For security, beginning with V8.14 sendmail, authentication credentials (such as passwords) are no longer logged on failure. This can make debugging AUTH difficult. Try using the -X command-line switch to save SMTP transactions to a disk file. That raw SMTP transcript contains all credentials, albeit most are Base64-encoded.

If you run sslauthd(8) to authenticate, be sure to arrange for that program to be automatically restarted at boot time. Overlooking this step can lead to surprising rejections of valid relaying requests following a power, or some other, outage.

Prior to V8.13, AUTH information was included in bounced email when sendmail was configured to use SMTP AUTH. Beginning with V8.13, that sensitive information is excluded from bounced email.