From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RfyBP-0001Zb-KI for garchives@archives.gentoo.org; Wed, 28 Dec 2011 18:24:59 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E942F21C12F; Wed, 28 Dec 2011 18:24:44 +0000 (UTC) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) by pigeon.gentoo.org (Postfix) with ESMTP id EA06B21C093 for ; Wed, 28 Dec 2011 18:23:49 +0000 (UTC) Received: by wibhq2 with SMTP id hq2so6709462wib.40 for ; Wed, 28 Dec 2011 10:23:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=rMAklMdI8aS2ymrI0lv0YMp7rSDL3BCAO5GcZqkMbVs=; b=HWO11j8/f0ismANelfYtOmcN94jJmscfQauoqzbR65T9dq6oULiaWzlx/clb/Hfwdw X6GBhfNICj2Vf+QokjLXnEOmzLTYblJXkAos+XzKkJgkLj/iJVM4rB2Z3+itMELbQLkm U7z4yoOMptuj+bsrJnIFNiEVVnKiqT9fThs38= Received: by 10.180.78.101 with SMTP id a5mr15842243wix.19.1325096629121; Wed, 28 Dec 2011 10:23:49 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id 28sm32751922wby.3.2011.12.28.10.23.47 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 28 Dec 2011 10:23:47 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [OT] sendmail relay to gmail smtp server Date: Wed, 28 Dec 2011 18:23:39 +0000 User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.7.3; x86_64; ; ) References: <87mxae6mbi.fsf@newsguy.com> In-Reply-To: <87mxae6mbi.fsf@newsguy.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3924357.gfXh7G2yOC"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201112281823.50798.michaelkintzios@gmail.com> X-Archives-Salt: e3978481-149b-4b4f-9c9f-991d0506ecaf X-Archives-Hash: a7761f4de09e6902b862c16a92b3f505 --nextPart3924357.gfXh7G2yOC Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote: > I want to use gmails' smtp server as Smart Host for my single user > linux box running sendmail-8.14.4 That's eminently doable. > I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail > smtp servers for its clients with addresses like reader@direcpath.tv >=20 > They have terrible to non-existent support and no support of linux/sendma= il >=20 > They use smtp.gmail.com But before I get into the extra complication > of their direcpath.tv overlay, and since I do have a normal gmail > account I thought I'd first try to get the authentication for smtp > working for that username. hputnam3@gmail.com I hope that relaying from your box --> via your gmail account --> via the= =20 ISP's gmail account will not end up in a pickle for some reason, but assumi= ng=20 that Google will not block all that relaying around via its servers here we= =20 go. > So after dozens of small edits and restarts and makemaps ... cutting > to the chase: >=20 > /etc/mail/authinfo I am going from memory here (no access to the server at this moment) but I= =20 recall that this entry should be in /etc/mail/client-info instead, and you= =20 will need of course to create the client-info.db after your changes: makemap -r hash client-info.db < client-info and reference this in your sendmail.mc > (password obfuscated) > ,---- >=20 > | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: > | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com" > | "P:??XX??" "M: LOGIN PLAIN" >=20 > `---- Did you try just "M: PLAIN" without the "LOGIN" ? If PLAIN doesn't do it, then use just LOGIN. Unless you have a typo in there, try starting the stanzas with: "AuthInfo:" ^ =20 Not sure that you need to define the port here on a second line, when it is= =20 already defined in sendmail.mc. A single line ought to do the trick. =20 Increase the verbosity in the log if you need to troubleshoot this (althoug= h=20 ports are shown anyway at the default log level from what I recall). > ------- --------- ---=3D--- --------- -------- >=20 > And I think what are the most relevant sendmail.mc settings (the whole > *mc is inlined at the end). >=20 > /etc/mail/sendmail.mc >=20 > ,---- >=20 > | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > |=20 > | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > |=20 > | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN > | PLAIN')dnl > |=20 > | define(`SMART_HOST',`smtp.gmail.com')dnl >=20 > `---- >=20 > (And for the record, I did try bracketing the Smart Host like: > define(`SMART_HOST',`[smtp.gmail.com]')dnl) I never used brackets with gmail, or other smtp relays, so you could leave= =20 these out. Don't forget (like I often did! ) after any changes to run: m4 sendmail.mc= >=20 sendmail.cf > I have some old masquerade settings that I doubt are causing a > problem. I do have an account with them too. I think the error would > be different if they were causing problems, but here those are: >=20 > (Note, that removing those only gets the same error messages) > ,---- >=20 > | MASQUERADE_AS(`newsguy.com')dnl > | FEATURE(`allmasquerade')dnl > | FEATURE(`masquerade_envelope')dnl > | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl > | FEATURE(`local_no_masquerade')dnl >=20 > `---- I can't comment on masquerade - never used it. I'd make sure however, that= =20 your mx record is correct for the IP address you're on, or your ISP may dro= p=20 relay attempts if they have configured their sendmail to only accept=20 resolvable domains. =20 > ------- --------- ---=3D--- --------- -------- >=20 > Relevant verbose smtp logs: > ,---- >=20 > | 050 >>> EHLO reader.local.lan > | 050 250-mx.google.com at your service, [65.50.57.227] > | 050 250-SIZE 35882577 > | 050 250-8BITMIME > | 050 250-AUTH LOGIN PLAIN XOAUTH > | 050 250 ENHANCEDSTATUSCODES > | 050 >>> MAIL From: SIZE=3D563 AUTH=3D<> > | 050 530-5.5.1 Authentication Required. Learn more at > | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=3D142= 57 > | py4sm63515568igc.2 >=20 > `---- >=20 > The `learn more' address given just above is not all that helpful. >=20 > ------- --------- ---=3D--- --------- -------- >=20 > I think these are the sendmail logs that contain the relevant error: >=20 > (I'm not sure if the `verify=3DFAIL' means what it suggests) >=20 > ,---- >=20 > | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=3Dclient, > | relay=3Dsmtp.gmail.com, version=3DTLSv1/SSLv3, verify=3DFAIL, > | cipher=3DRC4-SHA, bits=3D128/12 Don't worry about this, you can disregard it. Your box is telling you that= =20 the smtp.gmail.com SSL certificate is not in the list of your trusted=20 certificates. You can try adding it in ~/.gnupg/trustlist.txt if you want= =20 this error to go away (I think). > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: > | to=3D, ctladdr=3D > | (1000/1000), delay=3D00:00:01, xdelay=3D00:00:01, mailer=3Drelay, pri= =3D30563, > | relay=3Dsmtp.gmail.com [209.85.225.109], dsn=3D5.0.0, > | stat=3DService unavailable > |=20 > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: > | DSN: Service unavailable >=20 > `---- >=20 > ------- --------- ---=3D--- --------- -------- >=20 > Full sendmail.mc >=20 > divert(-1)dnl > divert(0)dnl > define(`_USE_ETC_MAIL_')dnl > include(`/usr/share/sendmail/cf/m4/cf.m4')dnl > VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') > OSTYPE(`debian')dnl > DOMAIN(`debian-mta')dnl > undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=3D >=20 > define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl >=20 > FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > FEATURE(`access_db',`hash -T /etc/mail/access.db')dnl > define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`SMART_HOST',`smtp.gmail.com')dnl > FEATURE(`access_db',`hash -T /etc/mail/access.db')dnl >=20 > FEATURE(`no_default_msa')dnl > DAEMON_OPTIONS(`Family=3Dinet, Name=3DMTA-v4, Port=3Dsmtp, Addr=3D127.0.= 0.1')dnl > DAEMON_OPTIONS(`Family=3Dinet, Name=3DMSP-v4, Port=3Dsubmission, M=3DEa, > Addr=3D127.0.0.1')dnl define(`confPRIVACY_FLAGS', > `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody > return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl > define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl > FEATURE(`use_cw_file')dnl > FEATURE(`greet_pause', `1000')dnl 1 seconds > FEATURE(`delay_checks', `friend', `n')dnl > define(`confBAD_RCPT_THROTTLE',`3')dnl > FEATURE(`conncontrol', `nodelay', `terminate')dnl > FEATURE(`ratecontrol', `nodelay', `terminate')dnl > include(`/etc/mail/m4/dialup.m4')dnl > include(`/etc/mail/m4/provider.m4')dnl >=20 > FEATURE(`always_add_domain')dnl > MASQUERADE_AS(`newsguy.com')dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > FEATURE(`local_no_masquerade')dnl >=20 > EXPOSED_USER(`root')dnl >=20 > MAILER_DEFINITIONS > MAILER(`local')dnl > MAILER(procmail)dnl > MAILER(`smtp')dnl I can't see any entries about mailertable.db, virtusertable.db which I reca= ll=20 using to control access to sendmail - although your problem is not related = to=20 this. Also I can't see any entries about SSL certificate paths? Again this is no= t=20 be important unless you want to offer secure connections to your sendmail=20 (Port=3Dsmtps) for clients out there. All this said and done, I'd start with the errors in the syntax=20 /etc/mail/authinfo and would move it into client-info before looking at=20 anything else. Good luck! PS. The sendmail IRC is usually helpful, although they all seem to have Ph= Ds=20 in the darn thing and their advice needs translating to plain English once = or=20 twice before it makes sense to common mortals! :-)) =2D-=20 Regards, Mick --nextPart3924357.gfXh7G2yOC Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk77XrYACgkQVTDTR3kpaLbRYQCfYH24DxfvMHq4zNQJDlWaSgdp nu0AnRD1J68/NocItzKHaf8CygyXP0KD =3wT4 -----END PGP SIGNATURE----- --nextPart3924357.gfXh7G2yOC--