Article <87ttchzi0e.fsf@jemoni.to>

Deutsch English Français Italiano
<87ttchzi0e.fsf@jemoni.to>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Wolfgang Agnes <wagnes@jemoni.to>
Newsgroups: comp.mail.sendmail
Subject: Re: sendmail AUTH
Date: Fri, 08 Nov 2024 15:40:17 -0300
Organization: A noiseless patient Spider
Lines: 127
Message-ID: <87ttchzi0e.fsf@jemoni.to>
References: <875xoy7jau.fsf@jemoni.to> <anfi+xghsks9vvf-ob85@wp.eu>
	<87ed3m575r.fsf@jemoni.to> <vglbcv$38n6p$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Date: Fri, 08 Nov 2024 19:40:21 +0100 (CET)
Injection-Info: dont-email.me; posting-host="0ce90ff5ab76d8fd78c052ae41c9ffd2";
	logging-data="3491336"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/vhqJwjkRCw2A8BW3cIQ083x+OuStZquk="
Cancel-Lock: sha1:A2P78j2R80vO7fgw3YVpuEnX094=
	sha1:DNJG6m0ohmNVs7Sv89orY0Qsz/E=
Bytes: 5413

kalevi@kolttonen.fi (Kalevi Kolttonen) writes:

> In comp.mail.sendmail Wolfgang Agnes <wagnes@jemoni.to> wrote:
>> Thanks!  Then I don't have support for authentication.
>> 
>> --8<-------------------------------------------------------->8---
>> 220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024
>> 07:51:24 -0300 (-03)
>> EHLO localhost
>> 250-my.host.name Hello localhost [127.0.0.1], pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-PIPELINING
>> 250-8BITMIME
>> 250-SIZE
>> 250-DSN
>> 250-ETRN
>> 250-STARTTLS
>> 250-DELIVERBY
>> 250 HELP
>> --8<-------------------------------------------------------->8---
>> 
>> I'll have to recompile Sendmail.
>
> Not necessarily. I cannot remember the exact conditions, but
> sometimes AUTH appears only after the client has issued
> STARTTLS to enable the encryption layer. Clients do EHLO again
> after the encryption layer is working.

Thanks!  I don't know how to investigate it further after I type
STARTTLS.  I believe that after I issue STARTTLS, I'd have to speak the
TLS protocol, which I don't know how.

By the way, I think you're thinking is good---you might be thinking that
sendmail wouldn't want credentials traveling in the clear, but I believe
it does accept that if we compile it with AUTH PLAIN, say.  I think
saying STARTTLS before will not be required.

The book 

  sendmail
  Bryan Costales, George Jansen
  & Claus Assmann with Gregory Neil Shapiro
  O'Reilly, 2007, fourth edition, ISBN 978-0-596-51029-9

seems to confirm that I don't have AUTH support.  On section 5.1.2.1, we
find:

--8<-------------------------------------------------------->8---
Before you install sendmail, test it to be sure the added SASL support
has worked.  You can do this by running sendmail from the directory in
which it was built. Note that you must do this as root:

# obj.*/sendmail/sendmail -bs -Am

Here, we run the newly built sendmail relative to the source
directory. The -bs tells sendmail to speak SMTP on its standard
input. The -Am tells sendmail to use its server configuration file (not
submit.cf), even though it is running in mail-submission mode.

Such a test session might look like this:

220 your.host.domain ESMTP Sendmail 8.14.1/8.14.1; Fri, 14 Dec 2007 11:43:02 -0700
(PST)
ehlo your.host.domain
250-your.host.domain Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5    <-- note this line
250-DELIVERBY
250 HELP
quit
221 2.0.0 your.host.domain closing connection

Here, the AUTH SMTP keyword appears, indicating that this site supports SASL
authentication and two modes of authentication as shown earlier.
--8<-------------------------------------------------------->8---

And here's my test:

--8<-------------------------------------------------------->8---
# /usr/sbin/sendmail -bs -Am
220 my.host.name ESMTP Sendmail 8.18.1/8.18.1; Fri, 8 Nov 2024 15:29:21 -0300 (-03)
help
214-2.0.0 This is sendmail version 8.18.1
214-2.0.0 Topics:
214-2.0.0       HELO    EHLO    MAIL    RCPT    DATA
214-2.0.0       RSET    NOOP    QUIT    HELP    VRFY
214-2.0.0       EXPN    VERB    ETRN    DSN     AUTH
214-2.0.0       STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0       http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
EHLO localhost
250-my.host.name Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
HELP                          <--- I lose the connection here
#
--8<-------------------------------------------------------->8---

In maillog, I find:

--8<-------------------------------------------------------->8---
Nov  8 15:29:44 my.host sendmail[16217]: tls_srv_features=(null), relay=(null) [0]
Nov  8 15:29:44 my.host sendmail[16217]: tls_srv_features=empty, stat=0, relay=(null) [0]
--8<-------------------------------------------------------->8---

besides other irrelevant lines.

I find curious, though, that if I don't have SASL support, why should I
see the command AUTH as the answer to HELP?  (I seem to have no
mechanism compiled-in for authentication.)