I have sendmail running on a RedHat 7.1 machine. I want to configure it to authenticate using either PLAIN or CRAM-MD5. I have it working with PLAIN (so I know the client works, I have the username/password correct, etc.) but CRAM-MD5 always returns "535 5.7.0 authentication failed". For testing I'm using a simple python script which uses the smtplib module; I'm assuming their implementation of CRAM-MD5 is correct.
It responds to EHLO with "AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN" and sends a challenge when I send "AUTH CRAM-MD5", so it does accept CRAM-MD5 requests but it refuses to authenticate them.
I know that CRAM-MD5 requires the server to have access to the plaintext passwords; is it possible that it doesn't? How can I tell and if not, how can I configure the machine so that it does?
I've added the username / password into /etc/mail/authinfo and run map hash /etc/mail/authinfo < /etc/mail/authinfo. There are no error messages in the /var/log/maillog file.
According to the sasl sysadmin doc,
However, some vendors may change the location of things at compile time, so
stringson the sasl binaries orstracemay be necessary to reveal where exactlysaslauthdis looking.This might help somebody...
When you run
sendmailconfigit says... "Unfortunately, there is no automagic way to migrate to /etc/sasldb2"Translated to me: something is wrong with it.
So I just deleted sasldb2 (figured it was messed up anyway.) Maybe that wasn't necessary, maybe I just needed to add my users to it?
In any case, I ran
saslpasswd2which I assume creates an empty database with no users. User authentication did not work until I ran...saslpasswd2 -c usernamewhich prompts for a password.And that works like a charm :-)
I'm using Debian 9 with sasl2-bin, which
sendmailconfigrecommends.