[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sendmail SASL Auth on Debian 11

On Mon, Sep 12, 2022 at 12:42:00PM -0400, Dave Parker wrote:
> On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann <hfollmann@itcfollmann.com>
> wrote:
> 
> >
> > First, please do not top post.
> >
> > On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> > > Thanks for the advice.  Just to clarify, this is an enterprise SMTP
> > server
> > > for a university, and we have used Sendmail for at least 25 years now.  I
> > > have deployed and configured Sendmail on probably hundreds of servers
> > over
> > > the years, but most of them are on internal networks and relay mail
> > > through this SMTP server.  This is a high traffic SMTP server and its
> > > uptime is critical, so I would prefer to stay with Sendmail because it
> > has
> > > always been rock solid in the past.
> >
> > Understood. And I apologize. I assumed because of the old version of your
> > existing installation a less actively maintained situation and made a snap
> > judgement about your experience.
> > I also never said sendmail is not a  solid MTA. I stated it is extremely
> > difficult to maintain.
> > Also other MTA are well suited for high traffic servers. Exim is used
> > by ISPs with extremely high traffic.
> >
> > >
> > > The issue here is that Sendmail with SASL auth doesn't seem to work the
> > > same way in Bullseye as it did in Wheezy, which is probably to be
> > expected,
> > > given the large gap between versions.  I'm just trying to track down
> > > anything I may have missed in my new Bullseye configuration, since the
> > > exact same config works fine in Wheezy.
> > >
> >
> > Well, in my previous post I might hinted at your issue.
> >
> > Please check if courier-authdaemon or dovecot-core is installed.
> > Both provide an sasl authdaemon.
> > I do not know anything about your old installation so you have to
> > figure out, how and where the unix socket of the daemon is located.
> > If you use a chroot environment you must make sure the socket is accessible
> > to sendmail.
> >
> >
> My apologies for the top post.  We use Google for our institutional email,
> and the Gmail interface defaults to that when I reply to a message.
> 
> Looking at the existing Wheezy server which works correctly, I do not see
> anything providing an auth daemon besides saslauthd:
> 
> # dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot'
> libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
> libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
> sasl2-bin 2.1.25.dfsg1-6+deb7u1
> sendmail 8.14.4-4
> sendmail-base 8.14.4-4
> sendmail-bin 8.14.4-4
> sendmail-cf 8.14.4-4
> 
> So I guess my question is, do I need one now on the Bullseye server, if
> saslauthd always worked for this before?
> 

OK, that's an option too.

Now I would check if sasl works. There is an little helper program; try:
testsaslauthd -u <username> -p <password>

you might have to specify the location (-f path) of the unix socket if it is located 
somewhere uncommon.

If your authentication works then the communication between sendmail and saslauthd
is not working.



-H

-- 
Henning Follmann           | hfollmann@itcfollmann.com
Reply to: