Recipe 7.6 Controlling the AUTHParameter

Previous page
Table of content
Next page

Recipe 7.6 Controlling the AUTH= Parameter

Problem

Because some broken SMTP implementations see the AUTH= parameter as a syntax error, you have decided to configure sendmail to add the AUTH= parameter to the MAIL From : line only when authentication succeeds.

Solution

If these steps have not yet been done, compile sendmail with AUTH support as described in Recipe 1.5, and install and configure SASL as described in the chapter Introduction and in Recipe 7.1.

Next , create the AUTH credentials for outbound connections, using either the techniques described in Recipe 7.2 or Recipe 7.3.

Add a confAUTH_OPTIONS define with the A flag set to the sendmail configuration. The required define is: 

 dnl Send AUTH= only when authenticated define(`confAUTH_OPTIONS', `A')

Rebuild and install the new sendmail.cf file, and restart sendmail, as shown in Recipe 1.8.

Discussion

Use the A option of the confAUTH_OPTIONS define to prevent sendmail from adding the AUTH= parameter to the envelope sender address when the local host has not been authenticated. sendmail does not send an AUTH= parameter to a remote system if that system does not advertise AUTH. But, by default, a sendmail system that is configured to support AUTH adds the AUTH= parameter to every mail message sent to a system that advertises AUTH, even if authentication fails, as this excerpt from an actual SMTP exchange shows: 

 500 5.7.0 authentication failed >>> MAIL From:<craig@chef.wrotethebook.com> SIZE=111 AUTH=craig@chef.wrotethebook.com 250 2.1.0 <craig@chef.wrotethebook.com>... Sender ok

In fact, sendmail adds the AUTH= parameter to the MAIL From : line even if authentication is not attempted. If the remote host advertises AUTH, a sendmail host configured for AUTH always sends the AUTH= parameter. In the following test, rodent offers AUTH mechanisms not configured on chef . Therefore, chef does not attempt to authenticate, but because it is configured for other AUTH mechanisms, chef sends the AUTH= parameter: 

 #  sendmail -Am -v -t   To: craig@rodent.wrotethebook.com   From: craig@chef.wrotethebook.com   Subject: Test yet again   Ctrl-D  craig@rodent.wrotethebook.com... Connecting to rodent.wrotethebook.com. via esmtp... 220 rodent.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Fri, 10 Jan 2003 13:52:32 - 0500 >>> EHLO chef.wrotethebook.com 250-rodent.wrotethebook.com Hello IDENT:UZFl3RUw1vRsWKcZqcKAEudx69KnFn37@chef [192. 168.0.8], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 250 HELP >>> MAIL From:<craig@chef.wrotethebook.com> SIZE=92 AUTH=craig@chef.wrotethebook.com 250 2.1.0 <craig@chef.wrotethebook.com>... Sender ok >>> RCPT To:<craig@rodent.wrotethebook.com> 250 2.1.5 <craig@rodent.wrotethebook.com>... Recipient ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 h0AIqW501445 Message accepted for delivery craig@rodent.wrotethebook.com... Sent (h0AIqW501445 Message accepted for delivery) Closing connection to rodent.wrotethebook.com. >>> QUIT 221 2.0.0 rodent.wrotethebook.com closing connection

Setting the A option with the confAUTH_OPTIONS define changes this behavior: sendmail does not add the AUTH= parameter unless authentication succeeds. This excerpt shows that AUTH= is not added when authentication fails: 

 500 5.7.0 authentication failed >>> MAIL From:<craig@chef.wrotethebook.com> SIZE=111 250 2.1.0 <craig@chef.wrotethebook.com>... Sender ok

However, if authentication succeeds, the AUTH= parameter is still added to the MAIL From : line, as this excerpt shows: 

 235 2.0.0 OK Authenticated >>> MAIL From:<craig@chef.wrotethebook.com> SIZE=111 AUTH=craig@chef.wrotethebook.com 250 2.1.0 <craig@chef.wrotethebook.com>... Sender ok

The AUTH= parameter is propagated on to the next mail relay if the receiving host trusts the AUTH= parameter that it received from the connecting host. sendmail only trusts that parameter if the connecting host was authenticated. The trust_auth ruleset is passed the AUTH= parameter and determines whether this value should be trusted. You can modify the way that the server handles the AUTH= parameter by writing your own Local_trust_auth ruleset.

See Also

Recipe 7.2 and Recipe 7.3 provide additional information on configuring AUTH. The sendmail book covers the AUTH= parameter in Section 21.9.6 and the confAUTH_OPTIONS define in Section 24.9.6.


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Oracle Developer Forms Techniques
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Java for RPG Programmers, 2nd Edition
Junos Cookbook (Cookbooks (OReilly))
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy