# more /etc/sasl2/Sendmail.conf
pwcheck_method:saslauthd
# egrep -v "^#" /etc/sysconfig/saslauthd
SOCKETDIR=/var/run/saslauthd
MECH=pam
FLAGS=-d
# cat /etc/pam.d/smtp
#%PAM-1.0
auth include password-auth
account include password-auth
I'm having an issue when using "AUTH LOGIN" but not in every case.
*Port 25:
SENDMAIL -
235 2.0.0 OK Authenticated
SASLAUTHD -
saslauthd[26872] :released accept lock
saslauthd[26871] :acquired accept lock
saslauthd[26872] :auth success: [user=USER] [service=smtp] [realm=] [mech=pam]
saslauthd[26872] :response: OK
---
*Port 587:
SENDMAIL -
235 2.0.0 OK Authenticated
SASLAUTHD -
saslauthd[26871] :released accept lock
saslauthd[26875] :acquired accept lock
saslauthd[26871] :auth success: [user=USER] [service=smtp] [realm=] [mech=pam]
saslauthd[26871] :response: OK
---
*Port 25 STARTTLS:
SENDMAIL (Via openssl s_client -connect)
RENEGOTIATING
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = MYSERVERNAME
verify return:1
(I HIT RETURN HERE)
535 5.7.0 authentication failed
SASLAUTHD-
saslauthd[26875] :released accept lock
saslauthd[26875] :NULL password received
saslauthd[26875] :acquired accept lock
---
*Port 465
SENDMAIL - (Via openssl s_client -connect)
RENEGOTIATING
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = MYSERVERNAME
verify return:1
(I HIT RETURN HERE)
535 5.7.0 authentication failed
SASLAUTHD-
saslauthd[26875] :released accept lock
saslauthd[26874] :acquired accept lock
saslauthd[26875] :NULL password received
---
*testsaslauthd non existent service -
TESTSASLAUTHD -
0: NO "authentication failed"
SASLAUTHD-
saslauthd[26873] :released accept lock
saslauthd[26872] :acquired accept lock
saslauthd[26873] :auth failure: [user=USER] [service=nonexistant] [realm=] [mech=pam] [reason=PAM auth error]
---
*testsaslauthd smtp service
TESTSASLAUTHD -
0: OK "Success."
SASLAUTHD -
saslauthd[26872] :released accept lock
saslauthd[26871] :acquired accept lock
saslauthd[26872] :auth success: [user=user] [service=smtp] [realm=] [mech=pam]
saslauthd[26872] :response: OK
---
I'm not sure why things work fine during plaintext, and then gives ":NULL password received" when it's STARTTLS / SSL.
Any pointers to look / tweak / etc?
Tnx, Tuc
Hi,
So with some more debugging, I'm learning that with my normal password, and variations of it, it continues that RENEGOTIATION and it never sends the actual data to sendmail. Same if I use it in the user field
Example passwords that do this:
REFQQVNTV09SRA==
RE9XSm9uZXM=
RGl3YWxp
I'm also finding that some passwords (Trying for the heck of it) go straight from "334 UGFzc3dvcmQ6" to "DONE". Just like that, nothing else. Same for going from "334 VXNlcm5hbWU6" to "DONE".
Examples of passwords that do this:
Q2hlY2tpbmdBY2NvdW50
Q2hhbmdlLm9yZw==
Any ideas?
Tnx, Tuc
On Mon, Sep 21, 2020 at 1:40 PM Scott Ellentuch <tuctboh@xxxxxxxxx> wrote:
