Re: sendmail with smtp relay authentication
am 30.03.2008 07:02:21 von Aaron Hsu
novice writes:
>the default sendmail setup i have seems to be working but problem is
>outgoing mails are most of the time treated as spam by mail servers
>and most of the time bounce back...so I just registered for an account
>at authsmtp and got my username and password... now I want to put this
>relaying info into my sendmail, so that outgoing emails should be
>relayed to mail.authsmtp.com...I know nothing about sendmail, so would
>be really great if someone could tell me how to setup this properly.
There are some basic steps to doing this:
1) Configure Sendmail to use a SMART_HOST
2) Check with your system to make sure you are sending decent domain
names.
a) This means using MASQUERADING on most user systems.
b) You may want to setup some other options as well, such as a
generics files to rewrite usernames and the like.
3) Setup your authinfo file.
4) Tell Sendmail to use your authinfo file. Generally, you will want
to make sure that your sendmail is compiled with SASL support.
However, if you have an SMTP server which supports certificates, you
can also do certificate based authentication.
All this is pretty straightforward once you do it a few times, but it
can seem a little confusing when you first do it. Make sure to read the
relevant section in /usr/share/sendmail/README or the same file located
elsewhere. Additionally, there are numberous tutorials online that show
you how to do some of this. I created on such tutorial [1] some time ago
which does not cover SMTP AUTH, but should take care of the rest of it.
You want to first get your sendmail attempting to use a smart host, and
then, after it is working to that point, you'll want to enable the AUTH
parts by configuring an authinfo file which contains the authentication
information for your smtp server.
I hope this helps a little.
[1] http://www.sacrideo.us/Sacrificum_Deo/Stuff_files/sendmail_o penbsd.txt
--
Aaron Hsu | Jabber: arcfide@jabber.org
``Government is the great fiction through which everybody endeavors to
live at the expense of everybody else.'' - Frederic Bastiat
Re: sendmail with smtp relay authentication
am 02.04.2008 01:16:52 von beatdream
Hi Aaron,
thanks a lot for the quick response. I tried to follow your
instruction as well as the one I found in
http://www.scalix.com/wiki/index.php?title=Configuring_Sendm ail_with_smarthost_Ubuntu_Gutsy
so basically here is what I did...[btw, I am running ubuntu]
first I checked the sendmail installation to see if it was compiled
properly
>sendmail -bt -d0.1
Version 8.13.8
Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS
MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX
NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF SOCKETMAP
STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG
so that looks OK....
then I created authinfo file with the entry
AuthInfo:mail.authsmtp.com "U:myusername" "I:myaccount" "P:mypassword"
then I did
sudo bash -c "cd /etc/mail/auth/ && makemap hash client-info < client-
info"
In my sendmail.mc
I added...
define(`SMART_HOST', mail.authsmtp.com)dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash /etc/mail/auth/client-info')dnl
and then I did...
sudo bash -c "cd /etc/mail/ && m4 sendmail.mc > sendmail.cf"
restarted sendmail... and now when I try to send email (i just use
telent local host 25 and then the mail commands)
now I get the error DSN: service unavailable, something like this in
the mail log and also attached the auto mail response I got.
What do you think is wrong? because the user authentication seems to
work since I get a different error when I use the wrong username or
password....
Thanks in advance!
Oumer
----------------mail log---------------------
Apr 2 01:00:47 domU-12-31-36-00-24-51 sm-mta[2858]: m31Mxx2S002858:
from=abc@xyz.com, size=20, class=0, nrcpts=1,
msgid=<200804012300.m31Mxx2S002858@192.168.1.33>, proto=ESMTP,
daemon=MTA-v4, relay=localhost [127.0.0.1]
Apr 2 01:00:47 domU-12-31-36-00-24-51 sm-mta[2913]: STARTTLS=client,
relay=mail.authsmtp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-
RSA-AES256-SHA, bits=256/256
Apr 2 01:00:58 domU-12-31-36-00-24-51 sm-mta[2913]: m31Mxx2S002858:
to=b....@gmail.com, delay=00:00:27, xdelay=00:00:11, mailer=relay,
pri=120020, relay=mail.authsmtp.com. [62.13.128.25], dsn=5.0.0,
stat=Service unavailable
Apr 2 01:00:58 domU-12-31-36-00-24-51 sm-mta[2913]: m31Mxx2S002858:
m31N0w2S002913: DSN: Service unavailable
Apr 2 01:01:08 domU-12-31-36-00-24-51 sm-mta[2913]: m31N0w2S002913:
to=abc@xyz.com, delay=00:00:10, xdelay=00:00:10, mailer=relay,
pri=30000, relay=mail.authsmtp.com., dsn=5.0.0, stat=Service
unavailable
Apr 2 01:01:08 domU-12-31-36-00-24-51 sm-mta[2913]: m31N0w2S002913:
to=MAILER-DAEMON, delay=00:00:10, mailer=local, pri=30000, dsn=5.1.1,
stat=User unknown
Apr 2 01:01:08 domU-12-31-36-00-24-51 sm-mta[2913]: m31N0w2S002913:
m31N0w2T002913: return to sender: User unknown
Apr 2 01:01:08 domU-12-31-36-00-24-51 sm-mta[2913]: m31N0w2T002913:
to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000,
dsn=2.0.0, stat=Sent
----------------------------------
THe email I got was
Date: Wed, 2 Apr 2008 01:01:08 +0200
From: Mail Delivery Subsystem
To: postmaster@192.168.1.33
Subject: Postmaster notify: see transcript for details
Parts/Attachments:
1 Shown 14 lines Text
2 Shown 378 bytes Message, "Delivery Status"
3 Shown 13 lines Text
----------------------------------------
The original message was received at Wed, 2 Apr 2008 01:00:58 +0200
from localhost
with id m31N0w2S002913
----- The following addresses had permanent fatal errors -----
abc@xyz.com
(reason: 505 5.0.0 Message is sent with SSL but SSL is not allowed
for this user - login at:
http://control.authsmtp.com)
----- Transcript of session follows -----
.... while talking to mail.authsmtp.com.:
>>> MAIL From:<>
<<< 505 5.0.0 Message is sent with SSL but SSL is not allowed for this
user - login at: http://control.authsmtp.com
554 5.0.0 Service unavailable
550 5.1.1 MAILER-DAEMON... User unknown
[ Part 2: "Delivery Status" ]
Reporting-MTA: dns; 192.168.1.33
Received-From-MTA: DNS; localhost
Arrival-Date: Wed, 2 Apr 2008 01:00:58 +0200
Final-Recipient: RFC822; abc@xyz.com
Action: failed
Status: 5.0.0
Diagnostic-Code: SMTP; 505 5.0.0 Message is sent with SSL but SSL is
not allowed for this user - login at:
http://control.authsmtp.com
Last-Attempt-Date: Wed, 2 Apr 2008 01:01:08 +0200
Return-Path:
Received: from localhost (localhost)
by 192.168.1.33 (8.13.8/8.13.8/Debian-3) id m31N0w2S002913;
Wed, 2 Apr 2008 01:00:58 +0200
Date: Wed, 2 Apr 2008 01:00:58 +0200
From: Mail Delivery Subsystem
Message-Id: <200804012300.m31N0w2S002913@192.168.1.33>
To: abc@xyz.com
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="m31N0w2S002913.1207090858/192.168.1.33"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
On Mar 30, 7:02 am, Aaron Hsu wrote:
> novice writes:
> >the default sendmail setup i have seems to be working but problem is
> >outgoing mails are most of the time treated as spam by mail servers
> >and most of the time bounce back...so I just registered for an account
> >at authsmtp and got my username and password... now I want to put this
> >relaying info into my sendmail, so that outgoing emails should be
> >relayed to mail.authsmtp.com...I know nothing about sendmail, so would
> >be really great if someone could tell me how to setup this properly.
>
> There are some basic steps to doing this:
>
> 1) Configure Sendmail to use a SMART_HOST
> 2) Check with your system to make sure you are sending decent domain
> names.
> a) This means using MASQUERADING on most user systems.
> b) You may want to setup some other options as well, such as a
> generics files to rewrite usernames and the like.
> 3) Setup your authinfo file.
> 4) Tell Sendmail to use your authinfo file. Generally, you will want
> to make sure that your sendmail is compiled with SASL support.
> However, if you have an SMTP server which supports certificates, you
> can also do certificate based authentication.
>
> All this is pretty straightforward once you do it a few times, but it
> can seem a little confusing when you first do it. Make sure to read the
> relevant section in /usr/share/sendmail/README or the same file located
> elsewhere. Additionally, there are numberous tutorials online that show
> you how to do some of this. I created on such tutorial [1] some time ago
> which does not cover SMTP AUTH, but should take care of the rest of it.
>
> You want to first get your sendmail attempting to use a smart host, and
> then, after it is working to that point, you'll want to enable the AUTH
> parts by configuring an authinfo file which contains the authentication
> information for your smtp server.
>
> I hope this helps a little.
>
> [1]http://www.sacrideo.us/Sacrificum_Deo/Stuff_files/sendmai l_openbsd.txt
>
> --
> Aaron Hsu | Jabber: arcf...@jabber.org
> ``Government is the great fiction through which everybody endeavors to
> live at the expense of everybody else.'' - Frederic Bastiat
Re: sendmail with smtp relay authentication
am 02.04.2008 05:44:19 von Aaron Hsu
novice writes:
>define(`SMART_HOST', mail.authsmtp.com)dnl
What you copied here doesn't seem right, since I think you should have
the quotes around that, but since the results you get below don't seem
to match, I must assume that you typed in the above, and that this is
simply a typo.
> (reason: 505 5.0.0 Message is sent with SSL but SSL is not allowed
>for this user - login at:
>http://control.authsmtp.com)
I am going to make a wild guess that this is your problem rigth there.
Might want to check into that. Specifically, try checking on FAQ 56 [1].
Hope that helps!
[1] http://www.authsmtp.com/faqs/faq-56.html
--
Aaron Hsu | Jabber: arcfide@jabber.org
``Government is the great fiction through which everybody endeavors to
live at the expense of everybody else.'' - Frederic Bastiat
Re: sendmail with smtp relay authentication
am 02.04.2008 08:55:21 von beatdream
Thanks Aaron! I enabled SSL in authsmtp and now it works!:-). However,
they say that they might discontinue this service soon and it is going
to cost me twice the quota for using SSL. So for the moment it will be
OK but soon I might need to disable SSL from sendmail... so how can I
do that? and are there any side effects?
On Apr 2, 5:44 am, Aaron Hsu wrote:
> novice writes:
> >define(`SMART_HOST', mail.authsmtp.com)dnl
>
> What you copied here doesn't seem right, since I think you should have
> the quotes around that, but since the results you get below don't seem
> to match, I must assume that you typed in the above, and that this is
> simply a typo.
>
> > (reason: 505 5.0.0 Message is sent with SSL but SSL is not allowed
> >for this user - login at:
> >http://control.authsmtp.com)
>
> I am going to make a wild guess that this is your problem rigth there.
> Might want to check into that. Specifically, try checking on FAQ 56 [1].
>
> Hope that helps!
>
> [1]http://www.authsmtp.com/faqs/faq-56.html
>
> --
> Aaron Hsu | Jabber: arcf...@jabber.org
> ``Government is the great fiction through which everybody endeavors to
> live at the expense of everybody else.'' - Frederic Bastiat
Re: sendmail with smtp relay authentication
am 02.04.2008 20:17:19 von Aaron Hsu
novice writes:
>Thanks Aaron! I enabled SSL in authsmtp and now it works!:-). However,
>they say that they might discontinue this service soon and it is going
>to cost me twice the quota for using SSL. So for the moment it will be
>OK but soon I might need to disable SSL from sendmail... so how can I
>do that? and are there any side effects?
You just need to adjust the authentication methods that you use. I
believe the structure is something like authCONF but you should search
around for the exact setup (actually this may be for login
authentication, so there may be another one for TLS/SSL/Plain). If
AuthSmtp is worth anything, then they will have enabled TLS, and they
should tell you what you need to know in order to use it. Then, I would
say just use TLS and drop your SSL.
If you really want to use them and all they provide is unencrypted
mailing, make sure you use CRAM-MD5 or better as your authentication
method, and then just remove the SSL. I think that there are some more
guides about doing this, but I do not remember where. There are some
flags or something that you can set in your configuration that allows
you to force certain behaviors. Its been a while since I have done any
of this, so I don't remember the exact details, sorry.
--
Aaron Hsu | Jabber: arcfide@jabber.org
``Government is the great fiction through which everybody endeavors to
live at the expense of everybody else.'' - Frederic Bastiat