| 1 |
On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote: |
| 2 |
|
| 3 |
> I want to use gmails' smtp server as Smart Host for my single user |
| 4 |
> linux box running sendmail-8.14.4 |
| 5 |
|
| 6 |
That's eminently doable. |
| 7 |
|
| 8 |
|
| 9 |
> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail |
| 10 |
> smtp servers for its clients with addresses like reader@×××××××××.tv |
| 11 |
> |
| 12 |
> They have terrible to non-existent support and no support of linux/sendmail |
| 13 |
> |
| 14 |
> They use smtp.gmail.com But before I get into the extra complication |
| 15 |
> of their direcpath.tv overlay, and since I do have a normal gmail |
| 16 |
> account I thought I'd first try to get the authentication for smtp |
| 17 |
> working for that username. hputnam3@×××××.com |
| 18 |
|
| 19 |
I hope that relaying from your box --> via your gmail account --> via the |
| 20 |
ISP's gmail account will not end up in a pickle for some reason, but assuming |
| 21 |
that Google will not block all that relaying around via its servers here we |
| 22 |
go. |
| 23 |
|
| 24 |
|
| 25 |
> So after dozens of small edits and restarts and makemaps ... cutting |
| 26 |
> to the chase: |
| 27 |
> |
| 28 |
> /etc/mail/authinfo |
| 29 |
|
| 30 |
I am going from memory here (no access to the server at this moment) but I |
| 31 |
recall that this entry should be in /etc/mail/client-info instead, and you |
| 32 |
will need of course to create the client-info.db after your changes: |
| 33 |
|
| 34 |
makemap -r hash client-info.db < client-info |
| 35 |
|
| 36 |
and reference this in your sendmail.mc |
| 37 |
|
| 38 |
|
| 39 |
> (password obfuscated) |
| 40 |
> ,---- |
| 41 |
> |
| 42 |
> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@×××××.com" "P:??XX??" "M: |
| 43 |
> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@×××××.com" |
| 44 |
> | "P:??XX??" "M: LOGIN PLAIN" |
| 45 |
> |
| 46 |
> `---- |
| 47 |
|
| 48 |
Did you try just "M: PLAIN" without the "LOGIN" ? |
| 49 |
|
| 50 |
If PLAIN doesn't do it, then use just LOGIN. |
| 51 |
|
| 52 |
Unless you have a typo in there, try starting the stanzas with: "AuthInfo:" |
| 53 |
^ |
| 54 |
|
| 55 |
Not sure that you need to define the port here on a second line, when it is |
| 56 |
already defined in sendmail.mc. A single line ought to do the trick. |
| 57 |
Increase the verbosity in the log if you need to troubleshoot this (although |
| 58 |
ports are shown anyway at the default log level from what I recall). |
| 59 |
|
| 60 |
> ------- --------- ---=--- --------- -------- |
| 61 |
> |
| 62 |
> And I think what are the most relevant sendmail.mc settings (the whole |
| 63 |
> *mc is inlined at the end). |
| 64 |
> |
| 65 |
> /etc/mail/sendmail.mc |
| 66 |
> |
| 67 |
> ,---- |
| 68 |
> |
| 69 |
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl |
| 70 |
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl |
| 71 |
> | |
| 72 |
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl |
| 73 |
> | |
| 74 |
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN |
| 75 |
> | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN |
| 76 |
> | PLAIN')dnl |
| 77 |
> | |
| 78 |
> | define(`SMART_HOST',`smtp.gmail.com')dnl |
| 79 |
> |
| 80 |
> `---- |
| 81 |
> |
| 82 |
> (And for the record, I did try bracketing the Smart Host like: |
| 83 |
> define(`SMART_HOST',`[smtp.gmail.com]')dnl) |
| 84 |
|
| 85 |
I never used brackets with gmail, or other smtp relays, so you could leave |
| 86 |
these out. |
| 87 |
|
| 88 |
Don't forget (like I often did! ) after any changes to run: m4 sendmail.mc > |
| 89 |
sendmail.cf |
| 90 |
|
| 91 |
|
| 92 |
> I have some old masquerade settings that I doubt are causing a |
| 93 |
> problem. I do have an account with them too. I think the error would |
| 94 |
> be different if they were causing problems, but here those are: |
| 95 |
> |
| 96 |
> (Note, that removing those only gets the same error messages) |
| 97 |
> ,---- |
| 98 |
> |
| 99 |
> | MASQUERADE_AS(`newsguy.com')dnl |
| 100 |
> | FEATURE(`allmasquerade')dnl |
| 101 |
> | FEATURE(`masquerade_envelope')dnl |
| 102 |
> | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl |
| 103 |
> | FEATURE(`local_no_masquerade')dnl |
| 104 |
> |
| 105 |
> `---- |
| 106 |
|
| 107 |
I can't comment on masquerade - never used it. I'd make sure however, that |
| 108 |
your mx record is correct for the IP address you're on, or your ISP may drop |
| 109 |
relay attempts if they have configured their sendmail to only accept |
| 110 |
resolvable domains. |
| 111 |
|
| 112 |
|
| 113 |
> ------- --------- ---=--- --------- -------- |
| 114 |
> |
| 115 |
> Relevant verbose smtp logs: |
| 116 |
> ,---- |
| 117 |
> |
| 118 |
> | 050 >>> EHLO reader.local.lan |
| 119 |
> | 050 250-mx.google.com at your service, [65.50.57.227] |
| 120 |
> | 050 250-SIZE 35882577 |
| 121 |
> | 050 250-8BITMIME |
| 122 |
> | 050 250-AUTH LOGIN PLAIN XOAUTH |
| 123 |
> | 050 250 ENHANCEDSTATUSCODES |
| 124 |
> | 050 >>> MAIL From:<reader@×××××××.com> SIZE=563 AUTH=<> |
| 125 |
> | 050 530-5.5.1 Authentication Required. Learn more at |
| 126 |
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 |
| 127 |
> | py4sm63515568igc.2 |
| 128 |
> |
| 129 |
> `---- |
| 130 |
> |
| 131 |
> The `learn more' address given just above is not all that helpful. |
| 132 |
> |
| 133 |
> ------- --------- ---=--- --------- -------- |
| 134 |
> |
| 135 |
> I think these are the sendmail logs that contain the relevant error: |
| 136 |
> |
| 137 |
> (I'm not sure if the `verify=FAIL' means what it suggests) |
| 138 |
> |
| 139 |
> ,---- |
| 140 |
> |
| 141 |
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client, |
| 142 |
> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, |
| 143 |
> | cipher=RC4-SHA, bits=128/12 |
| 144 |
|
| 145 |
Don't worry about this, you can disregard it. Your box is telling you that |
| 146 |
the smtp.gmail.com SSL certificate is not in the list of your trusted |
| 147 |
certificates. You can try adding it in ~/.gnupg/trustlist.txt if you want |
| 148 |
this error to go away (I think). |
| 149 |
|
| 150 |
|
| 151 |
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: |
| 152 |
> | to=<reader@×××××××.com>, ctladdr=<reader@××××××××××××.lan> |
| 153 |
> | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563, |
| 154 |
> | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, |
| 155 |
> | stat=Service unavailable |
| 156 |
> | |
| 157 |
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: |
| 158 |
> | DSN: Service unavailable |
| 159 |
> |
| 160 |
> `---- |
| 161 |
> |
| 162 |
> ------- --------- ---=--- --------- -------- |
| 163 |
> |
| 164 |
> Full sendmail.mc |
| 165 |
> |
| 166 |
> divert(-1)dnl |
| 167 |
> divert(0)dnl |
| 168 |
> define(`_USE_ETC_MAIL_')dnl |
| 169 |
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl |
| 170 |
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') |
| 171 |
> OSTYPE(`debian')dnl |
| 172 |
> DOMAIN(`debian-mta')dnl |
| 173 |
> undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= |
| 174 |
> |
| 175 |
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl |
| 176 |
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl |
| 177 |
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl |
| 178 |
> |
| 179 |
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl |
| 180 |
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl |
| 181 |
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN |
| 182 |
> PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl |
| 183 |
> define(`SMART_HOST',`smtp.gmail.com')dnl |
| 184 |
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl |
| 185 |
> |
| 186 |
> FEATURE(`no_default_msa')dnl |
| 187 |
> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl |
| 188 |
> DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, |
| 189 |
> Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS', |
| 190 |
> `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody |
| 191 |
> return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl |
| 192 |
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl |
| 193 |
> FEATURE(`use_cw_file')dnl |
| 194 |
> FEATURE(`greet_pause', `1000')dnl 1 seconds |
| 195 |
> FEATURE(`delay_checks', `friend', `n')dnl |
| 196 |
> define(`confBAD_RCPT_THROTTLE',`3')dnl |
| 197 |
> FEATURE(`conncontrol', `nodelay', `terminate')dnl |
| 198 |
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl |
| 199 |
> include(`/etc/mail/m4/dialup.m4')dnl |
| 200 |
> include(`/etc/mail/m4/provider.m4')dnl |
| 201 |
> |
| 202 |
> FEATURE(`always_add_domain')dnl |
| 203 |
> MASQUERADE_AS(`newsguy.com')dnl |
| 204 |
> FEATURE(`allmasquerade')dnl |
| 205 |
> FEATURE(`masquerade_envelope')dnl |
| 206 |
> FEATURE(`local_no_masquerade')dnl |
| 207 |
> |
| 208 |
> EXPOSED_USER(`root')dnl |
| 209 |
> |
| 210 |
> MAILER_DEFINITIONS |
| 211 |
> MAILER(`local')dnl |
| 212 |
> MAILER(procmail)dnl |
| 213 |
> MAILER(`smtp')dnl |
| 214 |
|
| 215 |
I can't see any entries about mailertable.db, virtusertable.db which I recall |
| 216 |
using to control access to sendmail - although your problem is not related to |
| 217 |
this. |
| 218 |
|
| 219 |
Also I can't see any entries about SSL certificate paths? Again this is not |
| 220 |
be important unless you want to offer secure connections to your sendmail |
| 221 |
(Port=smtps) for clients out there. |
| 222 |
|
| 223 |
All this said and done, I'd start with the errors in the syntax |
| 224 |
/etc/mail/authinfo and would move it into client-info before looking at |
| 225 |
anything else. |
| 226 |
|
| 227 |
Good luck! |
| 228 |
|
| 229 |
PS. The sendmail IRC is usually helpful, although they all seem to have PhDs |
| 230 |
in the darn thing and their advice needs translating to plain English once or |
| 231 |
twice before it makes sense to common mortals! :-)) |
| 232 |
-- |
| 233 |
Regards, |
| 234 |
Mick |
Archives