Need Help Setting Up cyrus-sasl, sendmail, SMTP AUTH, for Pop & IMAP

From: Nick Metrowsky <nmetro_at_colorado.edu>
Date: Mon, 17 Dec 2001 10:46:25 -0700

Folks,

 I have been trying for the past few days to get IMAP/POP-before-SMTP to
 work on a Tru64 UNIX V5.1 system. We have C2 security, a.k.a. enhanced
 security a.k.a. SIA turned on. Also, we are using sendmail V8.11.6 and
 cyrus-sasl V1.5.27. The following is used to configure cyrus-sasl:

 #!/bin/sh
 CC="cc"
 CPPFLAGS="-I/etc/mail/sasl/include"
 LDFLAGS="-L/etc/mail/sasl/lib"
 export CPPFLAGS LDFLAGS CC
 ./configure --prefix=/etc/mail/sasl --with-dblib=gdbm --disable-krb4
--disable-gssapi --enable-anonymous \
 --disable-cram --disable-digest --enable-sia --enable-login
--with-plugindir=/etc/mail/sasl/lib/sasl \
 --with-dbpath=/etc/mail/sasl/sasldb --enable-static

 The following is used to build sendmail (devtools/OS/OSF1.5.x):

 # $Id: OSF1.V5.x,v 8.1.2.1 2001/02/26 21:09:00 gshapiro Exp $
 define(`confCC', `cc -std1 -Olimit 1000')
 define(`confMAPDEF', `-DNDBM -DHESIOD -DSASL -DMAP_REGEX')
 define(`confENVDEF', `-DHASSNPRINTF=1')
 define(`confLIBS', `-ldbm')
 define(`confSTDIR', `/etc/mail')
 define(`confINSTALL', `installbsd')
 define(`confEBINDIR', `/usr/lbin')
 define(`confUBINDIR', `${BINDIR}')
 define(`confDEPEND_TYPE', `CC-M')

 define(`confMTLDOPTS', `-lpthread')
 define(`confENVDEF', `-D_PATH_SENDMAILPID=\"/etc/mail/sendmail.pid\"')
 APPENDDEF(`confINCDIRS', `-I/etc/mail/include
-I/etc/mail/sasl/include')
 APPENDDEF(`confLIBS', `/etc/mail/lib/libhesiod.a /etc/mail/lib/libdb.a
/etc/mail/sasl/lib/libgdbm.a')
 APPENDDEF(`conf_sendmail_LIBS', `/etc/mail/sasl/lib/libsasl.so')

 The sasl/lib/sasl/Sendmail.conf file contains:

 pwcheck_method: sia

 In sendmail.cf, the following is set:

 ESASL=/etc/mail/sasl/lib:/etc/mail/sasl/lib/sasl

 O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
  
 Befoer I go on, I do have a problem building cyrus-sasl in module
 lib/checkpw.c

 I get an error for the following lines:

   if (sasl_getprop(conn, SASL_IP_REMOTE, (void **) &addr) != SASL_OK)
       host = NULL;
   else
       host = inet_ntoa(*addr);

 Using Compaq c or gcc:

 /bin/sh ../libtool --mode=compile cc -DHAVE_CONFIG_H
 -I. -I. -I.. -I../include -I/usr/local/include
-I/etc/mail/sasl/include
 -g -c checkpw.c
 rm -f .libs/checkpw.lo
 cc -DHAVE_CONFIG_H -I. -I. -I.. -I../include -I/usr/local/include
 -I/etc/mail/sasl/include -g -c checkpw.c -DPIC -o .libs/checkpw.lo
 cc: Error: checkpw.c, line 570: In this statement, "*addr" is of type
 "struct sockaddr_in", and cannot be converted to a different "struct
 in_addr" type. (noconvertcls)
       host = inet_ntoa(*addr);
 -----------------------^
 cc: Warning: checkpw.c, line 573: In this statement, the referenced
type
 of the pointer value "userid" is const, but the referenced type
 of the target of this assignment is not. (notconstqual)
   if (sia_ses_init (&ent, 1, argv, host, userid, NULL, 0, NULL) !=
 SIASUCCESS)
 -----------------------------------------^
 cc: Warning: checkpw.c, line 575: In this statement, the referenced
type
 of the pointer value "password" is const, but the referenced type of
the
 target of this assignment is not. (notconstqual)
   if ((ret = sia_ses_authent (NULL, password, ent)) != SIASUCCESS) {
 ------------------------------------^
 gnumake: *** [checkpw.lo] Error 1

 Part of my problem is I commented out the above lines, which may be the
 reason for my grief, as you'll see.

 Once I build cyrus-sasl and sendmail, I can test connecting to sendmail
 and I get the following:

 buckeyes.Colorado.EDU> telnet buckeyes 25
 Trying 128.138.140.23...
 Connected to buckeyes.Colorado.EDU.
 Escape character is '^]'.
 220 buckeyes.Colorado.EDU ESMTP Sendmail
 8.11.6/8.11.6/UnixOps+Hesiod; Fri, 14 Dec 2001 14:09:09 -0700 (MST)
 ehlo buckeyes
 250-buckeyes.Colorado.EDU Hello buckeyes.Colorado.EDU [128.138.140.23],
 pleased to meet you
 250-ENHANCEDSTATUSCODES
 250-EXPN
 250-VERB
 250-8BITMIME
 250-SIZE
 250-DSN
 250-ONEX
 250-ETRN
 250-XUSR
 250-AUTH PLAIN LOGIN
 250 HELP
 quit
 221 2.0.0 buckeyes.Colorado.EDU closing connection
 Connection closed by foreign host.1

 So, at least it looks like its working.

 I have set LogLevel to the maximum on sendmail, so I can see what's
going
 on. I am using imap from a Netscape V4.79 from Windows to connect to
our
 mailserver. So, when I try to send a message from a remote system to
our
 mail server, I get:

 Dec 14 11:01:03 buckeyes sendmail[286621]: alias database
 /etc/mail/aliases rebuilt by nmetro
 Dec 14 11:01:03 buckeyes sendmail[286621]: /etc/mail/aliases: 6
aliases,
 longest 23 bytes, 133 bytes total
 Dec 14 11:01:03 buckeyes sendmail[286619]: starting daemon
 (8.11.6): SMTP+queueing_at_00:15:00
 Dec 14 11:03:12 buckeyes imapd[286636]: imap service init from
 128.138.140.141
 Dec 14 11:03:16 buckeyes imapd[286636]: Authenticated user=nmetro
 host=coney.Colorado.EDU [128.138.140.141]
 Dec 14 11:03:38 buckeyes sendmail[286544]: NOQUEUE: connect from
 coney.Colorado.EDU [128.138.140.141]
 Dec 14 11:03:38 buckeyes sendmail[286544]: SASL: available mech=LOGIN
 PLAIN ANONYMOUS, allowed mech=GSSAPI KERBEROS_V4
 DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 220
 buckeyes.Colorado.EDU ESMTP Sendmail 8.11.6/8.11.6/UnixOps+Hesiod;
  Fri, 14 Dec 2001 11:03:38 -0700 (MST)
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: <-- EHLO
 colorado.edu
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: -->
 250-buckeyes.Colorado.EDU Hello coney.Colorado.EDU [128.138.140.141],
 pleased to meet you
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: -->
 250-ENHANCEDSTATUSCODES
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-EXPN
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-VERB
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: -->
250-8BITMIME
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-SIZE
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-DSN
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-ONEX
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-ETRN
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-XUSR
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250-AUTH
 PLAIN LOGIN
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: --> 250 HELP
 Dec 14 11:03:38 buckeyes sendmail[286544]: fBEI3cT286544: <-- AUTH
PLAIN
 AG5tZXRybwBKZXN1czE=

 At this point, Netscape, on the PC side, just displays:

 EHLO buckeyes.colorado.edu
 250-ENHANCEDSTATUSCODES
 250-EXPN
 250-VERB
 250-8BITMIME
 250-SIZE
 250-DSN
 250-ONEX
 250-ETRN
 250-XUSR
 250-AUTH PLAIN LOGIN
 250 HELP

 Please see you System Administrator for assistance.


 At this point, the message fails to be sent. Repeated steps at clicking
on
 "OK", just return the same Windows display.

 I am hoping someone could give me some insight on what is going on.
Better
 yet, a sample configuration for Tru64 UNIX using SIA authentication
would
 be most useful. Also, a patch to checkpw.c would be most useful.

 Thank you in advance for your help.

 Nick
 --- 
-- 
========================================================================
Nick Metrowsky                     |
JILA, Central Unix System Admin.   | E-Mail: nmetro_at_colorado.edu
University of Colorado             |         nmetro_at_jila.colorado.edu
JILA, Room S222                    | Phone: (303)492-4060
Campus Box 440                     | FAX:   (303)492-5235
Boulder, CO 80309-0440             | http://jilawww.colorado.edu/~nmetro
========================================================================
Received on Mon Dec 17 2001 - 17:47:27 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT