Page 1 of 1
Scalix does not authenticate at the smarthost
Posted: Mon Jul 24, 2006 11:04 am
by ScalixB
I use SCALIX Community Edition 10.0.1 on OpenSuSE 10.0 and I want to send all external e-mail through a smarthost (SMTP with TLS). Therefore I changed /etc/sendmail.cf and addded ...
Code: Select all
# "Smart" relay host (may be null)
DSmail.mysmarthost.net
# authinfo list database: contains info for authentication as client
Kauthinfo hash -o /etc/mail/auth/auth-info
# list of authentication mechanisms
O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN PLAINThen I added ...
Code: Select all
AuthInfo:mail.mysmarthost.net "U:relay@mysmarthost.net" "I:relay@mysmarthost.net" "P:ThePWforTheRelayAccount" "M:CRAM-MD5"... to /etc/mail/auth/auth-info and made the ...
Code: Select all
makemap hash auth-info < auth-info... as described on
http://www.scalix.com/wiki/index.php?ti ... notes/SMTP.
If I now try to send a message to an external address (e.g.
external.recipient@gmx.net), I get this reply:
Code: Select all
The original message was received at Tue, 25 Jul 2006 04:38:30 +0700
from localhost [127.0.0.1]
----- The following addresses had permanent fatal errors -----
<external.recipient@gmx.net>
(reason: 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1))
----- Transcript of session follows -----
... while talking to mail.mysmarthost.net.:
>>> DATA
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)
550 5.1.1 <external.recipient@gmx.net>... User unknown
<<< 503 RCPT first (#5.5.1)
----- Inline Message Follows -----
To: external.recipient@gmx.net
From: SCALIX USER
Subject: Test through the smarthost
This message should be delivered through the smarthost..For debugging I did a ...
Code: Select all
store:~ # sendmail -Am -v external.recipient@gmx.net
Subject:Mail to smarthost
This message should be delivered through the smarthost ...
<CTRL+D>... on the console and got this result ...
Code: Select all
external.recipient@gmx.net... Connecting to mail.mysmarthost.net. via relay...
220 mysmarthost.de ESMTP
>>> EHLO store.localdomain.local
250-mysmarthost.de
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
>>> STARTTLS
220 ready for tls
>>> EHLO store.localdomain.local
250-mysmarthost.de
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
>>> MAIL From:<root@store.localdomain.local> AUTH=root@store.localdomain.local
250 ok
>>> RCPT To:<external.recipient@gmx.net>
>>> DATA
553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)
503 RCPT first (#5.5.1)
>>> RSET
250 flushed
/root/dead.letter... Saved message in /root/dead.letter
Postmaster... aliased to root
root... Connecting to local...
root... Sent
Closing connection to mail.mysmarthost.net.
>>> QUIT
221 mysmarthost.de
You have new mail in /var/spool/mail/rootTo me this looks like sendmail does not use the correct login (
relay@mysmarthost.net) to authenticate to the smarthost. Instead it uses
root@store.localdomain.local.
But I'm not an expert on sendmail. Please help.
Posted: Tue Jul 25, 2006 11:02 pm
by ScalixSupport
You might want to take a look at the sendmail.org site for information about authinfo. Normally I just used the default filename and location of /etc/mail/authinfo for my authinfo file. To test what the latest sendmail expects if you want to change that location, I added:
Code: Select all
define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info')dnlto my sendmail.mc and rebuilt the cf from that. What that produced was:
Code: Select all
O DefaultAuthInfo=/etc/mail/auth/auth-infoSo, you should change the line in your sendmail.cf file from:
Code: Select all
Kauthinfo hash -o /etc/mail/auth/auth-info to:
Code: Select all
O DefaultAuthInfo=/etc/mail/auth/auth-infoand see if that works. If not, try just putting it in the default location of /etc/mail and rename the file to authinfo.
Thanks,
Rachel
Posted: Wed Jul 26, 2006 12:07 am
by ScalixB
I followed the instructions given at
http://www.sendmail.org/~ca/email/auth.html (Paragraph "Using sendmail as a client with AUTH"), already.
I tried to replace:
Code: Select all
Kauthinfo hash -o /etc/mail/auth/auth-infoby:
Code: Select all
O DefaultAuthInfo=/etc/mail/auth/auth-infoand also tried to use the default setting which is:
Code: Select all
# default authentication information for outgoing connections
O DefaultAuthInfo=/etc/mail/default-auth-info... on my sendmail (Version 8.13.4-8 i586).
The result is always the same.
Posted: Wed Jul 26, 2006 12:27 am
by ScalixSupport
I'm assuming you did restart your sendmail after making those changes, right? Have you tried just commenting out that line altogether and just using the default value? Are you certain /etc/mail/default-auto-info is the default on SuSE? I just checked my SLES9 box and it looks like that default file and location is /etc/mail/auth/auth-info.
Are you also certain you're going to the correct "smarthost" for using AuthSMTP for your ISP? Some ISP's have different hosts for Auth and non-Auth SMTP.
Thanks,
Rachel
Posted: Wed Jul 26, 2006 2:47 am
by ScalixB
I restarted sendmail after every change of sendmail.cf with
I commented out
Code: Select all
Kauthinfo hash -o /etc/mail/auth/auth-infoand tried it with
Code: Select all
O DefaultAuthInfo=/etc/mail/default-auth-infoonly.
The default entry in my sendmail.cf is
Code: Select all
# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-infoand I tried it with uncommenting this line and copying /etc/mail/auth/auth-info.db to /etc/mail/default-auth-info.db
I tried it with
Code: Select all
O DefaultAuthInfo=/etc/mail/default-auth-infoand with
Code: Select all
O DefaultAuthInfo=/etc/mail/default-auth-info.dbin my sendmail.cf.
And also with
Code: Select all
Kauthinfo hash -o /etc/mail/auth/auth-infoand with
Code: Select all
Kauthinfo hash -o /etc/mail/auth/auth-info.dbI am certain it is the correct host. On another box I do the same (same smarthost, same login) with Postfix and it works.
I really would like to use SCALIX but I only can do it with the smarthost - and this is the one and only obstacle.
Posted: Wed Jul 26, 2006 8:05 am
by Axel
Did you build your sendmail.cf by your own (using m4)?
Be sure the ruleset authinfo is active and not commented.
Posted: Wed Jul 26, 2006 11:23 am
by ScalixB
Axel, no, I didn't build my sendmail.cf from a *.cm file because I didn't know where to find a SCALIX-adjusted *.mc file. So I prefered to edit my sendmail.cf directly. I did it by adding/uncommenting and editing the three lines mentioned in my original post (see above).
After I found that it does not work I edited /etc/mail/linux.cm (this seems to be the default *.cm file on SuSE 10.0) and built a *.cf from it by using m4. Then I compared the results with my SCALIX-adjusted sendmail.cf.
Nevertheless I tried several variants as mentioned above.
Posted: Wed Jul 26, 2006 1:00 pm
by ScalixB
Now I tried it with the *.cf built from /etc/amil/linux.cm and it works
But the question I do have now is: didn't SCALIX change the /etc/sendmail.cf during installation? If yes, these changes are lost, now (not really, of course I have a backup of the other sendmail.cf). How do I merge the SCALIX-adjusted sendmail.cf with the one that works for the smarthost?
Posted: Wed Jul 26, 2006 6:21 pm
by jcaudell
ScalixB wrote:How do I merge the SCALIX-adjusted sendmail.cf with the one that works for the smarthost?
This was actually in the next email down :p. Use:
omsendin
That will reinsert the Scalix specific rules into the sendmail.cf file.
Posted: Thu Jul 27, 2006 12:40 am
by ScalixB
Everything works now. Thanks to all of you who contributed to the solution.