# Sendmail SMTP AUTH Problems

## trupoet

Well I've been trying to secure a couple linux servers and my last unneeded service to shutdown is sendmail. We do still need to be able to send mail but no need to relay so the service shouldn't need to be running.

So I pointed my box to our real mail server in submit.cf with:

D{MTAHost}serverhostname

Where serverhostname is the mail server's actual name.

That worked great. 

Well the other servers are outside the firewall and they need to be able to do basic smtp authentication and on port 26.

I can't for the life of me find any info on submit.cf options in general let alone how you can configure it to point to port 26 of the MTA host instead of port 25. I tried:

D{MTAHost}serverhostname:26

but that doesn't seem to be working correctly and it seems to still be sending on port 25. 

Not only that but the smtp service running on port 26 also requires smtp basic authentication. 

For that, I've setup a file /etc/mail/authinfo that contains:

AuthInfo:serverhostname "U:username" "P:password"

where username and password are the actual smtp authenticating username/password. 

Now in submit.cf, I also have a line:

Sauthinfo

which I'm assuming somehow connects to the /etc/mail/authinfo file but at this point, not sure.

Any help appreciated.

I have tried: AuthInfo:servername:26 to no avail as well.Last edited by trupoet on Fri Apr 21, 2006 11:47 pm; edited 1 time in total

----------

## trupoet

Ok well got half of this solved

After hours of searching the net, a coworker threw me this:

 *Quote:*   

> 
> 
> Q3.39 -- How do I send using an alternate port?
> 
> Date: May 5, 2002
> ...

 

I just went with the first option and made all mail goto port 26 and now it actually is trying to do that because now I get errors in the syslog saying it can't authenticate haha:

sendmail[6836]: k3KNYHiN006836: to=$email ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=XXXXX, relay=serverhostname. [serverip], dsn=XXXXX, stat=Deferred: XXXXX Client does not have permission to submit mail to this server.

So now to figure out the authentication part

----------

## zeek

If all you want is local mail on the machine to go somewhere you don't need to run the daemon, just start a qrunner every x minutes from cron like this: `sendmail -q`.

The submit.mc file is used to configure the MSA daemon listening on port 587.

http://www.sendmail.org/~gshapiro/8.10.Training/DaemonPortOptions.html

----------

## trupoet

Well basically it's already doing better than that....it's immediately sending mail once sendmail is triggered and no daemon is ever running.

Right now I'm just trying to figure out how to get SMTP PLAIN or LOGIN authentication working.

Keep getting the following error in the syslog when trying to send now:

SYSERR(root): hash map "authinfo": unsafe map file /etc/mail/msp-authinfo.db: Permission denied

Permissions on that file and directory are 600 and the user that owns the whole /etc/mail dir is smmsp. 

Not sure what I'm missing here.....seems like a simple fix that I'm missing.

----------

## trupoet

Ok I finally got that error msg to go away by trying all kinds of permissions and finding out the authinfo needed execute perm for some weird reason.

so now I'm trying to get sendmail to authenticate....it just doesn't seem to even want to look at the authinfo or default-auth-info files. 

I packet sniffed with ethereal and I get something like this:

 *Quote:*   

> 
> 
> 220 servername Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Fri, 21 Apr 2006 16:09:13 -0700
> 
> EHLO computername
> ...

 

It doesnt ever try an AUTH statement, no matter what I try. 

submit.mc = 

 *Quote:*   

> 
> 
> divert(0)dnl
> 
> VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
> ...

 

And sendmail.mc = 

 *Quote:*   

> 
> 
> divert(-1)
> 
> divert(0)dnl
> ...

 

Like I said I've tried using authinfo and default-auth-info and in either case, I get the same packets showing up where no AUTH command is even being generated by sendmail to the server. Anyone know what I'm missing?

EDIT: Oh and yes, I do generate the actual cf files by doing:

m4 submit.mc > submit.cf

m4 sendmail.mc > sendmail.cf

----------

## zeek

 *trupoet wrote:*   

> Well basically it's already doing better than that....it's immediately sending mail once sendmail is triggered and no daemon is ever running.

 

I'm not sure how this is possible.  Either the daemon is running or the messages sit in clientmqueue until a qrunner starts.  Run `netstat -lp` and look for sendmail daemons running (that you didn't think were running).

----------

## zeek

 *trupoet wrote:*   

> SYSERR(root): hash map "authinfo": unsafe map file /etc/mail/msp-authinfo.db: Permission denied
> 
> Permissions on that file and directory are 600 and the user that owns the whole /etc/mail dir is smmsp.

 

It must be owned by root.

----------

## zeek

 *trupoet wrote:*   

> 
> 
> submit.mc = 
> 
> 

 

submit.mc is not the file you are looking for.

 *trupoet wrote:*   

> 
> 
> And sendmail.mc = 
> 
>  *Quote:*   
> ...

 

Did you make the db file with something like:

```

makemap hash /etc/mail/authinfo < /etc/mail/authinfo

```

----------

## trupoet

Hi thanks for the help

Yes I did make the db file using that command exactly.

As for daemons running, I'll try netstat -lp but the whole point of this exercise is to NOT have sendmail running as daemon...I've disabled sendmail running as a daemon, actually I never actually ever started it up as a daemon nor did I rc-update it to a runlevel.

I thought how it worked was that submit.mc (or .cf rather) pointed to localhost 127.0.0.1 for relay when you try to send an email....then if sendmail was running on 127.0.0.1 (on your box as a daemon), it would relay.

I'm trying to avoid this and therefore setup submit.mc/cf to point to our actual mail server for relaying.....so all that is happening when I use sendmail is that it acts like a CLIENT to the smtp server I point it to in submit configs.....but no daemon is running, no messages are being queued on my box, it's all instant.

This used to work just fine when going to our anonymous relay on port 25...but they want me to make it authenticate the smtp which they have running on port 26. (this is all on their exchange server that the submit files are pointing to).

So I know that sending with no daemon works just fine, no cron job runs to start up sendmail....when I send an email via sendmail, it instantly shows up in my exchange inbox. 

I've read so many guides on setting up SMTP AUTH but most of them involve setting up for sendmail as a daemon...I really just want to get it working for submissions using no daemon (which works currently with no auth). I have found some guides that say how to set it up for sendmail as a client but I've done everything in those guides and still when I packet sniff the smtp traffic, sendmail refuses to give an AUTH LOGIN message let alone use the credentials specified in either authinfo or default-auth-info.

----------

