Probably a silly question, but did you rebuild your sendmail.cf after
modifying the sendmail.mc?
Mike
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf
Of alex@xxxxxxxxxxxxxxx
Sent: Wednesday, July 06, 2005 1:16 PM
To: CentOS mailing list
Subject: sendmail + plain auth
I'm probably missing something obvious, but I can get sendmail to give me
AUTH PLAIN and LOGIN options.
What I have is fairly standard configuration. The relevant part of
sendmail.mc looks something like this:
define(`confCACERT_PATH',`/etc/ssl/certs')
define(`confCACERT',`/etc/ssl/ca-bundle.crt')
define(`confSERVER_CERT',`/etc/ssl/smtp.crt')
define(`confSERVER_KEY',`/etc/ssl/smtp.key')
define(`confAUTH_OPTIONS', `A p')
TRUST_AUTH_MECH(`EXTERNAL LOGIN PLAIN')
define(`confAUTH_MECHANISMS', `EXTERNAL LOGIN PLAIN')
DAEMON_OPTIONS(`Port=25, Name=MTA') DAEMON_OPTIONS(`Port=465, Name=TLSMTA,
M=s')
So basically, LOGIN and PLAIN should be offered when SSL/TLS is in use (but
not for plaintext sessions). However, when connecting over TLS, sendmail
doesn't advertise them:
$ openssl s_client -connect localhost:465 [ SSL/TLS handshake output
deleted, AES256 cipher was used ] 220 testbox.miliv.org ESMTP Unauthorized
access prohibited EHLO localhost 250-testbox.miliv.org Hello localhost
[127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING
250-8BITMIME 250-SIZE 250-DELIVERBY 250 HELP
Attempt to "brute-force" use them results in error (as expected):
AUTH PLAIN
504 5.3.3 AUTH mechanism PLAIN not available
I'm sure I'm missing something obvious here, probably a flag or two either
in confAUTH_OPTIONS or in DAEMON_OPTIONS, but couldn't dig out which.
Alraedy drank all coffe, and becoming desparate ;-)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
