Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SASL AUTH not working

Status
Not open for further replies.
DesertStorm

DesertStorm

Programmer
Jan 12, 2009
5
IN
Hi all,
I am getting following error when using the SASL AUTH in syslog :

unix sm-mta[1127]: unable to dlopen
/usr/lib/sasl2/libdigestmd5.sl.2:
Unresolved symbol: DES_key_sched (code) from
/usr/lib/sasl2/libdigestmd5.sl.2

unix sm-mta[1127]: unable to dlopen
/usr/lib/sasl2/libgssapiv2.sl.2:
Unresolved symbol: GSS_C_NT_HOSTBASED_SERVICE (data) from
/usr/lib/sasl2/libgssapiv2.sl.2

I think that it is due to the non updated ssl & kerberos library files.Can anybody help me ??

Thanks in advance.
 
Sort by date Sort by votes
Does saslauthd start without errors when the system boots? I'm not quit sure whatyou mean when you say you get errors when you try to use it. Are you saying that you get these errors when you try to authenticate during an smtp connection? If this is the case then check for these two lines in sendmail.mc:

Code: 
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

If this doesn't solve your problem, we may have to look into your saslauthd installation.

 
Upvote 0 Downvote
Thanks for your help
I added these lines in my .mc file and generated the new sendmail.cf file.But actually after doing this also I am not able to see the following thing when I did telnet 0 25 :

mariner# telnet 0 25
Trying...
Connected to 0.
Escape character is '^]'.
220 mariner ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1. 001:: HP-UX11.31 - 2nd April,2008/8.13.3; Tue, 20 Jan 2009 13:54:13 +0530 (IST)
EHLO localhost
250-mariner Hello root@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP


In these options I need starttls gssapi and other options .So there is problem in conf. only which I am unable to resolve.Can you help me in conf.
Thanks in advance

 
Upvote 0 Downvote
Here is a config that should work. Of course, you will need to add the lines that you require for uucp later but this will require the smtp server to authenticate the user before sending mail. All you should have to do is make sure saslauthd is running. My users have to setup their mail clients so that they send the same username/password to the smtp server that they send to the pop3 server.

Code: 
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Keep a backup of your current sendmail.mc file just incase things blow up. Save this to a file with a different name such as test.mc then use the m4 macro compiler as you did before:

m4 /etc/mail/test.mc > /etc/mail/sendmail.cf

I am assuming that your smtp server and pop3/imap server already work and that you just want to add smtp authentication. All we are doing at this point is tell sendmail to use the same authentication that the pop3 server uses. In other words, you should not need to configure any other type of authentication.

 
Upvote 0 Downvote
Thanks RhythmAce
I configured according to what you have suggested but still getting folllowing error:

Feb 2 20:50:28 mariner sendmail[18047]: unable to dlopen /usr/lib/sasl2/libgssapiv2.sl.2: Unresolved symbol: GSS_C_NT_HOSTBASED_SERVICE (data) from /usr/lib/sasl2/libgssapiv2.sl.2


also I am getting verify=NO in my email headers.I created my own certificates using OPENSSL.seems like nothing is working properly.Do you have any docs which can elaborate step by step procedure for configuring the sendmail for openSSL and cyrusSASL.I found out that it may be due to non updated kerberos.
Thanks in advance
 
Upvote 0 Downvote
It's been a few years since I've used cyrus. As I recall it was a major pain in the neck. I use sendmail with the configuration above and have saslauthd start at bootup which provides smtp authentication. I use dovecot for my pop3/imap server and have never had a problem. I use squirrelmail and horde to provide webmail. It seems like brute force attacks are an everyday occurrence and so far noone has gotten in.

I have a version of sendmail.mc that comes with sendmail. I'll post some of the lines you may need along with comments.

Code: 
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #


 dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #


dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #


MAILER(cyrusv2)dnl

My system uses the RPM package manager which allows me to use yum to update and install new packages. This come in very handy because yum looks for dependencies. This means if you install a package that requires other packages, it will install those also. Let me know if this doesn't work and I'll see if I have some old docs laying around. I went through this all before so maybe I'll be able to nake sense of them.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mikheil
  • Locked
  • Question
SMF Forum - sendmail not working
Replies
0
Views
642
Mikheil
Mikheil
SkyBlueKid
  • Locked
  • Question
Gmail transfer domain not working
Replies
0
Views
281
SkyBlueKid
SkyBlueKid
jamby
  • Locked
  • Question
system emails not being masqueraded while command line calls ar
Replies
0
Views
483
jamby
jamby
cndgk
  • Locked
  • Question
What might cause local-originated (submit.cf?) mail not to show up in syslog,but incoming mail does?
Replies
0
Views
819
cndgk
cndgk
shuajoh
  • Locked
  • Question
Sendmail + Cyrus-Sasl2 (SMTP Authentication)
Replies
0
Views
73
shuajoh
shuajoh

Part and Inventory Search

Sponsor

Back
Top