1 |
On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote: |
2 |
|
3 |
> I want to use gmails' smtp server as Smart Host for my single user |
4 |
> linux box running sendmail-8.14.4 |
5 |
|
6 |
That's eminently doable. |
7 |
|
8 |
|
9 |
> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail |
10 |
> smtp servers for its clients with addresses like reader@×××××××××.tv |
11 |
> |
12 |
> They have terrible to non-existent support and no support of linux/sendmail |
13 |
> |
14 |
> They use smtp.gmail.com But before I get into the extra complication |
15 |
> of their direcpath.tv overlay, and since I do have a normal gmail |
16 |
> account I thought I'd first try to get the authentication for smtp |
17 |
> working for that username. hputnam3@×××××.com |
18 |
|
19 |
I hope that relaying from your box --> via your gmail account --> via the |
20 |
ISP's gmail account will not end up in a pickle for some reason, but assuming |
21 |
that Google will not block all that relaying around via its servers here we |
22 |
go. |
23 |
|
24 |
|
25 |
> So after dozens of small edits and restarts and makemaps ... cutting |
26 |
> to the chase: |
27 |
> |
28 |
> /etc/mail/authinfo |
29 |
|
30 |
I am going from memory here (no access to the server at this moment) but I |
31 |
recall that this entry should be in /etc/mail/client-info instead, and you |
32 |
will need of course to create the client-info.db after your changes: |
33 |
|
34 |
makemap -r hash client-info.db < client-info |
35 |
|
36 |
and reference this in your sendmail.mc |
37 |
|
38 |
|
39 |
> (password obfuscated) |
40 |
> ,---- |
41 |
> |
42 |
> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@×××××.com" "P:??XX??" "M: |
43 |
> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@×××××.com" |
44 |
> | "P:??XX??" "M: LOGIN PLAIN" |
45 |
> |
46 |
> `---- |
47 |
|
48 |
Did you try just "M: PLAIN" without the "LOGIN" ? |
49 |
|
50 |
If PLAIN doesn't do it, then use just LOGIN. |
51 |
|
52 |
Unless you have a typo in there, try starting the stanzas with: "AuthInfo:" |
53 |
^ |
54 |
|
55 |
Not sure that you need to define the port here on a second line, when it is |
56 |
already defined in sendmail.mc. A single line ought to do the trick. |
57 |
Increase the verbosity in the log if you need to troubleshoot this (although |
58 |
ports are shown anyway at the default log level from what I recall). |
59 |
|
60 |
> ------- --------- ---=--- --------- -------- |
61 |
> |
62 |
> And I think what are the most relevant sendmail.mc settings (the whole |
63 |
> *mc is inlined at the end). |
64 |
> |
65 |
> /etc/mail/sendmail.mc |
66 |
> |
67 |
> ,---- |
68 |
> |
69 |
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl |
70 |
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl |
71 |
> | |
72 |
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl |
73 |
> | |
74 |
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN |
75 |
> | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN |
76 |
> | PLAIN')dnl |
77 |
> | |
78 |
> | define(`SMART_HOST',`smtp.gmail.com')dnl |
79 |
> |
80 |
> `---- |
81 |
> |
82 |
> (And for the record, I did try bracketing the Smart Host like: |
83 |
> define(`SMART_HOST',`[smtp.gmail.com]')dnl) |
84 |
|
85 |
I never used brackets with gmail, or other smtp relays, so you could leave |
86 |
these out. |
87 |
|
88 |
Don't forget (like I often did! ) after any changes to run: m4 sendmail.mc > |
89 |
sendmail.cf |
90 |
|
91 |
|
92 |
> I have some old masquerade settings that I doubt are causing a |
93 |
> problem. I do have an account with them too. I think the error would |
94 |
> be different if they were causing problems, but here those are: |
95 |
> |
96 |
> (Note, that removing those only gets the same error messages) |
97 |
> ,---- |
98 |
> |
99 |
> | MASQUERADE_AS(`newsguy.com')dnl |
100 |
> | FEATURE(`allmasquerade')dnl |
101 |
> | FEATURE(`masquerade_envelope')dnl |
102 |
> | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl |
103 |
> | FEATURE(`local_no_masquerade')dnl |
104 |
> |
105 |
> `---- |
106 |
|
107 |
I can't comment on masquerade - never used it. I'd make sure however, that |
108 |
your mx record is correct for the IP address you're on, or your ISP may drop |
109 |
relay attempts if they have configured their sendmail to only accept |
110 |
resolvable domains. |
111 |
|
112 |
|
113 |
> ------- --------- ---=--- --------- -------- |
114 |
> |
115 |
> Relevant verbose smtp logs: |
116 |
> ,---- |
117 |
> |
118 |
> | 050 >>> EHLO reader.local.lan |
119 |
> | 050 250-mx.google.com at your service, [65.50.57.227] |
120 |
> | 050 250-SIZE 35882577 |
121 |
> | 050 250-8BITMIME |
122 |
> | 050 250-AUTH LOGIN PLAIN XOAUTH |
123 |
> | 050 250 ENHANCEDSTATUSCODES |
124 |
> | 050 >>> MAIL From:<reader@×××××××.com> SIZE=563 AUTH=<> |
125 |
> | 050 530-5.5.1 Authentication Required. Learn more at |
126 |
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 |
127 |
> | py4sm63515568igc.2 |
128 |
> |
129 |
> `---- |
130 |
> |
131 |
> The `learn more' address given just above is not all that helpful. |
132 |
> |
133 |
> ------- --------- ---=--- --------- -------- |
134 |
> |
135 |
> I think these are the sendmail logs that contain the relevant error: |
136 |
> |
137 |
> (I'm not sure if the `verify=FAIL' means what it suggests) |
138 |
> |
139 |
> ,---- |
140 |
> |
141 |
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client, |
142 |
> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, |
143 |
> | cipher=RC4-SHA, bits=128/12 |
144 |
|
145 |
Don't worry about this, you can disregard it. Your box is telling you that |
146 |
the smtp.gmail.com SSL certificate is not in the list of your trusted |
147 |
certificates. You can try adding it in ~/.gnupg/trustlist.txt if you want |
148 |
this error to go away (I think). |
149 |
|
150 |
|
151 |
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: |
152 |
> | to=<reader@×××××××.com>, ctladdr=<reader@××××××××××××.lan> |
153 |
> | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563, |
154 |
> | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, |
155 |
> | stat=Service unavailable |
156 |
> | |
157 |
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: |
158 |
> | DSN: Service unavailable |
159 |
> |
160 |
> `---- |
161 |
> |
162 |
> ------- --------- ---=--- --------- -------- |
163 |
> |
164 |
> Full sendmail.mc |
165 |
> |
166 |
> divert(-1)dnl |
167 |
> divert(0)dnl |
168 |
> define(`_USE_ETC_MAIL_')dnl |
169 |
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl |
170 |
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') |
171 |
> OSTYPE(`debian')dnl |
172 |
> DOMAIN(`debian-mta')dnl |
173 |
> undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= |
174 |
> |
175 |
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl |
176 |
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl |
177 |
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl |
178 |
> |
179 |
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl |
180 |
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl |
181 |
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN |
182 |
> PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl |
183 |
> define(`SMART_HOST',`smtp.gmail.com')dnl |
184 |
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl |
185 |
> |
186 |
> FEATURE(`no_default_msa')dnl |
187 |
> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl |
188 |
> DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, |
189 |
> Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS', |
190 |
> `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody |
191 |
> return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl |
192 |
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl |
193 |
> FEATURE(`use_cw_file')dnl |
194 |
> FEATURE(`greet_pause', `1000')dnl 1 seconds |
195 |
> FEATURE(`delay_checks', `friend', `n')dnl |
196 |
> define(`confBAD_RCPT_THROTTLE',`3')dnl |
197 |
> FEATURE(`conncontrol', `nodelay', `terminate')dnl |
198 |
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl |
199 |
> include(`/etc/mail/m4/dialup.m4')dnl |
200 |
> include(`/etc/mail/m4/provider.m4')dnl |
201 |
> |
202 |
> FEATURE(`always_add_domain')dnl |
203 |
> MASQUERADE_AS(`newsguy.com')dnl |
204 |
> FEATURE(`allmasquerade')dnl |
205 |
> FEATURE(`masquerade_envelope')dnl |
206 |
> FEATURE(`local_no_masquerade')dnl |
207 |
> |
208 |
> EXPOSED_USER(`root')dnl |
209 |
> |
210 |
> MAILER_DEFINITIONS |
211 |
> MAILER(`local')dnl |
212 |
> MAILER(procmail)dnl |
213 |
> MAILER(`smtp')dnl |
214 |
|
215 |
I can't see any entries about mailertable.db, virtusertable.db which I recall |
216 |
using to control access to sendmail - although your problem is not related to |
217 |
this. |
218 |
|
219 |
Also I can't see any entries about SSL certificate paths? Again this is not |
220 |
be important unless you want to offer secure connections to your sendmail |
221 |
(Port=smtps) for clients out there. |
222 |
|
223 |
All this said and done, I'd start with the errors in the syntax |
224 |
/etc/mail/authinfo and would move it into client-info before looking at |
225 |
anything else. |
226 |
|
227 |
Good luck! |
228 |
|
229 |
PS. The sendmail IRC is usually helpful, although they all seem to have PhDs |
230 |
in the darn thing and their advice needs translating to plain English once or |
231 |
twice before it makes sense to common mortals! :-)) |
232 |
-- |
233 |
Regards, |
234 |
Mick |