Discussion:
DAEMON_OPTIONS with Modifiers=A but still authentication attempts on port 25
Add Reply
Jobst Schmalenbach
2025-01-09 05:06:31 UTC
Reply
Permalink
Hi

I didn't know "Modifiers=A" existed until I came across this

https://www.hydrus.org.uk/journal/sendmail-noauth.html

referencing a thread in

https://groups.google.com/g/comp.mail.sendmail/c/c8x-bA07_d0

Since the discovery of "Modifiers=A" I have tried, yet the attempts are
still coming in (duplicates deleted):

Jan 9 12:28:13 mail saslauthd[1930]: : auth failure: [user=trangtry]
[service=smtp] [realm=barrett.com.au] [mech=pam] [reason=PAM auth error]
Jan 9 12:55:45 mail saslauthd[1933]: : auth failure: [user=business]
[service=smtp] [realm=barrett.com.au] [mech=pam] [reason=PAM auth error]
Jan 9 13:00:16 mail saslauthd[1929]: : auth failure:
[user=barrykennedy] [service=smtp] [realm=barrett.com.au] [mech=pam]
[reason=PAM auth error]
Jan 9 13:27:53 mail saslauthd[1930]: : auth failure: [user=psf]
[service=smtp] [realm=barrett.com.au] [mech=pam] [reason=PAM auth error]
Jan 9 13:36:06 mail saslauthd[1933]: : auth failure: [user=scr]
[service=smtp] [realm=barrett.com.au] [mech=pam] [reason=PAM auth error]


The important bits in the sendmail.mc file:

define(`confAUTH_OPTIONS', `p')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 PLAIN')
define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5 PLAIN')
DAEMON_OPTIONS(`Family=inet, Addr=101.0.102.2, Port=smtp,
Name=MTA-barrett.com.au, Modifiers=A')
DAEMON_OPTIONS(`Family=inet, Addr=127.0.0.1, Port=smtp,
Name=MTA-localhost, Modifiers=A')
DAEMON_OPTIONS(`Family=inet, Addr=101.0.102.2, Port=smtps,
Name=MTA-SSL-barrett.com.au, Modifiers=s')

versions:
cyrus-sasl.x86_64 2.1.27-6.el8_5
sendmail.x86_64 8.15.2-34.el8
Claus Aßmann
2025-01-09 06:55:15 UTC
Reply
Permalink
Post by Jobst Schmalenbach
Since the discovery of "Modifiers=A" I have tried, yet the attempts are
DAEMON_OPTIONS(`Family=inet, Addr=101.0.102.2, Port=smtp,
Name=MTA-barrett.com.au, Modifiers=A')
You can easily check it yourself:

telnet 101.0.102.2 25
wait for greeting
EHLO your.host


$ telnet 101.0.102.2 25
220 mail.barrett.com.au ESMTP SMTP
ehlo my.host
250-barrett.com.au Hello ....
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 360000000
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
AUTH Login asb
503 5.3.3 AUTH not available

Seems to work as expected.

Hence the AUTH attempts are on a different port or from something else.
Post by Jobst Schmalenbach
sendmail.x86_64 8.15.2-34.el8
Pretty old?
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
Marco Moock
2025-01-09 16:36:17 UTC
Reply
Permalink
Post by Claus Aßmann
Post by Jobst Schmalenbach
sendmail.x86_64 8.15.2-34.el8
Pretty old?
The version that is being shipped with RHEL8.
el8 indicates that.

RHEL users want old versions. :-)
--
kind regards
Marco

Send spam to ***@stinkedores.dorfdsl.de
Jobst Schmalenbach
2025-01-12 23:19:56 UTC
Reply
Permalink
Post by Marco Moock
Post by Jobst Schmalenbach
sendmail.x86_64 8.15.2-34.el8
RHEL users want old versions. :-)
Not really ;-)

Jobst Schmalenbach
2025-01-12 23:18:57 UTC
Reply
Permalink
Post by Claus Aßmann
Post by Jobst Schmalenbach
Since the discovery of "Modifiers=A" I have tried, yet the attempts are
sendmail.x86_64 8.15.2-34.el8
Pretty old?
This is one of my bigger servers (i.e. many services) running AlmaLinux8
... difficult to "upgrade" it every time a new Alma version arrives.
Loading...