Is SuSE offering a RPM for sendmail 8.11.3 ???
Hi, I would like to use the newest sendmail with authenticated smtp but couldn't find a rpm anywhere on suse. Is somebody planning to create something like that, usable also for a SuSE 6.3??? I tried to compile it myself with BerkeleyDB, sfio + patch, openssl, cyrus-sasl but still don't know whether I might succeed... there are just too many things one needs to know... Regards, Marko -- O _ O 0 0 ------------------m-\o/-m------------------------------------------ Dr. Marko K"aning Tel/Fax: +49-3834 554 442 / -3834 554 301 INP Greifswald email : kaening@inp-greifswald.de
Hi,
I would like to use the newest sendmail with authenticated smtp but couldn't find a rpm anywhere on suse. Is somebody planning to create something like that, usable also for a SuSE 6.3???
I tried to compile it myself with BerkeleyDB, sfio + patch, openssl, cyrus-sasl but still don't know whether I might succeed... there are just too many things one needs to know...
It appears that redhat 7.1 does this by default, try their source rpm's perhaps. Hopefully suse will shortly follow suite and provide us with SMTP AUTH =)
Regards, Marko
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
It appears that redhat 7.1 does this by default, try their source rpm's perhaps. Hopefully suse will shortly follow suite and provide us with SMTP AUTH =)
Up to now no response from SuSE concerning this issue... Can we expect to get SMTP AUTH soon for the existing SuSE distributions? Regards, Marko
Up to now no response from SuSE concerning this issue...
Can we expect to get SMTP AUTH soon for the existing SuSE distributions?
Support for the older distributions means that we're offering security updates or fixes for bugs that break things (features). If you want to have this feature for an older distribution, you'd have to compile it yourself. It will be an endless bug-hunting desaster if we start backporting new features. You never know what else you break if you backport, especially because you need newer versions of certain libraries and helper programs (sometimes only in the build environment, not runtime). In most cases it may work, but in some other cases, somebody else will complain. In the particular case of sendmail there's an annoying version conflict with libdl that we managed to resolve. Backporting means to upgrade this lib, which is incompatible with other software on the distribution. You install from the ftp server or you bought the CDs in a store. You expect a bugfree collection of software, nicely preconfigured, and up-to-date. But while you enjoy it, you don't know which conflicts and other problems have been resolved on the way there (You'd find out if you try to get some stuff from their respective sources and compile and install it yourself. Not only some xmms plugin. Think about X-servers, kde libraries, kernels, compilers, ...) In other words, there's plenty of work in such a distribution, and believe me, there is much more work in it than the amount of money may indicate. Anyway; The SuSE-7.2 release will have it.
Regards, Marko
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -
Hi Roman, of course I understand your arguments! No question. Since I can't really imagine that I might succeed in the full configuration of the sendmail 8.11.3 I started discussion about this topic. So I see it's too much to ask for... Never mind, I thought to buy a newer distribution anyway someday.
Anyway; The SuSE-7.2 release will have it. That would be great!
Thanks for youre reply!!! Regards, Marko
On Apr 17 at 08:47, Marko Kaening said (in part):
I would like to use the newest sendmail with authenticated smtp but couldn't find a rpm anywhere on suse. Is somebody planning to create something like that, usable also for a SuSE 6.3???
I tried to compile it myself with BerkeleyDB, sfio + patch, openssl, cyrus-sasl but still don't know whether I might succeed... there are just too many things one needs to know... (2c: run rpm --rebuild and stop it once you know which parameters to call ./configure with -- then add a few of your own. )
Some thoughtful individual included a rpm in 7.1, and probably earlier, called sendmail-tls, which, with a few minor hacks to the linux.mc config file, you can actually get working. I installed this and cyrus-sasl on a redhat 6.2 system, although I had to upgrade pretty much everything .. so it is now a very confused little redhat box (a little disaster just waiting to happen). If you are prepared to upgrade glibc, you can do it too. Since I didn't really understand, I just turned everything on in linux.mc, which could be bad: TRUST_AUTH_MECH(`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN DPA NTLM') define(`confAUTH_MECHANISMS',`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN DPA NTLM') define(`confDEF_AUTH_INFO', `/etc/mail/auth')dnl echo password | saslpasswd -p -c user -p -u `hostname -f` # first time fails I have a slightly more comprehensive doc on how to do it ... any takers? &:-) -- ___ , | | l\/\ . -o) -o) -o) -o) -o) -o) -o) |-+-l\/\/\ /\\ /\\ /\\ /\\ /\\ /\\ /\\ |_|_|\/\/\/\. _\_v _\_v _\_v _\_v _\_v _\_v _\_v
Thanks Andrew, On Tue, 17 Apr 2001, Andrew McGill wrote:
(2c: run rpm --rebuild and stop it once you know which parameters to call ./configure with -- then add a few of your own. )
Some thoughtful individual included a rpm in 7.1, and probably earlier, called sendmail-tls, which, with a few minor hacks to the linux.mc config Great, I didn't dare to go for that initially, but then I decided to give it a try!!!
file, you can actually get working. I installed this and cyrus-sasl on a redhat 6.2 system, although I had to upgrade pretty much everything .. so it is now a very confused little redhat box (a little disaster just waiting to happen). If you are prepared to upgrade glibc, you can do it too. Well, that was the one thing I wanted to avoid! That would have too many consequences, I believe it's a big job to update all the packages.
TRUST_AUTH_MECH(`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN DPA NTLM') define(`confAUTH_MECHANISMS',`GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 LOGIN DPA NTLM') That was strange for me, since I included PLAIN and LOGIN, but for some reason my sendmail wouldn't allow these mechanisms. If I do a telnet to
BUT, I got the source rpm of that sendmail-tls from 7.1 and with some adaptions concerning search paths I was able to build that package, certainly after I installed the 7.1 cyrus-sasl.rpm. By the way, the sfio included in the spm still doesn't contain a known patch available on the sfio site. But I think everything will be available with 7.2. !!! self-build 7.1's sendmail-tls is working now on my SuSE 6.3 !!! But there are unfortunately some BUTs: port 25 I see that the only trusted mechs are 'GSSAPI DIGEST-MD5 CRAM-MD5'. Why?
echo password | saslpasswd -p -c user -p -u `hostname -f` # first time fails The same effect with me. I think it's caused by the non-existent sasldb file at the first user-create. Looks like that is somehow broken. But at least it works from the second time on...
I have a slightly more comprehensive doc on how to do it ... any takers? I am interested!
The biggest problem for me is now to understand the auth dialog. Up to now I was only able to reproduce a simple LOGIN method. The PLAIN already didn't work for me anymore, authentication failed every time, though I believe to have given the right MD5-string with all the info from sasldb for a specific user. Anyway, docs are somehow non-sufficient regarding the whole authentication mechs, at least for me... So if you could help me out at this point, would be nice. For instance with DIGEST-MD5 only 80% are understandable: I suspect that 'nc' is the number of copies of 'nonce' counting the 'cnonce', but what is 'digest-uri' is this the address of the client or the server? And what about the value of 'response'? How to evaluate that? Well, and for CRAM-MD5 there is no example at all... I would like to get this running with my ISP at home where I have to dial-up. I use mx.freenet.de and they now allow this also for connections from other ISPs with CRAM-MD5. How to properly enter the authentication data into the sasldb. I tried now several versions, but all don't work. I still don't know which 'realm' to use, since freenet doesn't say anything about that specifically, since they only give orders how to set-up netscape, ie and such... THanks in advance! Regards, Marko -- O _ O 0 0 ------------------m-\o/-m------------------------------------------ Dr. Marko K"aning Tel/Fax: +49-3834 554 442 / -3834 554 301 INP Greifswald email : kaening@inp-greifswald.de
participants (4)
-
Andrew McGill -
Kurt Seifried -
Marko Kaening -
Roman Drahtmueller