I'm trying to set up my sendmail to authenticate against a relay (comcast). I'm not seeing any attempts to authenticate at all. I'm trying to just debug how authentication works, and can't connect all the pieces...
I have, in my .mc file:
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`SMART_HOST', `relay:smtp.comcast.net.')dnl
define(`confAUTH_MECHANISMS', `PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/client-info')dnl
And in my /etc/mail/client-info:
AuthInfo:*.comcast.net "U:root" "I:comcast_user" "P:comcast_password"
Now, I know everything is fine with the u/p, as I could authenticate directly through SMTP, using telnet.
There are two things I don't understand.
When AuthInfo records are searched for, they are matched by the target hostname. How? Does it it use the map key (something I would expect), or uses the so-called "Domain" ("R:" parameter that I don't set in my auth-info line)
What is "U:", really? Sendmail README (http://www.sendmail.org/m4/smtp_auth.html) says it's "user(authoraztion id)", and "I:" is "authentication ID". That suggests that my username should be in "U:", actually, but http://www.sendmail.org/~ca/email/auth.html says that "I:" is your remote user name.
The session looks like this:
[root@manticore]/etc/mail# sendmail -qf -v
Warning: Option: AuthMechanisms requires SASL support (-DSASL)
Running /var/spool/mqueue/p97CgcWq023273 (sequence 1 of 399)
[email protected]... Connecting to smtp.comcast.net. port 587 via relay...
220 omta19.westchester.pa.mail.comcast.net comcast ESMTP server ready
>>> EHLO my.host.name
250-omta19.westchester.pa.mail.comcast.net hello [my.ip.add.res], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 15728640
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-STARTTLS
250 OK
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO my.host.name
250-omta19.westchester.pa.mail.comcast.net hello [my.ip.add.res], pleased to meet you
250-HELP
250-AUTH LOGIN PLAIN
250-SIZE 15728640
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 OK
>>> MAIL From:<> SIZE=2183
550 5.1.0 Authentication required
MAILER-DAEMON... aliased to postmaster
postmaster... aliased to root
root... aliased to [email protected]
postmaster... aliased to root
root... aliased to [email protected]
>>> RSET
250 2.0.0 OK
[root@manticore]/etc/mail# sendmail -d0.1
Version 8.14.3
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF
SOCKETMAP STARTTLS TCPWRAPPERS USERDB XDEBUG
Thanks, Pawel.
See at your SMART_HOST + client-info
Well, SMTP Authentication states in pure English
My solution was very simple. Default OpenBSD sendmail doesn't have SASL flag set, and can not do any authentication, even plain text. I actually expected that SASL is only used for "advanced" authentication. My -d0.1 output clearly shows no SASL flag.
For those who have the same issue: this page (http://theory14.wordpress.com/2009/06/16/openbsd-smtp-authtls-imaps-proxy/) vaguely (it's not a step-by-step how-to-fix-OpenBSD-sendmail-for-SASL page) explains on the necessary steps to go through. Basically, -- download userland source, and rebuild sendmail with -DSASL flag.
P.S. I think, the "U:" is really the user that runs sendmail, where "I:" is the user to authenticate to the client.