Здравствуйте.
Имею ASPLinux 11, [root@maestro ~]# rpm -qa cyrus-sas*
cyrus-sasl-md5-2.1.20-6
cyrus-sasl-2.1.20-6
cyrus-sasl-gssapi-2.1.20-6
cyrus-sasl-plain-2.1.20-6
cyrus-sasl-devel-2.1.20-6
cyrus-sasl-ntlm-2.1.20-6
cyrus-sasl-sql-2.1.20-6
[root@maestro ~]#
В /usr/lin/sasl2/Sendmail.conf указано-
#pwcheck_method:saslauthd
pwcheck_method: shadow
mech_list: plain login digest-md5 cram-md5
log_level: 15
В /etc/init.d/saslauthd указано-
..
# Source our configuration file for these variables.
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
. /etc/sysconfig/saslauthd
fi
RETVAL=0
# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd
..
Скрипт запуска sasl выполняется без ошибок.
Т.к. используем sendmail-8.14.2 из исходников, то -
1. в /use/src/sendmail-8.14.2/devtools/Site/site.config.mc4 вставляем строки-
dnl *** SASL2 (SMTP Authentication) *** RPM cyrus-sasl-2.1.20-6
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/lib/sasl2')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')
2. в /use/src/sendmail-8.14.2/cf/cf/sendmail.mc вставляем строки-
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confDEF_AUTH_INFO', `/etc/mail/default-auth-info')dnl
FEATURE(`no_default_msa')dnl
Компилирую и перезапускаю sendmail. Проверка поддержки sendmail-ом SASL2-
[root@maestro poisk-mail]# sendmail -d0.1 -bv root
Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETUNIX NEWDB PIPELINING SASLv2 SCANF USERDB
XDEBUG
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = maestro
(canonical domain name) $j = orizon-navigation.com
(subdomain name) $m = orizon-navigation.com
(node name) $k = maestro
========================================================
bsm... deliverable: mailer local, user bsm
[root@maestro poisk-mail]#
В sendmail.cf имеем-
..
# dequoting map
Kdequote dequote
# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
# class N: domains that should not be converted to $M
#CL root
C{TrustAuthMech}DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
C{E}root
..
# log level
O LogLevel=15
# list of authentication mechanisms
O AuthMechanisms=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
# default authentication information for outgoing connections
O DefaultAuthInfo=/etc/mail/default-auth-info
# SMTP AUTH flags
O AuthOptions=A
..
R$* $| $={TrustAuthMech} $# RELAY
..
Выполнение telnet-
[root@maestro ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost (127.0.0.1).
Escape character is '^]'.
220 Mon, ESMTP 14 Apr 2008 09:32:38 +0300
ehlo localhost
250-orizon-navigation.com Hello localhost [127.0.0.1] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 48000000
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
quit
221 2.0.0 orizon-navigation.com closing connection
Connection closed by foreign host.
[root@maestro ~]#
Проверка выполнения авторизации при отправке почты- на машине с Windows 2000 в почтовике Outlook Express для почтовой учётной записи пользователя navis-ftp отправляем почту самому себе-
Apr 14 09:50:55 maestro sendmail[15663]: NOQUEUE: connect from Vodzinskij_Nikolaj [192.168.0.106]
Apr 14 09:50:55 maestro sendmail[15663]: AUTH: available mech=PLAIN LOGIN DIGEST-MD5 CRAM-MD5, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: --- 220 Mon, ESMTP 14 Apr 2008 09:50:55 +0300
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: <-- HELO vodzinskij
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: --- 250 orizon-navigation.com Hello Vodzinskij_Nikolaj [192.168.0.106], pleased to meet you
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: <-- MAIL FROM: <navis-ftp@orizon-navigation.com>
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: --- 250 2.1.0 <navis-ftp@orizon-navigation.com>... Sender ok
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: <-- RCPT TO: <navis-ftp@orizon-navigation.com>
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: --- 250 2.1.5 <navis-ftp@orizon-navigation.com>... Recipient ok
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: <-- RSET
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: --- 250 2.0.0 Reset state
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: to=<navis-ftp@orizon-navigation.com>, delay=00:00:00, pri=0, stat=RSET
Apr 14 09:50:55 maestro sendmail[15663]: m3E6otap015663: from=<navis-ftp@orizon-navigation.com>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=Vodzinskij_Nikolaj [192.168.0.106]
Apr 14 09:50:55 maestro drweb-smf[3556]: [m3E6otap015663]: message from navis-ftp@orizon-navigation.com is aborted
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: <-- MAIL FROM: <navis-ftp@orizon-navigation.com>
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: --- 250 2.1.0 <navis-ftp@orizon-navigation.com>... Sender ok
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: <-- RCPT TO: <navis-ftp@orizon-navigation.com>
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: --- 250 2.1.5 <navis-ftp@orizon-navigation.com>... Recipient ok
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: <-- DATA
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: --- 354 Enter mail, end with "." on a line by itself
Apr 14 09:50:59 maestro sendmail[15663]: m3E6otaq015663: from=<navis-ftp@orizon-navigation.com>, size=1203, class=0, nrcpts=1, msgid=<002801c89dfc$0a270d30$6a00a8c0@vodzinskij>, proto=SMTP, daemon=MTA, relay=Vodzinskij_Nikolaj [192.168.0.106]
Apr 14 09:51:00 maestro drweb-smf[3556]: [m3E6otaq015663]: scan: the message(drweb.tmp.gLKumP) sent by navis-ftp@orizon-navigation.com to navis-ftp@orizon-navigation.com is passed
Apr 14 09:51:00 maestro drweb-smf[3556]: [m3E6otaq015663]: processing message from navis-ftp@orizon-navigation.com is over
Apr 14 09:51:00 maestro sendmail[15663]: m3E6otaq015663: --- 250 2.0.0 m3E6otaq015663 Message accepted for delivery
Apr 14 09:51:00 maestro sendmail[15731]: m3E6otaq015663: to=<navis-ftp@orizon-navigation.com>, ctladdr=<navis-ftp@orizon-navigation.com> (1291/100), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=31885, dsn=2.0.0, stat=Sent
Apr 14 09:51:00 maestro sendmail[15663]: m3E6otar015663: <-- QUIT
Apr 14 09:51:00 maestro sendmail[15663]: m3E6otar015663: --- 221 2.0.0 orizon-navigation.com closing connection
Т.е. письмо доставлено по назначению.
Теперь в свойствах учётной записи пользователя navis-ftp, в закладке "Серверы" укажем, что для сервера исходящей почты будет выполняться проверка подлинности пользователя, при этом в настройках этой опции используем авторизацию "Как на сервере входящей почты", сохраним изменения.
Отправляем почту самому себе-
Apr 14 10:01:55 maestro sendmail[19546]: NOQUEUE: connect from Vodzinskij_Nikolaj [192.168.0.106]
Apr 14 10:01:55 maestro sendmail[19546]: AUTH: available mech=PLAIN LOGIN DIGEST-MD5 CRAM-MD5, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 220 Mon, ESMTP 14 Apr 2008 10:01:55 +0300
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: <-- EHLO vodzinskij
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-orizon-navigation.com Hello Vodzinskij_Nikolaj [192.168.0.106], pleased to meet you
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-ENHANCEDSTATUSCODES
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-PIPELINING
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-8BITMIME
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-SIZE 48000000
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-DSN
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-ETRN
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250-DELIVERBY
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 250 HELP
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: <-- AUTH LOGIN
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 334 VXNlcm5hbWU6
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 334 UGFzc3dvcmQ6
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 535 5.7.0 authentication failed
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: <-- QUIT
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: --- 221 2.0.0 orizon-navigation.com closing connection
Apr 14 10:01:55 maestro sendmail[19546]: m3E71t0u019546: Vodzinskij_Nikolaj [192.168.0.106] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Предполагая, что имеющийся SASL не поддерживает AUTH LOGIN, берём с
http://asg.web.cmu.edu/sasl/sasl-library.html пакет cyrus-sasl-2.1.22.tar.gz. Разворачиваем его и компилируем -
./configure --enable-login
make
make install
Создаю ссылку /usr/local/lib/sasl2/Sendmail.conf --> /usr/lib/sasl2/Sendmail.conf
Изменяю назначения в /etc/init.d/saslauthd
..
path=/usr/local/sbin/saslauthd
..
Перезапускаю /etc/init.d/saslauthd restart. Проверяю какая программа выполняется-
[root@maestro mail]# ps -ax | grep sasl
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
27178 ? Ss 0:00 /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
27180 ? S 0:00 /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
27181 ? S 0:00 /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
27182 ? S 0:00 /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
27183 ? S 0:00 /usr/local/sbin/saslauthd -m /var/run/saslauthd -a shadow
747 pts/3 R+ 0:00 grep sasl
[root@maestro mail]#
Выполняю изменения в /use/src/sendmail-8.14.2/devtools/Site/site.config.mc4-
dnl *** SASL2 (SMTP Authentication) *** Source cyrus-sasl-2.1.22
APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl2')
APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl')
Компилирую и перезапускаю sendmail. Выполняю все предыдущие проверки и получаю тот же результат.
Apr 14 10:32:32 maestro sendmail[1281]: NOQUEUE: connect from Vodzinskij_Nikolaj [192.168.0.106]
Apr 14 10:32:32 maestro sendmail[1281]: AUTH: available mech=PLAIN LOGIN DIGEST-MD5 CRAM-MD5, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 220 Mon, ESMTP 14 Apr 2008 10:32:32 +0300
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: <-- EHLO vodzinskij
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-orizon-navigation.com Hello Vodzinskij_Nikolaj [192.168.0.106], pleased to meet you
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-ENHANCEDSTATUSCODES
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-PIPELINING
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-8BITMIME
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-SIZE 48000000
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-DSN
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-ETRN
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250-DELIVERBY
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 250 HELP
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: <-- AUTH LOGIN
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 334 VXNlcm5hbWU6
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 334 UGFzc3dvcmQ6
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 535 5.7.0 authentication failed
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: AUTH failure (LOGIN): no mechanism available (-4) SASL(-4): no mechanism available: checkpass failed
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: <-- QUIT
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: --- 221 2.0.0 orizon-navigation.com closing connection
Apr 14 10:32:32 maestro sendmail[1281]: m3E7WWbV001281: Vodzinskij_Nikolaj [192.168.0.106] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Как добиться авторизации при отправке почты?
Спасибо.
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 14-Апр-08, 12:29 
