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs
do<br>
dnl # use LOGIN. Other mechanisms should be used if the connection is
not<br>
dnl # guaranteed secure.<br>
dnl # Please remember that saslauthd needs to be running for AUTH.<br>
dnl #<br>
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl<br>
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl<br>
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl<br>
dnl define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl<br>
dnl #<br>
dnl # Rudimentary information on creating certificates for sendmail TLS:<br>
dnl # cd /usr/share/ssl/certs; make sendmail.pem<br>
dnl # Complete usage:<br>
dnl # make -C /usr/share/ssl/certs usage<br>
dnl #<br>
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl<br>
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl<br>
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl<br>
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl<br>
dnl #<br>
dnl # This allows sendmail to use a keyfile that is shared with
OpenLDAP's<br>
dnl # slapd, which requires the file to be readble by group ldap<br>
dnl #<br>
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl<br>
dnl #<br>
dnl define(`confTO_QUEUEWARN', `4h')dnl<br>
dnl define(`confTO_QUEUERETURN', `5d')dnl<br>
dnl define(`confQUEUE_LA', `12')dnl<br>
dnl define(`confREFUSE_LA', `18')dnl<br>
define(`confTO_IDENT', `0')dnl<br>
dnl FEATURE(delay_checks)dnl<br>
FEATURE(`no_default_msa', `dnl')dnl<br>
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl<br>
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl<br>
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl<br>
FEATURE(redirect)dnl<br>
FEATURE(always_add_domain)dnl<br>
FEATURE(use_cw_file)dnl<br>
FEATURE(use_ct_file)dnl<br>
dnl #<br>
dnl # The following limits the number of processes sendmail can fork to
accept<br>
dnl # incoming messages or process its message queues to 20.) sendmail
refuses<br>
dnl # to accept connections once it has reached its quota of child
processes.<br>
dnl #<br>
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl<br>
dnl #<br>
dnl # Limits the number of new connections per second. This caps the
overhead<br>
dnl # incurred due to forking new sendmail processes. May be useful
against<br>
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP
address<br>
dnl # limit would be useful but is not available as an option at this
writing.)<br>
dnl #<br>
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl<br>
dnl #<br>
dnl # The -t option will retry delivery if e.g. the user runs over his
quota.<br>
dnl #<br>
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl<br>
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl<br>
FEATURE(`blacklist_recipients')dnl<br>
EXPOSED_USER(`root')dnl<br>
dnl #<br>
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery
uncomment<br>
dnl # the following 2 definitions and activate below in the MAILER
section the<br>
dnl # cyrusv2 mailer.<br>
dnl #<br>
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl<br>
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl<br>
dnl #<br>
dnl # The following causes sendmail to only listen on the IPv4 loopback
address<br>
dnl # 127.0.0.1 and not on any other network devices. Remove the
loopback<br>
dnl # address restriction to accept email from the internet or intranet.<br>
dnl #<br>
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl<br>
dnl #<br>
dnl # The following causes sendmail to additionally listen to port 587
for<br>
dnl # mail from MUAs that authenticate. Roaming users who can't reach
their<br>
dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find<br>
dnl # this useful.<br>
dnl #<br>
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl<br>
dnl #<br>
dnl # The following causes sendmail to additionally listen to port 465,
but<br>
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587
followed<br>
dnl # by STARTTLS is preferred, but roaming clients using Outlook
Express can't<br>
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use
STARTTLS<br>
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1
uses smtps<br>
dnl # when SSL is enabled-- STARTTLS support is available in version
1.1.1.<br>
dnl #<br>
dnl # For this to work your OpenSSL certificates must be configured.<br>
dnl #<br>
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl<br>
dnl #<br>
dnl # The following causes sendmail to additionally listen on the IPv6
loopback<br>
dnl # device. Remove the loopback address restriction listen to the
network.<br>
dnl #<br>
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl<br>
dnl #<br>
dnl # enable both ipv6 and ipv4 in sendmail:<br>
dnl #<br>
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6,
Family=inet6')<br>
dnl #<br>
dnl # We strongly recommend not accepting unresolvable domains if you
want to<br>
dnl # protect yourself from spam. However, the laptop and users on
computers<br>
dnl # that do not have 24x7 DNS do need this.<br>
dnl #<br>
dnl FEATURE(`accept_unresolvable_domains')dnl<br>
dnl #<br>
dnl FEATURE(`relay_based_on_MX')dnl<br>
dnl #<br>
dnl # Also accept email sent to "localhost.localdomain" as local email.<br>
dnl #<br>
LOCAL_DOMAIN(`localhost.localdomain')dnl<br>
dnl #<br>
dnl # The following example makes mail from this host and any additional<br>
dnl # specified domains appear to be sent from mydomain.com<br>
dnl #<br>
dnl MASQUERADE_AS(`mydomain.com')dnl<br>
dnl #<br>
dnl # masquerade not just the headers, but the envelope as well<br>
dnl #<br>
dnl FEATURE(masquerade_envelope)dnl<br>
dnl #<br>
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com
as well<br>
dnl #<br>
dnl FEATURE(masquerade_entire_domain)dnl<br>
dnl #<br>
dnl MASQUERADE_DOMAIN(localhost)dnl<br>
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl<br>
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl<br>
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl<br>
MAILER(smtp)dnl<br>
MAILER(procmail)dnl<br>
dnl MAILER(cyrusv2)dnl<br>
[root@host1 ~]#<br>
<br>
Does testsaslauthd succeed?<br>
<br>
[edward@host1 ~]$ telnet localhost 25<br>
Trying 127.0.0.1...<br>
Connected to localhost.localdomain (127.0.0.1).<br>
Escape character is '^]'.<br>
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Tue, 18 Sep
2007 21:33:32 +0800<br>
ehlo localhost<br>
250-localhost.localdomain Hello host1 [127.0.0.1], pleased to meet you<br>
250-ENHANCEDSTATUSCODES<br>
250-PIPELINING<br>
250-8BITMIME<br>
250-SIZE<br>
250-DSN<br>
250-ETRN<br>
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN<br>
250-DELIVERBY<br>
250 HELP<br>
quit<br>
221 2.0.0 localhost.localdomain closing connection<br>
Connection closed by foreign host.<br>
[edward@host1 ~]$<br>
<br>
What is the exact logging of the AUTH error? Maybe increase the default<br>
<blockquote cite="mid46EEC4A2.9040201@uni-x.org" type="cite">
<pre wrap="">LOG_LEVEL from 9 to 15.</pre>
</blockquote>
Sorry, how to verify ?<br>
<br>
Edward.<br>
</body>
</html>