From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-132931-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RfyBP-0001Zb-KI
	for garchives@archives.gentoo.org; Wed, 28 Dec 2011 18:24:59 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E942F21C12F;
	Wed, 28 Dec 2011 18:24:44 +0000 (UTC)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id EA06B21C093
	for <gentoo-user@lists.gentoo.org>; Wed, 28 Dec 2011 18:23:49 +0000 (UTC)
Received: by wibhq2 with SMTP id hq2so6709462wib.40
        for <gentoo-user@lists.gentoo.org>; Wed, 28 Dec 2011 10:23:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=rMAklMdI8aS2ymrI0lv0YMp7rSDL3BCAO5GcZqkMbVs=;
        b=HWO11j8/f0ismANelfYtOmcN94jJmscfQauoqzbR65T9dq6oULiaWzlx/clb/Hfwdw
         X6GBhfNICj2Vf+QokjLXnEOmzLTYblJXkAos+XzKkJgkLj/iJVM4rB2Z3+itMELbQLkm
         U7z4yoOMptuj+bsrJnIFNiEVVnKiqT9fThs38=
Received: by 10.180.78.101 with SMTP id a5mr15842243wix.19.1325096629121;
        Wed, 28 Dec 2011 10:23:49 -0800 (PST)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPS id 28sm32751922wby.3.2011.12.28.10.23.47
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 28 Dec 2011 10:23:47 -0800 (PST)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [OT] sendmail relay to gmail smtp server
Date: Wed, 28 Dec 2011 18:23:39 +0000
User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.7.3; x86_64; ; )
References: <87mxae6mbi.fsf@newsguy.com>
In-Reply-To: <87mxae6mbi.fsf@newsguy.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart3924357.gfXh7G2yOC";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201112281823.50798.michaelkintzios@gmail.com>
X-Archives-Salt: e3978481-149b-4b4f-9c9f-991d0506ecaf
X-Archives-Hash: a7761f4de09e6902b862c16a92b3f505

--nextPart3924357.gfXh7G2yOC
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote:

> I want to use gmails' smtp server as Smart Host for my single user
> linux box running sendmail-8.14.4

That's eminently doable.


> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail
> smtp servers for its clients with addresses like reader@direcpath.tv
>=20
> They have terrible to non-existent support and no support of linux/sendma=
il
>=20
> They use smtp.gmail.com But before I get into the extra complication
> of their direcpath.tv overlay, and since I do have a normal gmail
> account I thought I'd first try to get the authentication for smtp
> working for that username.  hputnam3@gmail.com

I hope that relaying from your box --> via your gmail account  --> via the=
=20
ISP's gmail account will not end up in a pickle for some reason, but assumi=
ng=20
that Google will not block all that relaying around via its servers here we=
=20
go.


> So after dozens of small edits and restarts and makemaps ... cutting
> to the chase:
>=20
> /etc/mail/authinfo

I am going from memory here (no access to the server at this moment) but I=
=20
recall that this entry should be in /etc/mail/client-info instead, and you=
=20
will need of course to create the client-info.db after your changes:

makemap -r hash client-info.db < client-info

and reference this in your sendmail.mc


> (password obfuscated)
> ,----
>=20
> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M:
> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com"
> | "P:??XX??" "M: LOGIN PLAIN"
>=20
> `----

Did you try just "M: PLAIN" without the "LOGIN" ?

If PLAIN doesn't do it, then use just LOGIN.

Unless you have a typo in there, try starting the stanzas with:  "AuthInfo:"
                                                                   ^  =20

Not sure that you need to define the port here on a second line, when it is=
=20
already defined in sendmail.mc.  A single line ought to do the trick. =20
Increase the verbosity in the log if you need to troubleshoot this (althoug=
h=20
ports are shown anyway at the default log level from what I recall).

> -------        ---------       ---=3D---       ---------      --------
>=20
> And I think what are the most relevant sendmail.mc settings (the whole
> *mc is inlined at the end).
>=20
> /etc/mail/sendmail.mc
>=20
> ,----
>=20
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> |=20
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> |=20
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl
> |=20
> | define(`SMART_HOST',`smtp.gmail.com')dnl
>=20
> `----
>=20
> (And for the record, I did try bracketing the Smart Host like:
>  define(`SMART_HOST',`[smtp.gmail.com]')dnl)

I never used brackets with gmail, or other smtp relays, so you could leave=
=20
these out.

Don't forget (like I often did! ) after any changes to run:  m4 sendmail.mc=
 >=20
sendmail.cf


> I have some old masquerade settings that I doubt are causing a
> problem. I do have an account with them too.  I think the error would
> be different if they were causing problems, but here those are:
>=20
> (Note, that removing those only gets the same error messages)
> ,----
>=20
> | MASQUERADE_AS(`newsguy.com')dnl
> | FEATURE(`allmasquerade')dnl
> | FEATURE(`masquerade_envelope')dnl
> | dnl # [HP 111006_211813  Testing local_no_masquerade #]dnl
> | FEATURE(`local_no_masquerade')dnl
>=20
> `----

I can't comment on masquerade - never used it.  I'd make sure however, that=
=20
your mx record is correct for the IP address you're on, or your ISP may dro=
p=20
relay attempts if they have configured their sendmail to only accept=20
resolvable domains.

=20
> -------        ---------       ---=3D---       ---------      --------
>=20
> Relevant verbose smtp logs:
> ,----
>=20
> | 050 >>> EHLO reader.local.lan
> | 050 250-mx.google.com at your service, [65.50.57.227]
> | 050 250-SIZE 35882577
> | 050 250-8BITMIME
> | 050 250-AUTH LOGIN PLAIN XOAUTH
> | 050 250 ENHANCEDSTATUSCODES
> | 050 >>> MAIL From:<reader@newsguy.com> SIZE=3D563 AUTH=3D<>
> | 050 530-5.5.1 Authentication Required. Learn more at
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=3D142=
57
> | py4sm63515568igc.2
>=20
> `----
>=20
> The `learn more' address given just above is not all that helpful.
>=20
> -------        ---------       ---=3D---       ---------      --------
>=20
> I think these are the sendmail logs that contain the relevant error:
>=20
> (I'm not sure if the `verify=3DFAIL' means what it suggests)
>=20
> ,----
>=20
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=3Dclient,
> | relay=3Dsmtp.gmail.com, version=3DTLSv1/SSLv3, verify=3DFAIL,
> | cipher=3DRC4-SHA, bits=3D128/12

Don't worry about this, you can disregard it.  Your box is telling you that=
=20
the smtp.gmail.com SSL certificate is not in the list of your trusted=20
certificates.  You can try adding it in ~/.gnupg/trustlist.txt if you want=
=20
this error to go away (I think).


> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243:
> |   to=3D<reader@newsguy.com>, ctladdr=3D<reader@reader.local.lan>
> |   (1000/1000), delay=3D00:00:01, xdelay=3D00:00:01, mailer=3Drelay, pri=
=3D30563,
> |   relay=3Dsmtp.gmail.com [209.85.225.109], dsn=3D5.0.0,
> |   stat=3DService unavailable
> |=20
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243:
> | DSN: Service unavailable
>=20
> `----
>=20
> -------        ---------       ---=3D---       ---------      --------
>=20
> Full sendmail.mc
>=20
> divert(-1)dnl
> divert(0)dnl
> define(`_USE_ETC_MAIL_')dnl
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $')
> OSTYPE(`debian')dnl
> DOMAIN(`debian-mta')dnl
> undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=3D
>=20
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
>=20
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`SMART_HOST',`smtp.gmail.com')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
>=20
> FEATURE(`no_default_msa')dnl
> DAEMON_OPTIONS(`Family=3Dinet,  Name=3DMTA-v4, Port=3Dsmtp, Addr=3D127.0.=
0.1')dnl
> DAEMON_OPTIONS(`Family=3Dinet,  Name=3DMSP-v4, Port=3Dsubmission, M=3DEa,
> Addr=3D127.0.0.1')dnl define(`confPRIVACY_FLAGS',
> `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody
> return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`greet_pause', `1000')dnl 1 seconds
> FEATURE(`delay_checks', `friend', `n')dnl
> define(`confBAD_RCPT_THROTTLE',`3')dnl
> FEATURE(`conncontrol', `nodelay', `terminate')dnl
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl
> include(`/etc/mail/m4/dialup.m4')dnl
> include(`/etc/mail/m4/provider.m4')dnl
>=20
> FEATURE(`always_add_domain')dnl
> MASQUERADE_AS(`newsguy.com')dnl
> FEATURE(`allmasquerade')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`local_no_masquerade')dnl
>=20
> EXPOSED_USER(`root')dnl
>=20
> MAILER_DEFINITIONS
> MAILER(`local')dnl
> MAILER(procmail)dnl
> MAILER(`smtp')dnl

I can't see any entries about mailertable.db, virtusertable.db which I reca=
ll=20
using to control access to sendmail - although your problem is not related =
to=20
this.

Also I can't see any entries about SSL certificate paths?  Again this is no=
t=20
be important unless you want to offer secure connections to your sendmail=20
(Port=3Dsmtps) for clients out there.

All this said and done, I'd start with the errors in the syntax=20
/etc/mail/authinfo and would move it into client-info before looking at=20
anything else.

Good luck!

PS.  The sendmail IRC is usually helpful, although they all seem to have Ph=
Ds=20
in the darn thing and their advice needs translating to plain English once =
or=20
twice before it makes sense to common mortals!  :-))
=2D-=20
Regards,
Mick

--nextPart3924357.gfXh7G2yOC
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk77XrYACgkQVTDTR3kpaLbRYQCfYH24DxfvMHq4zNQJDlWaSgdp
nu0AnRD1J68/NocItzKHaf8CygyXP0KD
=3wT4
-----END PGP SIGNATURE-----

--nextPart3924357.gfXh7G2yOC--