Scalix does not authenticate at the smarthost

[ScalixB]

I use SCALIX Community Edition 10.0.1 on OpenSuSE 10.0 and I want to send all external e-mail through a smarthost (SMTP with TLS). Therefore I changed /etc/sendmail.cf and addded ...

Code: Select all

# "Smart" relay host (may be null)
DSmail.mysmarthost.net

# authinfo list database: contains info for authentication as client
Kauthinfo hash -o /etc/mail/auth/auth-info

# list of authentication mechanisms
O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Then I added ...

Code: Select all

AuthInfo:mail.mysmarthost.net "U:relay@mysmarthost.net" "I:relay@mysmarthost.net" "P:ThePWforTheRelayAccount" "M:CRAM-MD5"

... to /etc/mail/auth/auth-info and made the ...

Code: Select all

makemap hash auth-info < auth-info

... as described on http://www.scalix.com/wiki/index.php?ti ... notes/SMTP.


If I now try to send a message to an external address (e.g. external.recipient@gmx.net), I get this reply:

Code: Select all

The original message was received at Tue, 25 Jul 2006 04:38:30 +0700
from localhost [127.0.0.1]

   ----- The following addresses had permanent fatal errors -----
<external.recipient@gmx.net>
    (reason: 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1))

   ----- Transcript of session follows -----
... while talking to mail.mysmarthost.net.:
>>> DATA
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)
550 5.1.1 <external.recipient@gmx.net>... User unknown
<<< 503 RCPT first (#5.5.1)

----- Inline Message Follows -----
To: external.recipient@gmx.net
From: SCALIX USER
Subject: Test through the smarthost

This message should be delivered through the smarthost..

For debugging I did a ...

Code: Select all

store:~ # sendmail -Am -v external.recipient@gmx.net
Subject:Mail to smarthost
This message should be delivered through the smarthost ...
<CTRL+D>

... on the console and got this result ...

Code: Select all

external.recipient@gmx.net... Connecting to mail.mysmarthost.net. via relay...
220 mysmarthost.de ESMTP
>>> EHLO store.localdomain.local
250-mysmarthost.de
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
>>> STARTTLS
220 ready for tls
>>> EHLO store.localdomain.local
250-mysmarthost.de
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
>>> MAIL From:<root@store.localdomain.local> AUTH=root@store.localdomain.local
250 ok
>>> RCPT To:<external.recipient@gmx.net>
>>> DATA
553 sorry, that domain isn't in my list of allowed rcpthosts; no valid cert for gatewaying (#5.7.1)
503 RCPT first (#5.5.1)
>>> RSET
250 flushed
/root/dead.letter... Saved message in /root/dead.letter
Postmaster... aliased to root
root... Connecting to local...
root... Sent
Closing connection to mail.mysmarthost.net.
>>> QUIT
221 mysmarthost.de
You have new mail in /var/spool/mail/root

To me this looks like sendmail does not use the correct login (relay@mysmarthost.net) to authenticate to the smarthost. Instead it uses root@store.localdomain.local.
But I'm not an expert on sendmail. Please help.

[ScalixSupport]

You might want to take a look at the sendmail.org site for information about authinfo. Normally I just used the default filename and location of /etc/mail/authinfo for my authinfo file. To test what the latest sendmail expects if you want to change that location, I added:

Code: Select all

define(`confDEF_AUTH_INFO', `/etc/mail/auth/auth-info')dnl

to my sendmail.mc and rebuilt the cf from that. What that produced was:

Code: Select all

O DefaultAuthInfo=/etc/mail/auth/auth-info

So, you should change the line in your sendmail.cf file from:

Code: Select all

Kauthinfo hash -o /etc/mail/auth/auth-info

to:

Code: Select all

O DefaultAuthInfo=/etc/mail/auth/auth-info

and see if that works. If not, try just putting it in the default location of /etc/mail and rename the file to authinfo.

Thanks,
Rachel

[ScalixB]

I followed the instructions given at http://www.sendmail.org/~ca/email/auth.html (Paragraph "Using sendmail as a client with AUTH"), already.

I tried to replace:

Code: Select all

Kauthinfo hash -o /etc/mail/auth/auth-info

by:

Code: Select all

O DefaultAuthInfo=/etc/mail/auth/auth-info

and also tried to use the default setting which is:

Code: Select all

# default authentication information for outgoing connections
O DefaultAuthInfo=/etc/mail/default-auth-info

... on my sendmail (Version 8.13.4-8 i586).

The result is always the same.

[ScalixSupport]

I'm assuming you did restart your sendmail after making those changes, right? Have you tried just commenting out that line altogether and just using the default value? Are you certain /etc/mail/default-auto-info is the default on SuSE? I just checked my SLES9 box and it looks like that default file and location is /etc/mail/auth/auth-info.

Are you also certain you're going to the correct "smarthost" for using AuthSMTP for your ISP? Some ISP's have different hosts for Auth and non-Auth SMTP.

Thanks,
Rachel

[ScalixB]

I restarted sendmail after every change of sendmail.cf with

Code: Select all

/etc/init.d/sendmail restart

I commented out

Code: Select all

Kauthinfo hash -o /etc/mail/auth/auth-info

and tried it with

Code: Select all

O DefaultAuthInfo=/etc/mail/default-auth-info

only.
The default entry in my sendmail.cf is

Code: Select all

# default authentication information for outgoing connections
#O DefaultAuthInfo=/etc/mail/default-auth-info

and I tried it with uncommenting this line and copying /etc/mail/auth/auth-info.db to /etc/mail/default-auth-info.db

I tried it with

Code: Select all

O DefaultAuthInfo=/etc/mail/default-auth-info

and with

Code: Select all

O DefaultAuthInfo=/etc/mail/default-auth-info.db

in my sendmail.cf.
And also with

Code: Select all

Kauthinfo hash -o /etc/mail/auth/auth-info

and with

Code: Select all

Kauthinfo hash -o /etc/mail/auth/auth-info.db

I am certain it is the correct host. On another box I do the same (same smarthost, same login) with Postfix and it works.

I really would like to use SCALIX but I only can do it with the smarthost - and this is the one and only obstacle.

[Axel]

Did you build your sendmail.cf by your own (using m4)?
Be sure the ruleset authinfo is active and not commented.

[ScalixB]

Axel, no, I didn't build my sendmail.cf from a *.cm file because I didn't know where to find a SCALIX-adjusted *.mc file. So I prefered to edit my sendmail.cf directly. I did it by adding/uncommenting and editing the three lines mentioned in my original post (see above).

After I found that it does not work I edited /etc/mail/linux.cm (this seems to be the default *.cm file on SuSE 10.0) and built a *.cf from it by using m4. Then I compared the results with my SCALIX-adjusted sendmail.cf.

Nevertheless I tried several variants as mentioned above.

[ScalixB]

Now I tried it with the *.cf built from /etc/amil/linux.cm and it works

But the question I do have now is: didn't SCALIX change the /etc/sendmail.cf during installation? If yes, these changes are lost, now (not really, of course I have a backup of the other sendmail.cf). How do I merge the SCALIX-adjusted sendmail.cf with the one that works for the smarthost?

[jcaudell]

How do I merge the SCALIX-adjusted sendmail.cf with the one that works for the smarthost?

This was actually in the next email down :p. Use:

omsendin

That will reinsert the Scalix specific rules into the sendmail.cf file.

[ScalixB]

Everything works now. Thanks to all of you who contributed to the solution.