* [gentoo-user] [OT] sendmail relay to gmail smtp server @ 2011-12-27 15:55 Harry Putnam 2011-12-28 18:23 ` Mick 0 siblings, 1 reply; 4+ messages in thread From: Harry Putnam @ 2011-12-27 15:55 UTC (permalink / raw To: gentoo-user NOTE: Sorry if I've gone sort of hog wild posting this question various places but it is a perplexing problem and I suspect there may be help available here. Not to mention that many groups are slow due to Christmas holidays. ------- --------- ---=--- --------- -------- First let me say, I'm not interested in switching mta's, just incase someone feels like posting the usual, `hey switch to NAME OF MTA' type post. I want to use gmails' smtp server as Smart Host for my single user linux box running sendmail-8.14.4 I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail smtp servers for its clients with addresses like reader@direcpath.tv They have terrible to non-existent support and no support of linux/sendmail They use smtp.gmail.com But before I get into the extra complication of their direcpath.tv overlay, and since I do have a normal gmail account I thought I'd first try to get the authentication for smtp working for that username. hputnam3@gmail.com So after dozens of small edits and restarts and makemaps ... cutting to the chase: /etc/mail/authinfo (password obfuscated) ,---- | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: LOGIN PLAIN" | Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: LOGIN PLAIN" `---- ------- --------- ---=--- --------- -------- And I think what are the most relevant sendmail.mc settings (the whole *mc is inlined at the end). /etc/mail/sendmail.mc ,---- | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl | | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl | | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl | TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl | | define(`SMART_HOST',`smtp.gmail.com')dnl `---- (And for the record, I did try bracketing the Smart Host like: define(`SMART_HOST',`[smtp.gmail.com]')dnl) I have some old masquerade settings that I doubt are causing a problem. I do have an account with them too. I think the error would be different if they were causing problems, but here those are: (Note, that removing those only gets the same error messages) ,---- | MASQUERADE_AS(`newsguy.com')dnl | FEATURE(`allmasquerade')dnl | FEATURE(`masquerade_envelope')dnl | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl | FEATURE(`local_no_masquerade')dnl `---- ------- --------- ---=--- --------- -------- Relevant verbose smtp logs: ,---- | 050 >>> EHLO reader.local.lan | 050 250-mx.google.com at your service, [65.50.57.227] | 050 250-SIZE 35882577 | 050 250-8BITMIME | 050 250-AUTH LOGIN PLAIN XOAUTH | 050 250 ENHANCEDSTATUSCODES | 050 >>> MAIL From:<reader@newsguy.com> SIZE=563 AUTH=<> | 050 530-5.5.1 Authentication Required. Learn more at | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 py4sm63515568igc.2 `---- The `learn more' address given just above is not all that helpful. ------- --------- ---=--- --------- -------- I think these are the sendmail logs that contain the relevant error: (I'm not sure if the `verify=FAIL' means what it suggests) ,---- | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client, | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, | cipher=RC4-SHA, bits=128/12 | | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: | to=<reader@newsguy.com>, ctladdr=<reader@reader.local.lan> | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563, | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, | stat=Service unavailable | | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: DSN: Service unavailable `---- ------- --------- ---=--- --------- -------- Full sendmail.mc divert(-1)dnl divert(0)dnl define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`SMART_HOST',`smtp.gmail.com')dnl FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS', `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl FEATURE(`use_cw_file')dnl FEATURE(`greet_pause', `1000')dnl 1 seconds FEATURE(`delay_checks', `friend', `n')dnl define(`confBAD_RCPT_THROTTLE',`3')dnl FEATURE(`conncontrol', `nodelay', `terminate')dnl FEATURE(`ratecontrol', `nodelay', `terminate')dnl include(`/etc/mail/m4/dialup.m4')dnl include(`/etc/mail/m4/provider.m4')dnl FEATURE(`always_add_domain')dnl MASQUERADE_AS(`newsguy.com')dnl FEATURE(`allmasquerade')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`local_no_masquerade')dnl EXPOSED_USER(`root')dnl MAILER_DEFINITIONS MAILER(`local')dnl MAILER(procmail)dnl MAILER(`smtp')dnl ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] [OT] sendmail relay to gmail smtp server 2011-12-27 15:55 [gentoo-user] [OT] sendmail relay to gmail smtp server Harry Putnam @ 2011-12-28 18:23 ` Mick 2011-12-31 0:40 ` [gentoo-user] " Harry Putnam 0 siblings, 1 reply; 4+ messages in thread From: Mick @ 2011-12-28 18:23 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 8383 bytes --] On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote: > I want to use gmails' smtp server as Smart Host for my single user > linux box running sendmail-8.14.4 That's eminently doable. > I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail > smtp servers for its clients with addresses like reader@direcpath.tv > > They have terrible to non-existent support and no support of linux/sendmail > > They use smtp.gmail.com But before I get into the extra complication > of their direcpath.tv overlay, and since I do have a normal gmail > account I thought I'd first try to get the authentication for smtp > working for that username. hputnam3@gmail.com I hope that relaying from your box --> via your gmail account --> via the ISP's gmail account will not end up in a pickle for some reason, but assuming that Google will not block all that relaying around via its servers here we go. > So after dozens of small edits and restarts and makemaps ... cutting > to the chase: > > /etc/mail/authinfo I am going from memory here (no access to the server at this moment) but I recall that this entry should be in /etc/mail/client-info instead, and you will need of course to create the client-info.db after your changes: makemap -r hash client-info.db < client-info and reference this in your sendmail.mc > (password obfuscated) > ,---- > > | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: > | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com" > | "P:??XX??" "M: LOGIN PLAIN" > > `---- Did you try just "M: PLAIN" without the "LOGIN" ? If PLAIN doesn't do it, then use just LOGIN. Unless you have a typo in there, try starting the stanzas with: "AuthInfo:" ^ Not sure that you need to define the port here on a second line, when it is already defined in sendmail.mc. A single line ought to do the trick. Increase the verbosity in the log if you need to troubleshoot this (although ports are shown anyway at the default log level from what I recall). > ------- --------- ---=--- --------- -------- > > And I think what are the most relevant sendmail.mc settings (the whole > *mc is inlined at the end). > > /etc/mail/sendmail.mc > > ,---- > > | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > | > | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > | > | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN > | PLAIN')dnl > | > | define(`SMART_HOST',`smtp.gmail.com')dnl > > `---- > > (And for the record, I did try bracketing the Smart Host like: > define(`SMART_HOST',`[smtp.gmail.com]')dnl) I never used brackets with gmail, or other smtp relays, so you could leave these out. Don't forget (like I often did! ) after any changes to run: m4 sendmail.mc > sendmail.cf > I have some old masquerade settings that I doubt are causing a > problem. I do have an account with them too. I think the error would > be different if they were causing problems, but here those are: > > (Note, that removing those only gets the same error messages) > ,---- > > | MASQUERADE_AS(`newsguy.com')dnl > | FEATURE(`allmasquerade')dnl > | FEATURE(`masquerade_envelope')dnl > | dnl # [HP 111006_211813 Testing local_no_masquerade #]dnl > | FEATURE(`local_no_masquerade')dnl > > `---- I can't comment on masquerade - never used it. I'd make sure however, that your mx record is correct for the IP address you're on, or your ISP may drop relay attempts if they have configured their sendmail to only accept resolvable domains. > ------- --------- ---=--- --------- -------- > > Relevant verbose smtp logs: > ,---- > > | 050 >>> EHLO reader.local.lan > | 050 250-mx.google.com at your service, [65.50.57.227] > | 050 250-SIZE 35882577 > | 050 250-8BITMIME > | 050 250-AUTH LOGIN PLAIN XOAUTH > | 050 250 ENHANCEDSTATUSCODES > | 050 >>> MAIL From:<reader@newsguy.com> SIZE=563 AUTH=<> > | 050 530-5.5.1 Authentication Required. Learn more at > | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 > | py4sm63515568igc.2 > > `---- > > The `learn more' address given just above is not all that helpful. > > ------- --------- ---=--- --------- -------- > > I think these are the sendmail logs that contain the relevant error: > > (I'm not sure if the `verify=FAIL' means what it suggests) > > ,---- > > | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client, > | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, > | cipher=RC4-SHA, bits=128/12 Don't worry about this, you can disregard it. Your box is telling you that the smtp.gmail.com SSL certificate is not in the list of your trusted certificates. You can try adding it in ~/.gnupg/trustlist.txt if you want this error to go away (I think). > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: > | to=<reader@newsguy.com>, ctladdr=<reader@reader.local.lan> > | (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563, > | relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, > | stat=Service unavailable > | > | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: > | DSN: Service unavailable > > `---- > > ------- --------- ---=--- --------- -------- > > Full sendmail.mc > > divert(-1)dnl > divert(0)dnl > define(`_USE_ETC_MAIL_')dnl > include(`/usr/share/sendmail/cf/m4/cf.m4')dnl > VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $') > OSTYPE(`debian')dnl > DOMAIN(`debian-mta')dnl > undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS= > > define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl > define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > > FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl > define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`SMART_HOST',`smtp.gmail.com')dnl > FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl > > FEATURE(`no_default_msa')dnl > DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl > DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, > Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS', > `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody > return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl > define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl > FEATURE(`use_cw_file')dnl > FEATURE(`greet_pause', `1000')dnl 1 seconds > FEATURE(`delay_checks', `friend', `n')dnl > define(`confBAD_RCPT_THROTTLE',`3')dnl > FEATURE(`conncontrol', `nodelay', `terminate')dnl > FEATURE(`ratecontrol', `nodelay', `terminate')dnl > include(`/etc/mail/m4/dialup.m4')dnl > include(`/etc/mail/m4/provider.m4')dnl > > FEATURE(`always_add_domain')dnl > MASQUERADE_AS(`newsguy.com')dnl > FEATURE(`allmasquerade')dnl > FEATURE(`masquerade_envelope')dnl > FEATURE(`local_no_masquerade')dnl > > EXPOSED_USER(`root')dnl > > MAILER_DEFINITIONS > MAILER(`local')dnl > MAILER(procmail)dnl > MAILER(`smtp')dnl I can't see any entries about mailertable.db, virtusertable.db which I recall using to control access to sendmail - although your problem is not related to this. Also I can't see any entries about SSL certificate paths? Again this is not be important unless you want to offer secure connections to your sendmail (Port=smtps) for clients out there. All this said and done, I'd start with the errors in the syntax /etc/mail/authinfo and would move it into client-info before looking at anything else. Good luck! PS. The sendmail IRC is usually helpful, although they all seem to have PhDs in the darn thing and their advice needs translating to plain English once or twice before it makes sense to common mortals! :-)) -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-user] Re: [OT] sendmail relay to gmail smtp server 2011-12-28 18:23 ` Mick @ 2011-12-31 0:40 ` Harry Putnam 2011-12-31 1:06 ` Mick 0 siblings, 1 reply; 4+ messages in thread From: Harry Putnam @ 2011-12-31 0:40 UTC (permalink / raw To: gentoo-user Mick <michaelkintzios@gmail.com> writes: [...] >> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: >> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com" >> | "P:??XX??" "M: LOGIN PLAIN" >> >> `---- > > Did you try just "M: PLAIN" without the "LOGIN" ? > > If PLAIN doesn't do it, then use just LOGIN. > > Unless you have a typo in there, try starting the stanzas with: "AuthInfo:" It was that silly typo causing my grief. The various kinds of login do not seem to make any difference it just works now. [...] Mick Wrote: > I am going from memory here (no access to the server at this moment) but I > recall that this entry should be in /etc/mail/client-info instead, and you > will need of course to create the client-info.db after your changes: It seems not to matter where inside /etc/mail you keep authinfo as long as there is a line in sendmail.mc pointing to the location like mine does. >> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl Many thanks for the helpful input. Your sharp I spotted the one fatal problem. I doubt if I would have found that in a month of Sundays. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Re: [OT] sendmail relay to gmail smtp server 2011-12-31 0:40 ` [gentoo-user] " Harry Putnam @ 2011-12-31 1:06 ` Mick 0 siblings, 0 replies; 4+ messages in thread From: Mick @ 2011-12-31 1:06 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: Text/Plain, Size: 1414 bytes --] On Saturday 31 Dec 2011 00:40:23 Harry Putnam wrote: > Mick <michaelkintzios@gmail.com> writes: > > [...] > > >> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: > >> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" > >> | "I:hputnam3@gmail.com" "P:??XX??" "M: LOGIN PLAIN" > >> > >> `---- > > > > Did you try just "M: PLAIN" without the "LOGIN" ? > > > > If PLAIN doesn't do it, then use just LOGIN. > > > > Unless you have a typo in there, try starting the stanzas with: > > "AuthInfo:" > > It was that silly typo causing my grief. The various kinds of login > do not seem to make any difference it just works now. > > [...] > > Mick Wrote: > > I am going from memory here (no access to the server at this moment) but > > I recall that this entry should be in /etc/mail/client-info instead, and > > you > > > will need of course to create the client-info.db after your changes: > It seems not to matter where inside /etc/mail you keep authinfo as > long as there is a line in sendmail.mc pointing to the location like > mine does. > > >> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl > > Many thanks for the helpful input. Your sharp I spotted the one fatal > problem. I doubt if I would have found that in a month of Sundays. Glad you got it sorted and that I could be of help. Happy New Year to all! -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 198 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-12-31 1:07 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-12-27 15:55 [gentoo-user] [OT] sendmail relay to gmail smtp server Harry Putnam 2011-12-28 18:23 ` Mick 2011-12-31 0:40 ` [gentoo-user] " Harry Putnam 2011-12-31 1:06 ` Mick
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox