[CentOS] Sendmail not presenting AUTH option after EHLO

Chris Boyd

cboyd at gizmopartners.com
Tue Oct 8 21:50:52 UTC 2013


Hello folks,

I have a CentOS 6.4 installation running Sendmail, and after some serious hair tear stare and compare I'm a bit stumped.  When I connect to the server either with telnet or SSL, sendmail is not presenting the AUTH  capability after an EHLO.  Everything looks like it should be working, but no amount of tweaking is getting the AUTH capability advertised (and it doesn't work if you just try it anyway).

Here's the config bits from sendmail.mc--

	define(`confAUTH_OPTIONS', `A p')dnl
	define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
	TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Note:  Also tried
	define(`confAUTH_OPTIONS', `A')dnl
	define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
	TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
just to keep things simple.

saslauthd is running, and configured--/etc/sysconfig/saslauthd 

	SOCKETDIR=/var/run/saslauthd
	MECH=pam
	FLAGS=


/etc/sasl2/Sendmail.conf contains--
	pwcheck_method:saslauthd


/etc/pam.d/smtp contains--
	#%PAM-1.0
	auth       include	password-auth
	account    include	password-auth


But when I do "openssl s_client -starttls smtp -connect localhost:587" I don't get any AUTH capability--

ehlo localhost
250-pennzoil.gizmopartners.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-DELIVERBY
250 HELP
quit


All the certs are built, and if I connect via telnet, the server does advertise STARTTLS.

So anyone able to point out the obvious or not so obvious config mistakes?


More information about the CentOS mailing list