×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

SASL AUTH not working

SASL AUTH not working

SASL AUTH not working

(OP)
Hi all,
  I am getting following error when using the SASL AUTH in syslog :

unix sm-mta[1127]: unable to dlopen
       /usr/lib/sasl2/libdigestmd5.sl.2:
        Unresolved symbol: DES_key_sched (code)  from
        /usr/lib/sasl2/libdigestmd5.sl.2

unix sm-mta[1127]: unable to dlopen
       /usr/lib/sasl2/libgssapiv2.sl.2:
       Unresolved symbol: GSS_C_NT_HOSTBASED_SERVICE (data)  from
       /usr/lib/sasl2/libgssapiv2.sl.2

I think that it is due to the non updated ssl & kerberos library files.Can anybody help me ??

Thanks in advance.

RE: SASL AUTH not working

Does saslauthd start without errors when the system boots?  I'm not quit sure whatyou mean when you say you get errors when you try to use it.  Are you saying that you get these errors when you try to authenticate during an smtp connection?  If this is the case then check for these two lines in sendmail.mc:

CODE


TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

If this doesn't solve your problem, we may have to look into your saslauthd installation.

 

RE: SASL AUTH not working

(OP)
Thanks for your help
I added these lines in my .mc file and generated the new sendmail.cf file.But actually after doing this also I am not able to see the following thing when I did telnet 0 25 :

mariner# telnet 0 25
Trying...
Connected to 0.
Escape character is '^]'.
220 mariner ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.                                             001:: HP-UX11.31 - 2nd April,2008/8.13.3; Tue, 20 Jan 2009 13:54:13 +0530 (IST)
EHLO localhost
250-mariner Hello root@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP


In these options I need starttls gssapi and other options .So there is problem in conf. only which I am unable to resolve.Can you help me in conf.
Thanks in advance

 

RE: SASL AUTH not working

Here is a config that should work.  Of course, you will need to add the lines that you require for uucp later but this will require the smtp server to authenticate the user before sending mail.  All you should have to do is make sure saslauthd is running.  My users have to setup their mail clients so that they send the same username/password to the smtp server that they send to the pop3 server.

CODE


divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Keep a backup of your current sendmail.mc file just incase things blow up.  Save this to a file with a different name such as test.mc then use the m4 macro compiler as you did before:

m4 /etc/mail/test.mc > /etc/mail/sendmail.cf

I am assuming that your smtp server and pop3/imap server already work and that you just want to add smtp authentication.  All we are doing at this point is tell sendmail to use the same authentication that the pop3 server uses.  In other words, you should not need to configure any other type of authentication.

 

RE: SASL AUTH not working

(OP)
Thanks RhythmAce
 I configured according to what you have suggested but still getting folllowing error:

Feb  2 20:50:28 mariner sendmail[18047]: unable to dlopen /usr/lib/sasl2/libgssapiv2.sl.2: Unresolved symbol: GSS_C_NT_HOSTBASED_SERVICE (data)  from /usr/lib/sasl2/libgssapiv2.sl.2


also I am getting verify=NO in my email headers.I created my own certificates using OPENSSL.seems like nothing is working properly.Do you have any docs which can elaborate step by step procedure for configuring the sendmail for openSSL and cyrusSASL.I found out that it may be due to non updated kerberos.
Thanks in advance   

RE: SASL AUTH not working

It's been a few years since I've used cyrus.  As I recall it was a major pain in the neck.  I use sendmail with the configuration above and have saslauthd start at bootup which provides smtp authentication.  I use dovecot for my pop3/imap server and have never had a problem.  I use squirrelmail and horde to provide webmail.  It seems like brute force attacks are an everyday occurrence and so far noone has gotten in.

I have a version of sendmail.mc that comes with sendmail.  I'll post some of the lines you may need along with comments.

CODE


dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #


 dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #


dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #


MAILER(cyrusv2)dnl

My system uses the RPM package manager which allows me to use yum to update and install new packages.  This come in very handy because yum looks for dependencies.  This means if you install a package that requires other packages, it will install those also.  Let me know if this doesn't work and I'll see if I have some old docs laying around.  I went through this all before so maybe I'll be able to nake sense of them.

  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close