- Red Hat Enterprise Linux (RHEL)
- How to setup and test SMTP AUTH within Sendmail
1. Setting up SMTP AUTH:
- Install following packages by using yum or update command.
cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel
- Start "saslauthd" service
# service saslauthd start # chkconfig saslauthd on
- Within the /etc/mail/sendmail.mc make sure following lines are uncommented
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'')dnl define(`confAUTH_MECHANISMS'', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'')dnl
- Run m4 command to rebuild the sendmail.cf file:
# cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig # cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.orig # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
- Restart sendmail and saslauthd
# service saslauthd restart Stopping saslauthd: [ OK ] Starting saslauthd: [ OK ] # service sendmail restart Shutting down sendmail: [ OK ] Shutting down sm-client: [ OK ] Starting sendmail: [ OK ] Starting sm-client: [ OK ]
2. Testing SMTP AUTH
To test SMTP AUTH from command line a valid username/password is required, following command uses username "test" and password "redhat" as example.
Generate base64 encoded string for username and password
# echo -ne "\0test\0redhat" | base64 AHRlc3QAcmVkaGF0
- Telnet can be used to test SMTP AUTH by using above encoded string
# telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is ''^]''. 220 dhcp.redhat.com ESMTP Sendmail 8.12.10/8.12.10; Wed, 24 Mar 2004 13:03:57 -0500 hello test 250-dhcp.redhat.com Hello localhost.localdomain [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP auth plain AHRlc3QAcmVkaGF0 235 2.0.0 OK Authenticated quit 221 2.0.0 dhcp.redhat.com closing connection Connection closed by foreign host.
- Note: Be sure to remove the
pam_stack.somodule if you are using RHEL 5 or newer.
For example /etc/pam.d/smtp:
#%PAM-1.0 auth include password-auth account include password-auth
A possible issue is that if you have postfix also installed (a known bug) - postfix will remove the needed pam smtp auth file, without it SMTP-AUTH within sendmail will fail. Check to see if the following file exists and has the following data within it (in fact my system had postfix installed and so I needed to fix this during verification and testing while witting this up) :
# cp /etc/pam.d/smtp.postfix /etc/pam.d/smtp # cat /etc/pam.d/smtp #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth #
The bugzilla on this issue can be found at:
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.