I have been here before with previous blog entries:
- Can Solaris 11 Sendmail / SASL handle SMTP AUTH
- Solaris 11: Setting up Sendmail / SASL to handle SMTP AUTH
Ref: Using Simple Authentication and Security Layer
- Solaris 11.4 Beta now comes with SASL support
# /usr/lib/sendmail -d0 -bt < /dev/null
Version 8.15.2+Sun
Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB
NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT XDEBUG
- Need to modify the sendmail configuration file slightly to add AUTH and AUTH methods
# cd /etc/mail/cf/cf
# cat > sasl.mc
divert(0)dnl
VERSIONID(`sendmail.mc (Sun)')
OSTYPE(`solaris11')dnl
DOMAIN(`solaris-generic')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
# make sasl.cf
test ! -f sasl.cf || /usr/bin/mv sasl.cf sasl.cf.prev
/usr/bin/m4 ../m4/cf.m4 sasl.mc > sasl.cf
# cp sasl.cf ../../sendmail.cf
# svcadm restart sendmail
- Setup the SASL plugin via Sendmail.conf file
# cat /etc/sasl2/Sendmail.conf
pwcheck_method: saslauthd
- For authentication to work the saslauthd has to be started, so you can start it as a one off process (good for debugging). Naturally this needs to go into a SMF, but that has been covered in the blogs above before.
# saslauthd -n 1 -V -d -a pam
saslauthd[7495] :main : num_procs : 1
saslauthd[7495] :main : mech_option: NULL
saslauthd[7495] :main : run_path : /var/run/saslauthd
saslauthd[7495] :main : auth_mech : pam
saslauthd[7495] :detach_tty : master pid is: 0
saslauthd[7495] :ipc_init : door on: /var/run/saslauthd/mux
...the following will appear after the following command executed
saslauthd[7495] :do_auth : auth success: [user=MyUserName] [service=imap] [realm=] [mech=pam]
saslauthd[7495] :do_request : response: OK
# /usr/lib/sasl/tests/testsaslauthd -u MyUserName -p MyPassword
0: OK "Success."
- Now test the sendmail part, but first we need encrypted username and password:
# perl -MMIME::Base64 -e 'print encode_base64("\000MyUser\000MyPassword")'
AE15VXNlcgBNeVBhc3N3b3Jk
# /usr/lib/sendmail -bv -O LogLevel=14 -bs -Am
220 delphi.dcs.bbk.ac.uk ESMTP Sendmail 8.15.2+Sun/8.15.2; Wed, 7 Feb 2018 12:44:02 GMT
EHLO localhost
250-delphi.dcs.bbk.ac.uk Hello root@localhost, pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
AUTH PLAIN AE15VXNlcgBNeVBhc3N3b3Jk
235 2.0.0 OK Authenticated
quit
- Looking at /var/log/syslog after doing the above you will see (errors mainly becaue I have not set up Certificates up completely on this test setup):
#####AFTER STARTING /usr/lib/sendmail -bv -O LogLevel=14 -bs -Am
Feb 7 12:38:13 delphi sendmail[8043]: [ID 801593 mail.info] NOQUEUE: connect from root@localhost
Feb 7 12:38:13 delphi sendmail[8043]: [ID 702911 mail.warning] STARTTLS: ServerCertFile missing
Feb 7 12:44:02 delphi sendmail[8275]: [ID 702911 mail.info] AUTH: available mech=SCRAM-SHA-1 GSS-SPNEGO GSSAPI OTP LOGIN PLAIN, allowed mech=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Feb 7 12:38:13 delphi sendmail[8043]: [ID 801593 mail.info] w17CcDMH008043: Milter: no active filter
#####AFTER AUTH PLAIN AHdzdHVkZW50AEExczJkM2Y0ZzU=
Feb 7 12:44:42 delphi sendmail[8275]: [ID 702911 mail.info] AUTH=server, relay=root@localhost, authid=MyUserName, mech=PLAIN, bits=0
- That is it and Oracle Solaris 11.4
No comments:
Post a Comment