View previous topic :: View next topic |
Author |
Message |
jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Fri Jun 24, 2022 8:43 pm Post subject: Sendmail 8.17.1_2 update broke SMTP Auth |
|
|
Did a update today and afterwards discovered that I couldn't send mail anymore. Looks like the upgrade from sendmail-8.16.1-r1 to sendmail-8.17.1-r2 broke smtp-auth. Sasl was last upgraded on June 14 from cyrus-sasl-2.1.27-r6 to cyrus-sasl-2.1.28-r2. I don't think I've tried to send mail since then so not positive that it hasn't been broken since the 14th. I did find this FreeBSD bug report (Bug 263287 - mail/sendmail: 8.17.1_2 -> 8.17.1_3 upgrade breaks SMTP AUTH)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263287
My installation has been working for years and I double checked all my configs, nothing has changed. My sendmail.mc options:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
Connecting to the mail server, 250-auth is missing:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 domain.net ESMTP server ready at Fri, 24 Jun 2022 16:08:11 -0400
ehlo localhost
250-domain.net Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 50485760
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
^]
telnet> q
Connection closed.
And also, the mail log throws out this message when trying to send:
Jun 24 16:10:22 host sm-mta[27307]: AUTH warning: no mechanisms
Went ahead and did an emerge world and then rebooted just to refresh everything but no luck. Also tried downgrading to 8.16.1 but no luck there either. Any email gurus out there who can give me some help with this? |
|
Back to top |
|
|
freke l33t
Joined: 23 Jan 2003 Posts: 977 Location: Somewhere in Denmark
|
|
Back to top |
|
|
jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Sat Jun 25, 2022 4:36 pm Post subject: |
|
|
freke wrote: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262935
It probably broke when upgrading to cyrus-sasl-2.1.28.
There's a patch for sendmail in that bug-report |
Thanks for the link. Installed 2.1.27 locally but still no luck. Frustrating. |
|
Back to top |
|
|
freke l33t
Joined: 23 Jan 2003 Posts: 977 Location: Somewhere in Denmark
|
Posted: Sat Jun 25, 2022 4:53 pm Post subject: |
|
|
Tried re-emerging sendmail after downgrading cyrus-sasl? |
|
Back to top |
|
|
jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Sat Jun 25, 2022 6:24 pm Post subject: |
|
|
freke wrote: | Tried re-emerging sendmail after downgrading cyrus-sasl? |
I got it working again. Somehow. I downgraded sendmail to portage version 8.16.1-r2. Switched back to the current portage cyrus-sasl-2.1.28-r2. Re-emerged both again at the same time. All configs are the same as they have been for the last couple years. Now it's working. This is basically the first thing I tried though I didn't re-emerge sasl after downgrading sendmail the first time. sendmail/sasl smtp-auth is fragile. Thanks for the suggestions, helps to have another brain throwing out some ideas. |
|
Back to top |
|
|
madyogi n00b
Joined: 10 Jun 2016 Posts: 10
|
Posted: Sun Jul 17, 2022 10:50 am Post subject: |
|
|
[quote="jah2"] freke wrote: | I got it working again. Somehow. I downgraded sendmail to portage version 8.16.1-r2. Switched back to the current portage cyrus-sasl-2.1.28-r2. |
I don't update so often and looks like I fall into the same hole. Still can't fix it. Fortunately kept sendmail-8.16-r1 binary. That one looks to works fine with cyrus-sasl-2.1.28-r2.
When I
Code: | telnet localhost 25 |
I get
Code: | EHLO myPC
250-mySMTP.lan Hello [192.168.128.121], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH CRAM-MD5 PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP |
So the AUTH is there and I can send emails with my local sendmail from PCs on LAN, but after upgrading to sendmail-8.16-r2 or ...17-r2 it lists the above without the line 250-AUTH CRAM-MD5 PLAIN and there's also corresponding syslog entry sm-mta[24214]: AUTH warning: no mechanisms. |
|
Back to top |
|
|
jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Sun Jul 17, 2022 1:47 pm Post subject: |
|
|
madyogi wrote: | Fortunately kept sendmail-8.16-r1 binary. That one looks to works fine with cyrus-sasl-2.1.28-r2 |
I masked sendmail 8.17 (>mail-mta/sendmail-8.17.1) and that downgraded me to sendmail-8.16.1-r2 which worked with cyrus-sasl-2.1.28-r2. Re-emerging both after getting your versions right seems to be the key. In the past when I've had this problem, just re-emerging sendmail and sasl, without doing any downgrading, fixed the issue. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Jul 17, 2022 2:59 pm Post subject: |
|
|
I didn't see a bug for this at bugs.gentoo.org... has either of you checked on IRC or opened a bug report? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
jah2 n00b
Joined: 17 Nov 2004 Posts: 53 Location: NC
|
Posted: Sun Jul 17, 2022 3:30 pm Post subject: |
|
|
pjp wrote: | I didn't see a bug for this at bugs.gentoo.org... has either of you checked on IRC or opened a bug report? |
Didn't see a bug or open a report but will. Wanted to make sure I wasn't have some kind of brain fart before I did that but forgot about it by the time I got it fixed. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sun Jul 17, 2022 4:59 pm Post subject: |
|
|
Thanks.
It seems interesting that sendmail has fixed it, but not released a new version with that fix (unless snapshots are intended to be applied by distributors). _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Wed Aug 24, 2022 6:07 am Post subject: |
|
|
Ugh another rarely tested feature I set up and it broke. But somehow there seems to be another aspect:
I had SASL LOGIN enabled for remote mail relaying but on my LAN I had an access.db that allows all LAN hosts to use my SMTP sendmail relay. After a recent upgrade, I lost LAN relaying as well, it seems. Weird...
---
EDIT
---
Looks like sendmail-8.17.1.9 got stabilized yesterday. I accept_keywords and installed it (x86) and hooray SASL AUTH is working again! _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
|