LinuxQuestions.org - SMTP AUTH, Sendmail client to Postfix server

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - SMTP AUTH, Sendmail client to Postfix server (https://www.linuxquestions.org/questions/linux-general-1/smtp-auth-sendmail-client-to-postfix-server-847917/)

SMTP AUTH, Sendmail client to Postfix server

I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement.

I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there.

Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.

My /etc/mail/sendmail.mc file looks like this (comment lines removed):

Quote:

divert(-1)dnl
define(`SMART_HOST', `smtp2.datarealm.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl
define(`RELAY_MAILER', `esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`trg.homeip.net')dnl
FEATURE(masquerade_envelope)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

My /etc/mail/auth/client-info file looks like this (username and password obscured):

Quote:

AuthInfo:smtp2.datarealm.com:587 "U:user_in_base64" "I:user_in_base64" "P:my_password_in_base64" "M:LOGIN"
AuthInfo:587 "U:user_in_base64" "P:my_password_in_base64" "M:LOGIN"

I can successfully send a mail manually, as shown here:

Quote:

[root@rnd auth]# telnet smtp2.datarealm.com 587
Trying 65.23.128.130...
Connected to smtp2.datarealm.com.
Escape character is '^]'.
220 smtp2.datarealm.com ESMTP Postfix
EHLO my_personal_domain.com
250-smtp2.datarealm.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
user_in_base64
334 UGFzc3dvcmQ6
my_password_in_base64
235 2.7.0 Authentication successful
MAIL FROM: root@my_personal_domain.com
RCPT TO: my_email@hosting.provider.com
data
test message, very manually sent.
.
quit
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as 72383114BD00
221 2.0.0 Bye
Connection closed by foreign host.

But when I try to send a mail message from my server, it fails and sends back this bounce message:

Quote:

From MAILER-DAEMON@my_personal_domain.com Thu Dec 2 09:18:43 2010
Return-Path: <MAILER-DAEMON@my_personal_domain.com>
Received: from localhost (localhost)
by localhost.localdomain (8.14.2/8.14.2) id oB2EIg1k019691;
Thu, 2 Dec 2010 09:18:42 -0500
Date: Thu, 2 Dec 2010 09:18:42 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@my_personal_domain.com>
Message-Id: <201012021418.oB2EIg1k019691@localhost.localdomain>
To: <root@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="oB2EIg1k019691.1291299522/localhost.localdomain"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: RO

This is a MIME-encapsulated message

--oB2EIg1k019691.1291299522/localhost.localdomain

The original message was received at Thu, 2 Dec 2010 09:18:40 -0500
from rnd [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<my_email@hosting.provider.com>
(reason: 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied)

----- Transcript of session follows -----
... while talking to smtp2.datarealm.com.:
>>> DATA
<<< 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

--oB2EIg1k019691.1291299522/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; rnd
Arrival-Date: Thu, 2 Dec 2010 09:18:40 -0500

Final-Recipient: RFC822; my_email@hosting.provider.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; smtp2.datarealm.com
Diagnostic-Code: SMTP; 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied
Last-Attempt-Date: Thu, 2 Dec 2010 09:18:42 -0500

--oB2EIg1k019691.1291299522/localhost.localdomain
Content-Type: message/rfc822

Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (rnd [127.0.0.1])
by localhost.localdomain (8.14.2/8.14.2) with ESMTP id oB2EIb1k019688
for <my_email@hosting.provider.com>; Thu, 2 Dec 2010 09:18:40 -0500
Received: (from root@localhost)
by localhost.localdomain (8.14.2/8.14.2/Submit) id oB2EIbex019687
for my_email@hosting.provider.com; Thu, 2 Dec 2010 09:18:37 -0500
Date: Thu, 2 Dec 2010 09:18:37 -0500
From: root <root@localhost.localdomain>
Message-Id: <201012021418.oB2EIbex019687@localhost.localdomain>
To: my_email@hosting.provider.com
Subject: testing

testing

--oB2EIg1k019691.1291299522/localhost.localdomain--

I'm at my wit's end (not that long a trip, I'll grant you), can anyone help?

Hi,

Take a look at this thread here at LQ (specially post #2)

Regards

Quote:

Originally Posted by bathory (Post 4179215)

Hi,

Take a look at this thread here at LQ (specially post #2)

Regards

Thanks for the reply bathory, but the URL didn't come through, can you repost?

Oups sorry for that
Here is the link: http://www.linuxquestions.org/questi...t-port-690852/

Regards

Quote:

Originally Posted by bathory (Post 4179375)

Oups sorry for that
Here is the link: http://www.linuxquestions.org/questi...nt-port-690852

I was able to find it, but strangely the URL itself didn't work...it would redirect to some other unrelated post, but I used some of the words from the URL in a search and found the post you were talking about.

Everything mentioned in that post, and the external article referenced, I have done, and it still fails.

Here is the relevant lines from /var/log/maillog from my most recent attempt:

Quote:

Dec 3 08:37:33 rnd sendmail[23379]: oB3DbXMg023379: from=root, size=46, class=0, nrcpts=1, msgid=<201012031337.oB3DbXMg023379@localhost.localdomain>, relay=root@localhost
Dec 3 08:37:33 rnd sendmail[23380]: oB3DbXgx023380: from=<root@localhost.localdomain>, size=343, class=0, nrcpts=1, msgid=<201012031337.oB3DbXMg023379@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=rnd [127.0.0.1]
Dec 3 08:37:33 rnd sendmail[23379]: oB3DbXMg023379: to=my_email@hosting.provider.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oB3DbXgx023380 Message accepted for delivery)
Dec 3 08:37:34 rnd sendmail[23382]: STARTTLS=client, relay=smtp2.datarealm.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbXgx023380: to=<my_email@hosting.provider.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120343, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbXgx023380: oB3DbZgx023382: DSN: Service unavailable
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbZgx023382: to=<root@localhost.localdomain>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31578, dsn=2.0.0, stat=Sent

I still think this means my sendmail isn't doing the auth correctly, or at all, but I can't figure out why.

You miss LOGIN from the mechanisms:

Quote:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl

but you use it in

Quote:

AuthInfo:smtp2.datarealm.com:587 "U:user_in_base64" "I:user_in_base64" "P:my_password_in_base64" "M:LOGIN"
AuthInfo:587 "U:user_in_base64" "P:my_password_in_base64" "M:LOGIN"

Try to use "M:PLAIN" and see if it works.

Quote:

Originally Posted by bathory (Post 4179515)

You miss LOGIN from the mechanisms:
but you use it in
Try to use "M:PLAIN" and see if it works.

I added LOGIN to the mechanisms and recreated sendmail.cf, that should have fixed it also, right? I'm loathe to use PLAIN since that is completely in the clear (not that LOGIN is that much better with just base64 encoding)

Still fails:

Quote:

Dec 3 09:49:47 rnd sendmail[23578]: oB3EnkO2023578: from=root, size=46, class=0, nrcpts=1, msgid=<201012031449.oB3EnkO2023578@localhost.localdomain>, relay=root@localhost
Dec 3 09:49:47 rnd sendmail[23579]: oB3EnlIm023579: from=<root@localhost.localdomain>, size=343, class=0, nrcpts=1, msgid=<201012031449.oB3EnkO2023578@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=rnd [127.0.0.1]
Dec 3 09:49:47 rnd sendmail[23578]: oB3EnkO2023578: to=rickg@datarealm.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oB3EnlIm023579 Message accepted for delivery)
Dec 3 09:49:49 rnd sendmail[23581]: STARTTLS=client, relay=smtp2.datarealm.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnlIm023579: to=<rickg@datarealm.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120343, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnlIm023579: oB3EnnIm023581: DSN: Service unavailable
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnnIm023581: to=<root@localhost.localdomain>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31578, dsn=2.0.0, stat=Sent

Could there be something wrong with my SMART_HOST or the various MASQUERADE options?

Hi,

Quote:

I'm loathe to use PLAIN since that is completely in the clear (not that LOGIN is that much better with just base64 encoding)

I've reread sendmail documentation and if you want to use base-64 encoded username/password in /etc/mail/authinfo, you have to replace ":" with "=", like this:

Code:

AuthInfo:smtp2.datarealm.com:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

AuthInfo:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

HTH

Regards

Quote:

Originally Posted by bathory (Post 4180576)

Hi,

I've reread sendmail documentation and if you want to use base-64 encoded username/password in /etc/mail/authinfo, you have to replace ":" with "=", like this:

Code:

AuthInfo:smtp2.datarealm.com:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

AuthInfo:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

HTH

Regards

I'm still getting the following:

(reason: 554 5.7.1 <rickg@datarealm.com>: Relay access denied)

I'm ready to start tearing my hair out.

Hi,

Are you sure you use:

Quote:

define(`SMART_HOST',`smtp2.datarealm.com')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

If yes, try to remove the 2nd line, the port and maybe the U part from authinfo:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

and see if it works!

Quote:

Originally Posted by bathory (Post 4182558)

Hi,

Are you sure you use:

If yes, try to remove the 2nd line, the port and maybe the U part from authinfo:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

and see if it works!

Ok, I verified the sendmail.mc lines were as I posted (I had done cut-and-pastes, so was pretty sure).

I removed port from the first line, and the line that had just the port, tested that and it failed. I then removed the U: from the remaining line, and that also failed. I then, on a guess, tried to have both versions of the line...with the FQDN of the host, but with and without the port. That also failed.

Here is the current /etc/mail/auth/client-info file:

Quote:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"
AuthInfo:smtp2.datarealm.com:587 "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

Here is the last bounced email showing the failure:

Quote:

From MAILER-DAEMON@trg.homeip.net Mon Dec 6 15:11:51 2010
Date: Mon, 6 Dec 2010 15:11:51 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@trg.homeip.net>
To: <root@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="oB6KBpBT032554.1291666311/localhost.localdomain"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--oB6KBpBT032554.1291666311/localhost.localdomain

The original message was received at Mon, 6 Dec 2010 15:11:50 -0500
from rnd [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<rickg@datarealm.com>
(reason: 554 5.7.1 <rickg@datarealm.com>: Relay access denied)

----- Transcript of session follows -----
... while talking to smtp2.datarealm.com.:
>>> DATA
<<< 554 5.7.1 <rickg@datarealm.com>: Relay access denied
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

--oB6KBpBT032554.1291666311/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; rnd
Arrival-Date: Mon, 6 Dec 2010 15:11:50 -0500

Final-Recipient: RFC822; rickg@datarealm.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; smtp2.datarealm.com
Diagnostic-Code: SMTP; 554 5.7.1 <rickg@datarealm.com>: Relay access denied
Last-Attempt-Date: Mon, 6 Dec 2010 15:11:51 -0500

--oB6KBpBT032554.1291666311/localhost.localdomain
Content-Type: message/rfc822

Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (rnd [127.0.0.1])
by localhost.localdomain (8.14.2/8.14.2) with ESMTP id oB6KBnBT032552
for <rickg@datarealm.com>; Mon, 6 Dec 2010 15:11:50 -0500
Received: (from root@localhost)
by localhost.localdomain (8.14.2/8.14.2/Submit) id oB6KBnRA032551
for rickg@datarealm.com; Mon, 6 Dec 2010 15:11:49 -0500
Date: Mon, 6 Dec 2010 15:11:49 -0500
From: root <root@localhost.localdomain>
Message-Id: <201012062011.oB6KBnRA032551@localhost.localdomain>
To: rickg@datarealm.com
Subject: testing

testing

--oB6KBpBT032554.1291666311/localhost.localdomain--

I really appreciate the continued help in trying to diagnose/fix this.

I'm just curious because I've just tested this setup and it works :scratch:

Til now I was using out corporate mail server (on port 25) as a smarthost for sendmail running on my box at home.
So I've changed the relay port in sendmail.mc to 587 and it also worked, when I removed the port from authinfo. I've used tcpdump and saw that sendmail was contacting the smarthost on port 587 in both cases (with or without the port), but in the former case I was getting a DSN with a "No AUTH command command has been given" error.

Maybe your smarthost does not like the from: address, so change it to something other than root@localhost.local domain and test.
I don't know what else to think

Regards

Quote:

Originally Posted by bathory (Post 4182810)

I'm just curious because I've just tested this setup and it works :scratch:
Maybe your smarthost does not like the from: address, so change it to something other than root@localhost.local domain and test.
I don't know what else to think

I've been sending test emails just by using the command:

Code:

mail -s rickg@myprovider.com

How would I set the from? I though the MASQUERADE options were supposed to do that?

Use:

Code:

mail -s "Subject" -r someuser@somedomain.com rickg@myprovider.com

Quote:

How would I set the from? I though the MASQUERADE options were supposed to do that?

Apparently masquerade does not work (default for root)

Quote:

Originally Posted by bathory (Post 4183377)

Use:

Code:

mail -s "Subject" -r someuser@somedomain.com rickg@myprovider.com

Apparently masquerade does not work (default for root)

I had to do it this way:

Code:

mail -s"subject" <to:email> -- -f<from:email>

Still failed, no difference in the message.

I've tried running sendmail in a higher level of debugging messages, but I was not able to determine from the output if it was correctly doing authentication or not, do you have any recommendations on that, maybe better diagnostic messages would help.