Navigation
User login
Quote
Sendmail as SMTP AUTH client for ISP mail server relay
This means your home Linux machine can't just send outbound email. In order to send outbound email you must first set your server to relay outbound mail to your ISPs server (which can be done with SMART_HOST in sendmail) and use SMTP_AUTH as a *CLIENT* to your ISPs mail server (Bellsouth for example requires SMTP_AUTH to their mailhost ,"mail.bellsouth.net", with PLAIN mech for authentication - many major ISPs do the same).
Many Linux distros use Sendmail as the default MTA (Fedora among them). There are many tutorials on the web concerning using Sendmail as an SMTP_AUTH server to accept incoming auth connections (such as JoreyBump, and a few years back there was my high level awesome mail server post :P). However, there are fewer that concern setting up Sendmail to use SMTP_AUTH as a client so that Sendmail itself can authenticate with another mail server (there are some such as this one for SBC/Yahoo - I just thought more and more specific info might be helpful).
In the case of BellSouth DSL I got a Fedora Sendmail setup working as follows (Core 4 with Sendmail 8.13.4 - Be advised, you should always BACKUP your existing conf files before you muck with them):
1. Note that the default locations on Fedora (and many distros) for Sendmail installed files is "/etc/mail". sendmail.cf, sendmail.mc, access map, so on, are located at /etc/mail.
2. Check that your Sendmail binary has STARTTLS and SASL support:
sendmail -d0.1 -bv
Make sure STARTTLS and SASL are present in the output, this is the default on Fedora and other distors now so they are likely alread there - if you do not have these you need to backup and recompile sendmail to include them - see the aforementioned server oriented tutorials on this subject - Yes the client usage requires them.
3. Edit your sendmail.mc to include the "smart host" option. (Use brackets here if you want sendmail to skip an MX record lookup and use the A record - `[mail.bellsouth.net]'. Don't use brackets if you need the MX - `mail.bellsouth.net'. If you are unsure try it with brackets and if it doesn't work take them out.)
define(`SMART_HOST',`[mail.bellsouth.net]')
4. Edit your sendmail.mc to setup a map for "authinfo".
FEATURE(`authinfo',`hash /etc/mail/authinfo.db')
5. Check the rest of your sendmail.mc to make sure that things are sane and items relevant to STARTTLS and SASL are uncommented and valid. For example check to ensure you have the certificate related entries (and that these entries are valid - you may have to create the sendmail.pem cert - from the cert dir "make sendmail.pem" assuming you have the OpenSSL libraries available):
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
Make sure you also have the auth mechanisms defined/uncommented (I am not sure this should be required just for the client - but I had to enable to get things working):
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
Also you should turn up the logging temporarily in order to verify things:
define(`confLOG_LEVEL', `20')dnl
6. Create the "authinfo" file in (the file that tells the SMTP_AUTH client what credentials to login with for what domain).
AuthInfo:mail.bellsouth.net "U:root" "I:user@bellsouth.net" "P:password" "M:LOGIN PLAIN"
7. With the newly edited "sendmail.mc" file use m4 (the sendmail macro burner) to create "sendmail.cf".
m4 sendmail.mc > sendmail.cf
8. With the newly created "authinfo" file make the authinfo.db which sendmail will use.
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
9. Restart sendmail (default /etc/init.d/sendmail restart) and check the logs (default /etc/maillog) to make sure there are no issues/errors/warnings. Errors such as unable to find STARTTLS certificate need to be addressed before you proceed, really there should be no errors or warnings, these have meanings. ;)
10. Run a map test to ensure that the "authinfo" db is being correctly picked up by your new sendmail configuration.
echo '/map authinfo AuthInfo:mail.bellsouth.net' | /usr/sbin/sendmail -bt
If this is found and there is an entry then proceed, otherwise something is amiss with authinfo and that needs to be addressed.
11. OPTIONAL - Make an alias for the "root" user to go to an actual external email account (if not already done). For example in /etc/aliases change the line under "Person that should get root's email" to go to "root: user@gmail.com" where that is a valid external email account. Make sure to run "newaliases" to invoke.
12. Send an email to root and watch the logs.
mail root
Test
this is a test
.
The logs should show all the SMTP level info (since it is using level 20) and should show a line that reads similar to:
Feb 17 21:08:45 totsp sendmail[27587]: k1I28jTQ027587: MAIL From: SIZE=29 AUTH=root@yourhostname.org.
This shows that the AUTH was made. Then a little further down in the log you should see that the message was accepted. (If it was not accepted you will see that it was rejected and why (the response code).
UPDATE: Also see the new information on the Sendmail.org site about using Sendmail as an AUTH client - http://www.sendmail.org/~ca/email/auth.html.
TotSP Search
Community
Chatter
- I glossed over the database
1 day 6 hours ago - Error
2 days 10 hours ago - its very good
1 week 5 days ago - Very informative.
2 weeks 22 hours ago - Thanks for the demo code; how to write the UserComment field
2 weeks 5 days ago - Would be happy to add you if
3 weeks 5 days ago - add me
3 weeks 5 days ago - Thanks
4 weeks 6 days ago - Extremely annoying
5 weeks 1 day ago - Actually, it's worse than I
6 weeks 8 hours ago
Comments
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Hi Charlie, thanks for good write up on setting up sendmail for bellsouth.
I seem to have a single error that i am unable to fix. this is a print of the maillog .. somewhere in all this i am sure is the answer..
===========
Mar 21 16:36:55 n4clh-srv1 sendmail[7676]: k2LLatpB007676: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30098, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k2LLatTV007677 Message accepted for delivery)
Mar 21 16:36:56 n4clh-srv1 sendmail[7678]: k2LLatTV007677: to=n4clh@hotmail.com, ctladdr= (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30698, relay=mail.bellsouth.net. [205.152.59.16], dsn=5.6.0, stat=Data format error
Mar 21 16:36:56 n4clh-srv1 sendmail[7678]: k2LLatTV007677: k2LLauTU007678: DSN: Data format error
Mar 21 16:36:56 n4clh-srv1 sendmail[7678]: k2LLauTU007678: to=n4clh@hotmail.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31722, relay=mail.bellsouth.net., dsn=5.1.1, stat=User unknown
Mar 21 16:36:56 n4clh-srv1 sendmail[7678]: k2LLauTU007678: k2LLauTV007678: return to sender: User unknown
Mar 21 16:36:56 n4clh-srv1 sendmail[7678]: k2LLauTV007678: to=n4clh@hotmail.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32746, relay=mail.bellsouth.net. [205.152.59.16], dsn=5.1.1, stat=User unknown
===========
user IS my primary bellsouth account.
any thoughts..
Thanks
One Solution to This
Hopefully you have already fixed your problem here, but for others who may experience the same problem I am posting in hopes it will help as I had this exact same problem showing in my logs. After many hours of searching and coming up empty I finally noticed that in my SMART_HOST statement I had made it without the brackets around my ISP mail server. Once I put the brackets in it finally worked and the relay=[127.0.0.1] [127.0.0.1] log entries disappeared . Note I am NOT using the brackets in my AuthInfo statement (putting them in and taking them out was one of many attempted fixes) and it is currently working. To bracket or not to bracket...that is the question!
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Rather than running m4 and makemap manually, the more standard approach is to edit the Makefile in /etc/mail. Look for the line that looks like this:
all: ${CFFILES} ${POSSIBLE} virtusertable.db access.db domaintable.db mailertable.db
and add authinfo.db to the end of it.
After doing that, just type
make
in that directory and you'll get everything rebuilt automatically.
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Hi, make does not work for me. I have to do the m4 command.
I see the "AUTH=root@domain.net" message in /var/log/maillog but further down I get "not authenticated". I checked my "authinfo" file to ensure I got the userid/password correct. I went to www.webmail.bellsouth.net to verify and I can sign on. The only difference I can tell is that my define(confAUTH_MECHANISM ... has some other options before LOGIN PLAIN. During the handshake they were presented by Bell South as valid options along with ANONYMOUS. It sounds crazy but would it be possible to post the entire sendmail.mc. I have been going at this for 9 hours. Thank you.
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Thx a lot for the guide. But I had to change one bit before it worked:
In the entry for the authinfo file, I had to omit the brackets around the remote relay name. I.e. in the example above the entry should start with 'AuthInfo:smtp.bellsouth.com', not with 'AuthInfo:[smtp.bellsouth.com]'.
RE: Sendmail as SMTP AUTH client for ISP mail server relay
I'm running Fedora 8 and I also had to remove the brackets from around the relay host address on both the smart host line in sendmail.mc and in the authinfo file before it would work.
Works great now!!!! Thanks for the guide.
Removed the brackets from
Removed the brackets from the article, I believe at one time they worked, but now they mean IP address instead of hostname (if I read the docs correctly). So if you are using a hostname, you don't need them.
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Hey Charlie.
First, I have to thank you. I have scoured the internet on how to configure sendmail with my ISP for outgoing messages. With your help, I'm nearly there.
My isp is bellsouth, and I can send emails to bellsouth. I cannot, however, send emails anywhere else (like my pager). I hope you're still around because I'd like to show you what things I have discovered in my logs.
- Ed Sileo
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Hey! I got this working! I had messed up my sendmail.mc file. Once I updated it with your notes from above, it worked!
Thanks, Ed Sileo
RE: Sendmail as SMTP AUTH client for ISP mail server relay
Coolio Ed. Curious, what notes helped, the brackets thing?
Also I see that some other comments have stated to not to use m4 but rather to edit the makefile - negatory, do not do that. It can work, but it is certainly not the "more standard approach" - at least not in my experience or per the sendmail documentation.
Sendmail as SMTP AUTH client for ISPF mail server relay
I have been going around in circles.
I followed all the advise in this page. I made the changes to /etc/mail/authinfo to remove brackets for bellsouth so it now looks like "AuthInfo:mail.bellsouth.net".
I can't get it to work.
I keep on getting:
May 4 12:12:52 a15613947183 sendmail[7645]: l44GBpfT007644: makeconnection (mail.bellsouth.com. [139.76.165.130]) failed: Connection timed out with mail.bellsouth.com.
I hope Charlie or one of you still around. I am going crazy with this problem.
Still around, and this setup
Still around, and this setup is still working fine for me (and still with bellsouth). If you get "connection timed out", check that you can connect with that host - outside of sendmail and all this setup. That is, make sure you have network connectivity (personal firewall or such?).
Brackets needed ...
The SMART_HOST value needs to be [mail.bellsouth.net], not just mail.bellsouth.net. If the brackets are not supplied, sendmail will do a DNS lookup for the MX records and then use those addresses (obtaining mx00.mail.bellsouth.net & mx01.mail.bellsouth.net). Unfortunately, this won't work as these boxes are for incoming mail, not outgoing, and the port 25 block applies. By including the brackets, sendmail will just obtain the A records for mail.bellsouth.net and thereby reach the correct machine. Note that the authinfo is not required for IP's within the Bellsouth network. If you do need this for mobile use, you should not place brackets around the URI there.
One does wonder why AT&T put MX records on the mail server's host name instead of the domain itself ... but they did.
Thanx Charlie for GREAT source on AUTH sendmail!
Your description is the best I could find on the web! Everything went well thanx to your detailed information!
Only one thing that I needed to add at the end was the mailertable. Works like charm now! :)
This was GREAT!
Thank you very much for sharing this. Worked on my old FC4 Box almost in no time. Had to update sendmail-cf, but that was it.. :)
m4 command?
When I do the m4 command in step 7:
m4 sendmail.cf < sendmail.mc
I get a bunch of text printed to the screen. When I do a 'ls -l' tho the sendmail.cf is older then the sendmail.mc file.
There is a ton of output, but there are no errors that I could see.
I am running FC 5. When I restart sendmail this is what is printed to the log:
Jul 13 22:59:38 wsi-fc5 sendmail[8304]: starting daemon (8.13.8): SMTP+queueing@01:00:00
Jul 13 22:59:38 wsi-fc5 sm-msp-queue[8311]: My unqualified host name (wsi-fc5) unknown; sleeping for retry
Jul 13 23:00:38 wsi-fc5 sm-msp-queue[8311]: unable to qualify my own domain name (wsi-fc5) -- using short name
Jul 13 23:00:38 wsi-fc5 sm-msp-queue[8318]: starting daemon (8.13.8): queueing@01:00:00
Any thoughts or suggestions (I've never used m4 before so I'm not sure how it is used)
Thanks
Jim
Awkward use of m4 there
I just noticed my syntax is a bit awkward there, rather than "m4 sendmail.cf < sendmail.mc" (which should still work, even though it's confusing), try something like the following:
m4 sendmail.mc > sendmail.new.cf
And then see if the "new" file is created. Since there are no errors I assume it's not perms, etc. But just try to see if you can make a new file, rather than overwriting the existing file. Then, if that works, try renaming both the old and new and restarting sendmail.
Thx a lot for the guide. But
Thx a lot for the guide. But I had to change one bit before it worked:
In the entry for the authinfo file, I had to omit the brackets around the remote relay name. In the example above the entry should start with 'AuthInfo:smtp.bellsouth.com', not with 'AuthInfo:[smtp.bellsouth.com]'.
making sendmail.pem
Hi Charlie -
Found your page on configuring sendmail to work happy with the bellsouth mail server. Running FC5 with the stock sendmail install that came with it.
Looking further in the sendmail.cf I find that the directory paths are different in FC5 vs FC4.
Anyhow, between your steps and those at http://www.sendmail.org/~ca/email/auth.html
I was able to get all the configuring done. The local sendmail accepts the mail and relays it to the bellsouth mail server but the bellsouth mail server refuses the connection. What can I do to get more detail other than connection refused. The log level is set at 20.
TIA
HTD
Sendmail troubleshooting
What does the log say currently, just connection refused?
What you describe "feels" more like an issue outside of sendmail at any rate. Can you telnet to port 25 of the mail host you are trying to reach? Could be a networking issue in between the sendmail host and the ISP mail host?
bellsouth
Yes - I can telnet to mail.bellsouth.net and send a test email to my hotmail account.
Turns out I don't need any of this. I have a static IP and they must have a whitelist. I can use their mail server directly without auth info. Oh well, live n learn (I know more about sendmail anyhow).
HD
brackets vs non
Found this reference that explains the use of brackets in sendmail.mc:
http://www.ale.org/archive/ale/ale-2003-07/msg00048.html
Many thanks and a question
Hi,
I just stumbled onto this site after looking for just this sort of thing for quite a long time. I know how to make Postfix do this, but getting Sendmail--which comes with Slackware--to do this is another thing entirely.
I am proud to report that things seem to work properly. In my case I'm relaying to my university's mail server from a linux box I've got here.
I do have a couple questions though.
Is it necesary to redirect the root mail to an outside email address? I like using native Linux tools for things henever I can, including for reading mail. I was wondering if I could just direct root's mail to a local username on the box. I already use Getmail to fetch mail from the university IMAP server as is.
Second question...Is there any reason for the "u:root" entry in /etc/mail/authinfo? This doesn't seem to do anything except puzzle me.
Thanks in advance, and I really enjoyed reading this...
Best,
Zack.
Perfect!
This was exactly the article I was looking for and worked flawlessly for my setup (CENTOS instead of Slackware). The only thing different was the default location of the mail logs!
Thank you a million times for a clearly laid out tutorial! I ran across a ton of different sites with 'sort of' the same solution, but none of them presented it with enough clarity to encourage me to try to implement it myself! Well done
Cheers!
Jon Paul