On 27/12/11 14:19, Harry Putnam wrote: > First let me say, I'm not interested in switching mta's. > > I want to use gmails' smtp server as Smart Host for my single user > debian box running sendmail-8.14.4 > > I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail > smtp servers for its clients with addresses like rea...@direcpath.tv > > They have terrible to non-existent support and no support of linux/sendmail > > They use smtp.gmail.com But before I get into the extra complication > of their direcpath.tv overlay, and since I do have a normal gmail > account I thought I'd first try to get the authentication for smtp > working for that username. hputn...@gmail.com > > So after dozens of small edits and restarts and makemaps ... cutting > to the chase: > > /etc/mail/authinfo > > (password obfuscated) > ,---- > | Athinfo:smtp.gmail.com "U:root" "I:hputn...@gmail.com" "P:??XX??" "M: LOGIN > PLAIN" > | Athinfo:smtp.gmail.com:587 "U:root" "I:hputn...@gmail.com" "P:??XX??" "M: > LOGIN PLAIN" > `---- > > ------- --------- ---=--- --------- -------- > > And I think what are the most relevant sendmail.mc settings (the whole > *mc is inlined at the end). > > /etc/mail/sendmail.mc > > ,---- > | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > | > | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > | > | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > | TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > | > | define(`SMART_HOST',`smtp.gmail.com')dnl > `---- > > (And for the record, I did try bracketing the Smart Host like: > define(`SMART_HOST',`[smtp.gmail.com]')dnl) > > I have some old masquerade settings that I doubt are causing a > problem. I do have an account with them too. I think the error would > be different if they were causing problems, but here those are: > > (Note, that removing those only gets the same error messages) > ,---- > | MASQUERADE_AS(`newsguy.com')dnl > | FEATURE(`allmasquerade')dnl > | FEATURE(`masquerade_envelope')dnl > | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl > | FEATURE(`local_no_masquerade')dnl > `---- > > ------- --------- ---=--- --------- -------- > > Relevant verbose smtp logs: > ,---- > | 050 >>> EHLO reader.local.lan > | 050 250-mx.google.com at your service, [65.50.57.227] > | 050 250-SIZE 35882577 > | 050 250-8BITMIME > | 050 250-AUTH LOGIN PLAIN XOAUTH > | 050 250 ENHANCEDSTATUSCODES > | 050 >>> MAIL From:<rea...@newsguy.com> SIZE=563 AUTH=<> > | 050 530-5.5.1 Authentication Required. Learn more at > > | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 > py4sm63515568igc.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^ > `---- > > The `learn more' address give just above is not all that helpfull. It's the line above it that's relevant (the "learn more" is for the same situation in a MUA - not SendMail). You don't show your authentication settings eg.:- define(`CERT_DIR’, `/etc/mail/certs’) define(`confCACERT_PATH’, `CERT_DIR’) define(`confCACERT’, `CERT_DIR/ca-bundle.crt’) define(`confCRL’, `CERT_DIR/ca-bundle.crt’) define(`confSERVER_CERT’, `CERT_DIR/sendmail.pem’) define(`confSERVER_KEY’, `CERT_DIR/sendmail.pem’) define(`confCLIENT_CERT’, `CERT_DIR/sendmail.pem’) define(`confCLIENT_KEY’, `CERT_DIR/sendmail.pem’) > > ------- --------- ---=--- --------- -------- > > I think these are the sendmail logs that contain the relevant error: > > (I'm not sure if the `verify=FAIL' means what it suggests) I suspect it means exactly what it says..... > > ,---- > | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client, > | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, > | cipher=RC4-SHA, bits=128/12 > | > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: > | to=<rea...@newsguy.com>, ctladdr=<rea...@reader.local.lan> > | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563, > | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, > | stat=Service unavailable > | > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: DSN: > Service unavailable > `---- > > ------- --------- ---=--- --------- -------- > > Full sendmail.mc > > divert(-1)dnl > divert(0)dnl > define(`_USE_ETC_MAIL_')dnl > include(`/usr/share/sendmail/cf/m4/cf.m4')dnl > VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') > OSTYPE(`debian')dnl > DOMAIN(`debian-mta')dnl > undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= > > define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > > FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl > define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`SMART_HOST',`smtp.gmail.com')dnl > FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl > > FEATURE(`no_default_msa')dnl > DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl > DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, > Addr=127.0.0.1')dnl > define(`confPRIVACY_FLAGS', > `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl > define(`confCONNECTION_RATE_THROTTLE', `15')dnl > define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl > FEATURE(`use_cw_file')dnl > FEATURE(`greet_pause', `1000')dnl 1 seconds > FEATURE(`delay_checks', `friend', `n')dnl > define(`confBAD_RCPT_THROTTLE',`3')dnl > FEATURE(`conncontrol', `nodelay', `terminate')dnl > FEATURE(`ratecontrol', `nodelay', `terminate')dnl > include(`/etc/mail/m4/dialup.m4')dnl > include(`/etc/mail/m4/provider.m4')dnl > > FEATURE(`always_add_domain')dnl > MASQUERADE_AS(`newsguy.com')dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > FEATURE(`local_no_masquerade')dnl > > EXPOSED_USER(`root')dnl > > MAILER_DEFINITIONS > MAILER(`local')dnl > MAILER(procmail)dnl > MAILER(`smtp')dnl > > Please post your cert (pem) settings. Cheers -- Iceweasel/Firefox extensions for finding answers to Debian questions:- https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4ef93f95.7040...@gmail.com