To cut down on the possibility of spam, I'm trying to set up SMTPAUTH on my Sendmail (8.14.4 on Mint MATE 17.1 x64) installation. Users can retrieve mail from the server with IMAP or POP (using Dovecot), but cannot send mail.
First, the daemon options in my M4 file:
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Name=MTALocal,Address=127.0.0.1,Family=inet')
DAEMON_OPTIONS(`Name=MTA,Address=192.168.1.110,Family=inet')
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Name=MSA,Address=192.168.1.110,Family=inet,Port=587,Modifiers=E')
DAEMON_OPTIONS(`Name=MSALocal,Address=127.0.0.1,Family=inet,Port=587,Modifiers=E')
Because I'm using Thunderbird as a client, Sendmail must have PLAIN or LOGIN available. Thunderbird is set to connect to the server at port 587. (I know 192.168.x.x is not routable. My firewall is set to forward ports 587 and 25 to 192.168.1.110. I do have a static routable IP on the outside of the firewall.) The authentication section of my M4 file:
dnl # Forms of authentication allowed
TRUST_AUTH_MECH(`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
Aware of the problem with pushing credentials in plaintext I am. Set up to use STARTTLS I have. TLS negotiates successfully, and I have confirmed that TLS works by using OpenSSL to make a connection to my mail server and sent commands through that. When Sendmail installed, it also created the PAM installation that would provide SMTP authentication. (There are PAM annexes for SMTP and Dovecot, both.)
When I provide valid credentials to my SMTP server, it responds
535 5.7.0 authentication failed
There is nothing in the PAM logs that conclusively says that Sendmail asked for credentials. All that is in the mail logs is the usual "disconnected without providing SEND/ETRN".
What should I be looking at? Any ideas how to fix this?
0 Answers