public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-user] [OT] sendmail relay to gmail smtp server
  @ 2011-12-28 18:23 99% ` Mick
  0 siblings, 0 replies; 1+ results
From: Mick @ 2011-12-28 18:23 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: Text/Plain, Size: 8383 bytes --]

On Tuesday 27 Dec 2011 15:55:45 Harry Putnam wrote:

> I want to use gmails' smtp server as Smart Host for my single user
> linux box running sendmail-8.14.4

That's eminently doable.


> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail
> smtp servers for its clients with addresses like reader@direcpath.tv
> 
> They have terrible to non-existent support and no support of linux/sendmail
> 
> They use smtp.gmail.com But before I get into the extra complication
> of their direcpath.tv overlay, and since I do have a normal gmail
> account I thought I'd first try to get the authentication for smtp
> working for that username.  hputnam3@gmail.com

I hope that relaying from your box --> via your gmail account  --> via the 
ISP's gmail account will not end up in a pickle for some reason, but assuming 
that Google will not block all that relaying around via its servers here we 
go.


> So after dozens of small edits and restarts and makemaps ... cutting
> to the chase:
> 
> /etc/mail/authinfo

I am going from memory here (no access to the server at this moment) but I 
recall that this entry should be in /etc/mail/client-info instead, and you 
will need of course to create the client-info.db after your changes:

makemap -r hash client-info.db < client-info

and reference this in your sendmail.mc


> (password obfuscated)
> ,----
> 
> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M:
> | LOGIN PLAIN" Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com"
> | "P:??XX??" "M: LOGIN PLAIN"
> 
> `----

Did you try just "M: PLAIN" without the "LOGIN" ?

If PLAIN doesn't do it, then use just LOGIN.

Unless you have a typo in there, try starting the stanzas with:  "AuthInfo:"
                                                                   ^   

Not sure that you need to define the port here on a second line, when it is 
already defined in sendmail.mc.  A single line ought to do the trick.  
Increase the verbosity in the log if you need to troubleshoot this (although 
ports are shown anyway at the default log level from what I recall).

> -------        ---------       ---=---       ---------      --------
> 
> And I think what are the most relevant sendmail.mc settings (the whole
> *mc is inlined at the end).
> 
> /etc/mail/sendmail.mc
> 
> ,----
> 
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> | 
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> | 
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN
> | PLAIN')dnl
> | 
> | define(`SMART_HOST',`smtp.gmail.com')dnl
> 
> `----
> 
> (And for the record, I did try bracketing the Smart Host like:
>  define(`SMART_HOST',`[smtp.gmail.com]')dnl)

I never used brackets with gmail, or other smtp relays, so you could leave 
these out.

Don't forget (like I often did! ) after any changes to run:  m4 sendmail.mc > 
sendmail.cf


> I have some old masquerade settings that I doubt are causing a
> problem. I do have an account with them too.  I think the error would
> be different if they were causing problems, but here those are:
> 
> (Note, that removing those only gets the same error messages)
> ,----
> 
> | MASQUERADE_AS(`newsguy.com')dnl
> | FEATURE(`allmasquerade')dnl
> | FEATURE(`masquerade_envelope')dnl
> | dnl # [HP 111006_211813  Testing local_no_masquerade #]dnl
> | FEATURE(`local_no_masquerade')dnl
> 
> `----

I can't comment on masquerade - never used it.  I'd make sure however, that 
your mx record is correct for the IP address you're on, or your ISP may drop 
relay attempts if they have configured their sendmail to only accept 
resolvable domains.

 
> -------        ---------       ---=---       ---------      --------
> 
> Relevant verbose smtp logs:
> ,----
> 
> | 050 >>> EHLO reader.local.lan
> | 050 250-mx.google.com at your service, [65.50.57.227]
> | 050 250-SIZE 35882577
> | 050 250-8BITMIME
> | 050 250-AUTH LOGIN PLAIN XOAUTH
> | 050 250 ENHANCEDSTATUSCODES
> | 050 >>> MAIL From:<reader@newsguy.com> SIZE=563 AUTH=<>
> | 050 530-5.5.1 Authentication Required. Learn more at
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257
> | py4sm63515568igc.2
> 
> `----
> 
> The `learn more' address given just above is not all that helpful.
> 
> -------        ---------       ---=---       ---------      --------
> 
> I think these are the sendmail logs that contain the relevant error:
> 
> (I'm not sure if the `verify=FAIL' means what it suggests)
> 
> ,----
> 
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client,
> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL,
> | cipher=RC4-SHA, bits=128/12

Don't worry about this, you can disregard it.  Your box is telling you that 
the smtp.gmail.com SSL certificate is not in the list of your trusted 
certificates.  You can try adding it in ~/.gnupg/trustlist.txt if you want 
this error to go away (I think).


> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243:
> |   to=<reader@newsguy.com>, ctladdr=<reader@reader.local.lan>
> |   (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563,
> |   relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0,
> |   stat=Service unavailable
> | 
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243:
> | DSN: Service unavailable
> 
> `----
> 
> -------        ---------       ---=---       ---------      --------
> 
> Full sendmail.mc
> 
> divert(-1)dnl
> divert(0)dnl
> define(`_USE_ETC_MAIL_')dnl
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $')
> OSTYPE(`debian')dnl
> DOMAIN(`debian-mta')dnl
> undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
> 
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> 
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> PLAIN')dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`SMART_HOST',`smtp.gmail.com')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> 
> FEATURE(`no_default_msa')dnl
> DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
> DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea,
> Addr=127.0.0.1')dnl define(`confPRIVACY_FLAGS',
> `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobody
> return,authwarnings')dnl define(`confCONNECTION_RATE_THROTTLE', `15')dnl
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`greet_pause', `1000')dnl 1 seconds
> FEATURE(`delay_checks', `friend', `n')dnl
> define(`confBAD_RCPT_THROTTLE',`3')dnl
> FEATURE(`conncontrol', `nodelay', `terminate')dnl
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl
> include(`/etc/mail/m4/dialup.m4')dnl
> include(`/etc/mail/m4/provider.m4')dnl
> 
> FEATURE(`always_add_domain')dnl
> MASQUERADE_AS(`newsguy.com')dnl
> FEATURE(`allmasquerade')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`local_no_masquerade')dnl
> 
> EXPOSED_USER(`root')dnl
> 
> MAILER_DEFINITIONS
> MAILER(`local')dnl
> MAILER(procmail)dnl
> MAILER(`smtp')dnl

I can't see any entries about mailertable.db, virtusertable.db which I recall 
using to control access to sendmail - although your problem is not related to 
this.

Also I can't see any entries about SSL certificate paths?  Again this is not 
be important unless you want to offer secure connections to your sendmail 
(Port=smtps) for clients out there.

All this said and done, I'd start with the errors in the syntax 
/etc/mail/authinfo and would move it into client-info before looking at 
anything else.

Good luck!

PS.  The sendmail IRC is usually helpful, although they all seem to have PhDs 
in the darn thing and their advice needs translating to plain English once or 
twice before it makes sense to common mortals!  :-))
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2011-12-27 15:55     [gentoo-user] [OT] sendmail relay to gmail smtp server Harry Putnam
2011-12-28 18:23 99% ` Mick

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox