Архив эхоконференции RU.UNIX сообщение #3006

- RU.UNIX ----------------------------------------------------------- RU.UNIX -
 Msg  : #505 [505]
 От   : Valentin Davydov              2:5020/400          15 ноября 04, 13:36
 Кому : Victor Sudakov                                    28 ноября 04, 02:21
 Тема : Re: client SMTP authentication in sendmail
-------------------------------------------------------------------------------
From: Valentin Davydov 

>   From: Victor Sudakov 
>   Date: Mon, 15 Nov 2004 06:33:37 +0000 (UTC)
>
>Пытаюсь заставить sendmail аутентифицироваться на CGP, который
>является для него smart host.
>
>В выдаче CGP в ответ на EHLO присутствует помимо прочего
>
>250-AUTH=LOGIN
>250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 MSN
>
>В /etc/mail/access пишу
>authinfo:       "U:sudakov" "P:XXXXX"
>
>Смотрю tcpdump-ом и вижу, что никакой даже попытки аутентификации не
>делается, sendmail сразу переходит к "MAIL From:"
>
>Чувствую, что не учёл что-то глупое и тривиальное, но что?
>makemap на access, разумеется, сделан и проверен через
>"makemap -u hash /etc/mail/access.db"

Либо пропиши имя сервера в access, либо убери Sauthinfo из cf. Да, ещё
там же в cf можно ссылку на default-auth-info раскомментировать.

Providing SMTP AUTH Data when sendmail acts as Client
-----------------------------------------------------

If sendmail acts as client, it needs some information how to
authenticate against another MTA.  This information can be provided
by the ruleset authinfo or by the option DefaultAuthInfo.  The
authinfo ruleset looks up {server_name} using the tag AuthInfo: in
the access map.  If no entry is found, {server_addr} is looked up
in the same way and finally just the tag AuthInfo: to provide
default values.  Note: searches for domain parts or IP nets are
only performed if the access map is used; if the authinfo feature
is used then only up to three lookups are performed (two exact
matches, one default).

Note: If your daemon does client authentication when sending, and
if it uses either PLAIN or LOGIN authentication, then you *must*
prevent ordinary users from seeing verbose output.  Do NOT install
sendmail set-user-ID.  Use PrivacyOptions to turn off verbose output
("goaway" works for this).

Notice: the default configuration file causes the option DefaultAuthInfo
to fail since the ruleset authinfo is in the .cf file. If you really
want to use DefaultAuthInfo (it is deprecated) then you have to
remove the ruleset.

The RHS for an AuthInfo: entry in the access map should consists of a
list of tokens, each of which has the form: "TDstring" (including
the quotes).  T is a tag which describes the item, D is a delimiter,
either ':' for simple text or '=' for a base64 encoded string.
Valid values for the tag are:

  U   user (authorization) id
  I   authentication id
  P   password
  R   realm
  M   list of mechanisms delimited by spaces

Example entries are:

AuthInfo:other.dom "U:user" "I:user" "P:secret" "R:other.dom" "M:DIGEST-MD5"
AuthInfo:host.more.dom "U:user" "P=c2VjcmV0"

User id or authentication id must exist as well as the password.  All
other entries have default values.  If one of user or authentication
id is missing, the existing value is used for the missing item.
If "R:" is not specified, realm defaults to $j.  The list of mechanisms
defaults to those specified by AuthMechanisms.

Since this map contains sensitive information, either the access
map must be unreadable by everyone but root (or the trusted user)
or FEATURE(`authinfo') must be used which provides a separate map.
Notice: It is not checked whether the map is actually
group/world-unreadable, this is left to the user.

Вал. Дав.
--- ifmail v.2.15dev5.3
 * Origin: Demos online service (2:5020/400)

Канарские острова  free hosted forums  форум вебмастеров  бесплатный хостинг