Greetings all-
I'm building a new corporate email server, and I'm combining the services of several boxes into one. The gist of this is, I am building a Fedora Core 3 box, all the latest distros, a sendmail server, a squid proxy server, and a CanIT spam server (all on one box). I have squid authenticating users against my Win2k active directory domain. I have sendmail authenticating users and mamilboxes against my active directory domain. The piece I'm missing is getting SMTP-AUTH to work.
I followed the process at but to no avail. I can do the first EHLO, and then STARTTLS. Then, any command I execute after that, it disconnects with an encryption error in my logs. I can send mail to anyone without authenticating (which is not good).
What I would like to achieve:
--have all user mailboxes authenticated against my active directory domain (instead of shadow localusers) - working!
--requre any mail relaying to be authenticated via SMTP-AUTH against my active directory domain - not working!
--require any mail relaying to be done encrypted via TLS - not working!
--permit local relaying without SMTP-AUTH (optional) - not working!
Symptoms (>=input, <=output):
>telnet localhost 25
<Connected to localhost.localdomain (127.0.0.1).
<220 comp.domain.com ESMTP Sendmail 8.13.1/8.13.1;
>EHLO LOCALHOST
<250-ENHANCEDSTATUSCODES
<250-PIPELINING
<250-8BITMIME
<250-SIZE
<250-DSN
<250-ETRN
<250-STARTTLS
<250-DELIVERBY
<250 HELP
>STARTTLS
<220 2.0.0 Ready to start TLS
>EHLO LOCALHOST
<Connection closed by foreign host.
***********
contents of maillog:
Aug 22 13:19:48 compname sendmail[11247]: STARTTLS=server, error: accept failed=-1, SSL_error=1, timedout=0, errno=0
Aug 22 13:19:48 compname sendmail[11247]: STARTTLS=server: 11247:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:585:
Aug 22 13:19:48 compname sendmail[11247]: j7MHJgl5011247: localhost.localdomain
[127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I will paste relevant info from my configs below:
*********************
*********************
sendmail.mc:
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OS Type OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `p,y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')
FEATURE(`accept_unresolvable_domains')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:15m;R:15m;E:15m')
*********************
*********************
/etc/mail/access
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
*********************
*********************
/etc/mail/domaintable = blank
/etc/mail/mailertable = blank
/etc/mail/virtusertable = blank
*********************
*********************
results of sendmail -d0.1 -bv
Version 8.13.1
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT
****************************
****************************
Any help anyone can offer would be very much appreciated.
Thanks!
-ben
Ben McMahon
I'm building a new corporate email server, and I'm combining the services of several boxes into one. The gist of this is, I am building a Fedora Core 3 box, all the latest distros, a sendmail server, a squid proxy server, and a CanIT spam server (all on one box). I have squid authenticating users against my Win2k active directory domain. I have sendmail authenticating users and mamilboxes against my active directory domain. The piece I'm missing is getting SMTP-AUTH to work.
I followed the process at but to no avail. I can do the first EHLO, and then STARTTLS. Then, any command I execute after that, it disconnects with an encryption error in my logs. I can send mail to anyone without authenticating (which is not good).
What I would like to achieve:
--have all user mailboxes authenticated against my active directory domain (instead of shadow localusers) - working!
--requre any mail relaying to be authenticated via SMTP-AUTH against my active directory domain - not working!
--require any mail relaying to be done encrypted via TLS - not working!
--permit local relaying without SMTP-AUTH (optional) - not working!
Symptoms (>=input, <=output):
>telnet localhost 25
<Connected to localhost.localdomain (127.0.0.1).
<220 comp.domain.com ESMTP Sendmail 8.13.1/8.13.1;
>EHLO LOCALHOST
<250-ENHANCEDSTATUSCODES
<250-PIPELINING
<250-8BITMIME
<250-SIZE
<250-DSN
<250-ETRN
<250-STARTTLS
<250-DELIVERBY
<250 HELP
>STARTTLS
<220 2.0.0 Ready to start TLS
>EHLO LOCALHOST
<Connection closed by foreign host.
***********
contents of maillog:
Aug 22 13:19:48 compname sendmail[11247]: STARTTLS=server, error: accept failed=-1, SSL_error=1, timedout=0, errno=0
Aug 22 13:19:48 compname sendmail[11247]: STARTTLS=server: 11247:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:585:
Aug 22 13:19:48 compname sendmail[11247]: j7MHJgl5011247: localhost.localdomain
[127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
I will paste relevant info from my configs below:
*********************
*********************
sendmail.mc:
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OS Type OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `p,y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/usr/share/ssl/certs')dnl
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')
FEATURE(`accept_unresolvable_domains')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:15m;R:15m;E:15m')
*********************
*********************
/etc/mail/access
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
*********************
*********************
/etc/mail/domaintable = blank
/etc/mail/mailertable = blank
/etc/mail/virtusertable = blank
*********************
*********************
results of sendmail -d0.1 -bv
Version 8.13.1
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT
****************************
****************************
Any help anyone can offer would be very much appreciated.
Thanks!
-ben
Ben McMahon
