On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote: > I want to use gmails' smtp server as Smart Host for my single user > linux box running sendmail-8.14.4
That's eminently doable.
> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail
> smtp servers for its clients with addresses like rea...@direcpath.tv
>
> They have terrible to non-existent support and no support of linux/sendmail
>
> They use smtp.gmail.com But before I get into the extra complication
> of their direcpath.tv overlay, and since I do have a normal gmail
> account I thought I'd first try to get the authentication for smtp
> working for that username. hputn...@gmail.com
I hope that relaying from your box --> via your gmail account --> via the
ISP's gmail account will not end up in a pickle for some reason, but assuming
that Google will not block all that relaying around via its servers here we
go.
> So after dozens of small edits and restarts and makemaps ... cutting
> to the chase:
>
> /etc/mail/authinfo
I am going from memory here (no access to the server at this moment) but I
recall that this entry should be in /etc/mail/client-info instead, and you
will need of course to create the client-info.db after your changes:
makemap -r hash client-info.db < client-info
and reference this in your sendmail.mc
> (password obfuscated)
> ,----
>
> | Athinfo:smtp.gmail.com "U:root" "I:hputn...@gmail.com" "P:??XX??" "M:
> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputn...@gmail.com"
> | "P:??XX??" "M: LOGIN PLAIN"
>
> `----
Did you try just "M: PLAIN" without the "LOGIN" ?
If PLAIN doesn't do it, then use just LOGIN.
Unless you have a typo in there, try starting the stanzas with: "AuthInfo:"
^
Not sure that you need to define the port here on a second line, when it is
already defined in sendmail.mc. A single line ought to do the trick.
Increase the verbosity in the log if you need to troubleshoot this (although
ports are shown anyway at the default log level from what I recall).
> ------- --------- ---=--- --------- --------
>
> And I think what are the most relevant sendmail.mc settings (the whole
> *mc is inlined at the end).
>
> /etc/mail/sendmail.mc
>
> ,----
>
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> |
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> |
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl
> |
> | define(`SMART_HOST',`smtp.gmail.com')dnl
>
> `----
>
> (And for the record, I did try bracketing the Smart Host like:
> define(`SMART_HOST',`[smtp.gmail.com]')dnl)
I never used brackets with gmail, or other smtp relays, so you could leave
these out.
Don't forget (like I often did! ) after any changes to run: m4 sendmail.mc >
sendmail.cf
> I have some old masquerade settings that I doubt are causing a
> problem. I do have an account with them too. I think the error would
> be different if they were causing problems, but here those are:
>
> (Note, that removing those only gets the same error messages)
> ,----
>
> | MASQUERADE_AS(`newsguy.com')dnl
> | FEATURE(`allmasquerade')dnl
> | FEATURE(`masquerade_envelope')dnl
> | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl
> | FEATURE(`local_no_masquerade')dnl
>
> `----
I can't comment on masquerade - never used it. I'd make sure however, that
your mx record is correct for the IP address you're on, or your ISP may drop
relay attempts if they have configured their sendmail to only accept
resolvable domains.
> ------- --------- ---=--- --------- --------
>
> Relevant verbose smtp logs:
> ,----
>
> | 050 >>> EHLO reader.local.lan
> | 050 250-mx.google.com at your service, [65.50.57.227]
> | 050 250-SIZE 35882577
> | 050 250-8BITMIME
> | 050 250-AUTH LOGIN PLAIN XOAUTH
> | 050 250 ENHANCEDSTATUSCODES
> | 050 >>> MAIL From:<rea...@newsguy.com> SIZE=563 AUTH=<>
> | 050 530-5.5.1 Authentication Required. Learn more at
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257
> | py4sm63515568igc.2
>
> `----
>
> The `learn more' address given just above is not all that helpful.
>
> ------- --------- ---=--- --------- --------
>
> I think these are the sendmail logs that contain the relevant error:
>
> (I'm not sure if the `verify=FAIL' means what it suggests)
>
> ,----
>
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client,
> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL,
> | cipher=RC4-SHA, bits=128/12
Don't worry about this, you can disregard it. Your box is telling you that
the smtp.gmail.com SSL certificate is not in the list of your trusted
certificates. You can try adding it in ~/.gnupg/trustlist.txt if you want
this error to go away (I think).
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243:
> | to=<rea...@newsguy.com>, ctladdr=<rea...@reader.local.lan>
> | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563,
> | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0,
> | stat=Service unavailable
> |
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243:
> | DSN: Service unavailable
>
> `----
>
> ------- --------- ---=--- --------- --------
>
> Full sendmail.mc
>
> divert(-1)dnl
> divert(0)dnl
> define(`_USE_ETC_MAIL_')dnl
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $')
> OSTYPE(`debian')dnl
> DOMAIN(`debian-mta')dnl
> undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
>
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
>
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`SMART_HOST',`smtp.gmail.com')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
>
> FEATURE(`no_default_msa')dnl
> DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
> DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea,
> Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS',
> `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody
> return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`greet_pause', `1000')dnl 1 seconds
> FEATURE(`delay_checks', `friend', `n')dnl
> define(`confBAD_RCPT_THROTTLE',`3')dnl
> FEATURE(`conncontrol', `nodelay', `terminate')dnl
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl
> include(`/etc/mail/m4/dialup.m4')dnl
> include(`/etc/mail/m4/provider.m4')dnl
>
> FEATURE(`always_add_domain')dnl
> MASQUERADE_AS(`newsguy.com')dnl
> FEATURE(`allmasquerade')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`local_no_masquerade')dnl
>
> EXPOSED_USER(`root')dnl
>
> MAILER_DEFINITIONS
> MAILER(`local')dnl
> MAILER(procmail)dnl
> MAILER(`smtp')dnl
I can't see any entries about mailertable.db, virtusertable.db which I recall
using to control access to sendmail - although your problem is not related to
this.
Also I can't see any entries about SSL certificate paths? Again this is not
be important unless you want to offer secure connections to your sendmail
(Port=smtps) for clients out there.
All this said and done, I'd start with the errors in the syntax
/etc/mail/authinfo and would move it into client-info before looking at
anything else.
Good luck!
PS. The sendmail IRC is usually helpful, although they all seem to have PhDs
in the darn thing and their advice needs translating to plain English once or
twice before it makes sense to common mortals! :-))
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
