Re: Sendmail with relay (SMART_HOST), STARTTLS and AUTH

[Jason Mitchell <jmitchel%bigjar.com@localhost>]

On 10/5/21 12:12 PM, Manuel Bouyer wrote:
> On Tue, Oct 05, 2021 at 04:27:27PM +0200, tlaronde%polynum.com@localhost wrote:
> > Hello,
> >
> > I'm trying to set-up a node with sendmail(8).
> >
> > In order to not be blocked, eventually, by some firewall rule on port
> > 25, I'm relaying mail to a smart host, listening on port 587 for
> > STARTTLS, and I need to authentify using LOGIN or PLAIN mechanisme.
> >
> > For relaying, forwarding to port 587 and starting TLS with sendmail, no
> > problem after adding the needed options for the compilation of the
> > package.
> >
> > But whatever I'm trying to do, having added a
> > /usr/pkg/etc/sasl2/Sendmail.conf configuration and having installed
> > cyrus-sasl2 and cyrus-saslauthd, and launching the saslauthd daemon,
> > sendmail, without dialoguing with the server (for this; STARTTLS
> > is OK) always answers:
> >
> > no worthy mechs found
> >
> > So the blocking comes from sendmail. I have verified by telnet, that
> > doing authenfication by hand works.
> >
> > >From a search on the Web, when this kind of message is issued with
> > Postfix, on Linux based distribution, the problem is solved whether
> > by adding sasl modules or by specifying a configuration variable
> > for Postfix allowing plaintext authenfications (that is not allowed
> > by default).
> >
> > But as far as I understand, pkgsrc cyrus-sasl2 and cyrus-saslauthd
> > are sufficient and there is no such thing as this sasl-security
> > conf variable for sendmail.
> For sasl suport (as a server, not as a client though) I have to build sendmail
> with
> PKG_OPTIONS.sendmail+=sasl tls
It doesn't look like you installed the cy2_login and cy2_plain packages. 
I don't quite understand how it all fits together, but you need to 
install the cy2_ package for whatever mech you want to support. I guess 
these are where the modules live on NetBSD?

HTH,

Jason M.