LinuxQuestions.org - SMTP AUTH, Sendmail client to Postfix server

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - SMTP AUTH, Sendmail client to Postfix server (https://www.linuxquestions.org/questions/linux-general-1/smtp-auth-sendmail-client-to-postfix-server-847917/)

SMTP AUTH, Sendmail client to Postfix server

I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement.

I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there.

Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.

My /etc/mail/sendmail.mc file looks like this (comment lines removed):

Quote:

divert(-1)dnl
define(`SMART_HOST', `smtp2.datarealm.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl
define(`RELAY_MAILER', `esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`trg.homeip.net')dnl
FEATURE(masquerade_envelope)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

My /etc/mail/auth/client-info file looks like this (username and password obscured):

Quote:

AuthInfo:smtp2.datarealm.com:587 "U:user_in_base64" "I:user_in_base64" "P:my_password_in_base64" "M:LOGIN"
AuthInfo:587 "U:user_in_base64" "P:my_password_in_base64" "M:LOGIN"

I can successfully send a mail manually, as shown here:

Quote:

[root@rnd auth]# telnet smtp2.datarealm.com 587
Trying 65.23.128.130...
Connected to smtp2.datarealm.com.
Escape character is '^]'.
220 smtp2.datarealm.com ESMTP Postfix
EHLO my_personal_domain.com
250-smtp2.datarealm.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
user_in_base64
334 UGFzc3dvcmQ6
my_password_in_base64
235 2.7.0 Authentication successful
MAIL FROM: root@my_personal_domain.com
RCPT TO: my_email@hosting.provider.com
data
test message, very manually sent.
.
quit
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as 72383114BD00
221 2.0.0 Bye
Connection closed by foreign host.

But when I try to send a mail message from my server, it fails and sends back this bounce message:

Quote:

From MAILER-DAEMON@my_personal_domain.com Thu Dec 2 09:18:43 2010
Return-Path: <MAILER-DAEMON@my_personal_domain.com>
Received: from localhost (localhost)
by localhost.localdomain (8.14.2/8.14.2) id oB2EIg1k019691;
Thu, 2 Dec 2010 09:18:42 -0500
Date: Thu, 2 Dec 2010 09:18:42 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@my_personal_domain.com>
Message-Id: <201012021418.oB2EIg1k019691@localhost.localdomain>
To: <root@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="oB2EIg1k019691.1291299522/localhost.localdomain"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: RO

This is a MIME-encapsulated message

--oB2EIg1k019691.1291299522/localhost.localdomain

The original message was received at Thu, 2 Dec 2010 09:18:40 -0500
from rnd [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<my_email@hosting.provider.com>
(reason: 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied)

----- Transcript of session follows -----
... while talking to smtp2.datarealm.com.:
>>> DATA
<<< 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

--oB2EIg1k019691.1291299522/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; rnd
Arrival-Date: Thu, 2 Dec 2010 09:18:40 -0500

Final-Recipient: RFC822; my_email@hosting.provider.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; smtp2.datarealm.com
Diagnostic-Code: SMTP; 554 5.7.1 <my_email@hosting.provider.com>: Relay access denied
Last-Attempt-Date: Thu, 2 Dec 2010 09:18:42 -0500

--oB2EIg1k019691.1291299522/localhost.localdomain
Content-Type: message/rfc822

Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (rnd [127.0.0.1])
by localhost.localdomain (8.14.2/8.14.2) with ESMTP id oB2EIb1k019688
for <my_email@hosting.provider.com>; Thu, 2 Dec 2010 09:18:40 -0500
Received: (from root@localhost)
by localhost.localdomain (8.14.2/8.14.2/Submit) id oB2EIbex019687
for my_email@hosting.provider.com; Thu, 2 Dec 2010 09:18:37 -0500
Date: Thu, 2 Dec 2010 09:18:37 -0500
From: root <root@localhost.localdomain>
Message-Id: <201012021418.oB2EIbex019687@localhost.localdomain>
To: my_email@hosting.provider.com
Subject: testing

testing

--oB2EIg1k019691.1291299522/localhost.localdomain--

I'm at my wit's end (not that long a trip, I'll grant you), can anyone help?

Hi,

Take a look at this thread here at LQ (specially post #2)

Regards

Quote:

Originally Posted by bathory (Post 4179215)

Hi,

Take a look at this thread here at LQ (specially post #2)

Regards

Thanks for the reply bathory, but the URL didn't come through, can you repost?

Oups sorry for that
Here is the link: http://www.linuxquestions.org/questi...t-port-690852/

Regards

Quote:

Originally Posted by bathory (Post 4179375)

Oups sorry for that
Here is the link: http://www.linuxquestions.org/questi...nt-port-690852

I was able to find it, but strangely the URL itself didn't work...it would redirect to some other unrelated post, but I used some of the words from the URL in a search and found the post you were talking about.

Everything mentioned in that post, and the external article referenced, I have done, and it still fails.

Here is the relevant lines from /var/log/maillog from my most recent attempt:

Quote:

Dec 3 08:37:33 rnd sendmail[23379]: oB3DbXMg023379: from=root, size=46, class=0, nrcpts=1, msgid=<201012031337.oB3DbXMg023379@localhost.localdomain>, relay=root@localhost
Dec 3 08:37:33 rnd sendmail[23380]: oB3DbXgx023380: from=<root@localhost.localdomain>, size=343, class=0, nrcpts=1, msgid=<201012031337.oB3DbXMg023379@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=rnd [127.0.0.1]
Dec 3 08:37:33 rnd sendmail[23379]: oB3DbXMg023379: to=my_email@hosting.provider.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oB3DbXgx023380 Message accepted for delivery)
Dec 3 08:37:34 rnd sendmail[23382]: STARTTLS=client, relay=smtp2.datarealm.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbXgx023380: to=<my_email@hosting.provider.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120343, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbXgx023380: oB3DbZgx023382: DSN: Service unavailable
Dec 3 08:37:35 rnd sendmail[23382]: oB3DbZgx023382: to=<root@localhost.localdomain>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31578, dsn=2.0.0, stat=Sent

I still think this means my sendmail isn't doing the auth correctly, or at all, but I can't figure out why.

You miss LOGIN from the mechanisms:

Quote:

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl

but you use it in

Quote:

AuthInfo:smtp2.datarealm.com:587 "U:user_in_base64" "I:user_in_base64" "P:my_password_in_base64" "M:LOGIN"
AuthInfo:587 "U:user_in_base64" "P:my_password_in_base64" "M:LOGIN"

Try to use "M:PLAIN" and see if it works.

Quote:

Originally Posted by bathory (Post 4179515)

You miss LOGIN from the mechanisms:
but you use it in
Try to use "M:PLAIN" and see if it works.

I added LOGIN to the mechanisms and recreated sendmail.cf, that should have fixed it also, right? I'm loathe to use PLAIN since that is completely in the clear (not that LOGIN is that much better with just base64 encoding)

Still fails:

Quote:

Dec 3 09:49:47 rnd sendmail[23578]: oB3EnkO2023578: from=root, size=46, class=0, nrcpts=1, msgid=<201012031449.oB3EnkO2023578@localhost.localdomain>, relay=root@localhost
Dec 3 09:49:47 rnd sendmail[23579]: oB3EnlIm023579: from=<root@localhost.localdomain>, size=343, class=0, nrcpts=1, msgid=<201012031449.oB3EnkO2023578@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=rnd [127.0.0.1]
Dec 3 09:49:47 rnd sendmail[23578]: oB3EnkO2023578: to=rickg@datarealm.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oB3EnlIm023579 Message accepted for delivery)
Dec 3 09:49:49 rnd sendmail[23581]: STARTTLS=client, relay=smtp2.datarealm.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnlIm023579: to=<rickg@datarealm.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120343, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnlIm023579: oB3EnnIm023581: DSN: Service unavailable
Dec 3 09:49:49 rnd sendmail[23581]: oB3EnnIm023581: to=<root@localhost.localdomain>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31578, dsn=2.0.0, stat=Sent

Could there be something wrong with my SMART_HOST or the various MASQUERADE options?

Hi,

Quote:

I'm loathe to use PLAIN since that is completely in the clear (not that LOGIN is that much better with just base64 encoding)

I've reread sendmail documentation and if you want to use base-64 encoded username/password in /etc/mail/authinfo, you have to replace ":" with "=", like this:

Code:

AuthInfo:smtp2.datarealm.com:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

AuthInfo:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

HTH

Regards

Quote:

Originally Posted by bathory (Post 4180576)

Hi,

I've reread sendmail documentation and if you want to use base-64 encoded username/password in /etc/mail/authinfo, you have to replace ":" with "=", like this:

Code:

AuthInfo:smtp2.datarealm.com:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

AuthInfo:587 "U=user_in_base64" "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

HTH

Regards

I'm still getting the following:

(reason: 554 5.7.1 <rickg@datarealm.com>: Relay access denied)

I'm ready to start tearing my hair out.

Hi,

Are you sure you use:

Quote:

define(`SMART_HOST',`smtp2.datarealm.com')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

If yes, try to remove the 2nd line, the port and maybe the U part from authinfo:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

and see if it works!

Quote:

Originally Posted by bathory (Post 4182558)

Hi,

Are you sure you use:

If yes, try to remove the 2nd line, the port and maybe the U part from authinfo:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

and see if it works!

Ok, I verified the sendmail.mc lines were as I posted (I had done cut-and-pastes, so was pretty sure).

I removed port from the first line, and the line that had just the port, tested that and it failed. I then removed the U: from the remaining line, and that also failed. I then, on a guess, tried to have both versions of the line...with the FQDN of the host, but with and without the port. That also failed.

Here is the current /etc/mail/auth/client-info file:

Quote:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"
AuthInfo:smtp2.datarealm.com:587 "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

Here is the last bounced email showing the failure:

Quote:

From MAILER-DAEMON@trg.homeip.net Mon Dec 6 15:11:51 2010
Date: Mon, 6 Dec 2010 15:11:51 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON@trg.homeip.net>
To: <root@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="oB6KBpBT032554.1291666311/localhost.localdomain"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--oB6KBpBT032554.1291666311/localhost.localdomain

The original message was received at Mon, 6 Dec 2010 15:11:50 -0500
from rnd [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<rickg@datarealm.com>
(reason: 554 5.7.1 <rickg@datarealm.com>: Relay access denied)

----- Transcript of session follows -----
... while talking to smtp2.datarealm.com.:
>>> DATA
<<< 554 5.7.1 <rickg@datarealm.com>: Relay access denied
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients

--oB6KBpBT032554.1291666311/localhost.localdomain
Content-Type: message/delivery-status

Reporting-MTA: dns; localhost.localdomain
Received-From-MTA: DNS; rnd
Arrival-Date: Mon, 6 Dec 2010 15:11:50 -0500

Final-Recipient: RFC822; rickg@datarealm.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; smtp2.datarealm.com
Diagnostic-Code: SMTP; 554 5.7.1 <rickg@datarealm.com>: Relay access denied
Last-Attempt-Date: Mon, 6 Dec 2010 15:11:51 -0500

--oB6KBpBT032554.1291666311/localhost.localdomain
Content-Type: message/rfc822

Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (rnd [127.0.0.1])
by localhost.localdomain (8.14.2/8.14.2) with ESMTP id oB6KBnBT032552
for <rickg@datarealm.com>; Mon, 6 Dec 2010 15:11:50 -0500
Received: (from root@localhost)
by localhost.localdomain (8.14.2/8.14.2/Submit) id oB6KBnRA032551
for rickg@datarealm.com; Mon, 6 Dec 2010 15:11:49 -0500
Date: Mon, 6 Dec 2010 15:11:49 -0500
From: root <root@localhost.localdomain>
Message-Id: <201012062011.oB6KBnRA032551@localhost.localdomain>
To: rickg@datarealm.com
Subject: testing

testing

--oB6KBpBT032554.1291666311/localhost.localdomain--

I really appreciate the continued help in trying to diagnose/fix this.

I'm just curious because I've just tested this setup and it works :scratch:

Til now I was using out corporate mail server (on port 25) as a smarthost for sendmail running on my box at home.
So I've changed the relay port in sendmail.mc to 587 and it also worked, when I removed the port from authinfo. I've used tcpdump and saw that sendmail was contacting the smarthost on port 587 in both cases (with or without the port), but in the former case I was getting a DSN with a "No AUTH command command has been given" error.

Maybe your smarthost does not like the from: address, so change it to something other than root@localhost.local domain and test.
I don't know what else to think

Regards

Quote:

Originally Posted by bathory (Post 4182810)

I'm just curious because I've just tested this setup and it works :scratch:
Maybe your smarthost does not like the from: address, so change it to something other than root@localhost.local domain and test.
I don't know what else to think

I've been sending test emails just by using the command:

Code:

mail -s rickg@myprovider.com

How would I set the from? I though the MASQUERADE options were supposed to do that?

Use:

Code:

mail -s "Subject" -r someuser@somedomain.com rickg@myprovider.com

Quote:

How would I set the from? I though the MASQUERADE options were supposed to do that?

Apparently masquerade does not work (default for root)

Quote:

Originally Posted by bathory (Post 4183377)

Use:

Code:

mail -s "Subject" -r someuser@somedomain.com rickg@myprovider.com

Apparently masquerade does not work (default for root)

I had to do it this way:

Code:

mail -s"subject" <to:email> -- -f<from:email>

Still failed, no difference in the message.

I've tried running sendmail in a higher level of debugging messages, but I was not able to determine from the output if it was correctly doing authentication or not, do you have any recommendations on that, maybe better diagnostic messages would help.

What kind mail are you running? The -f option is used by sendmail to define the from: address.
Anyway I've managed to send mail through smtp2.datarealm.com, using your credentials (edit the post above to remove them, because they can be used by others too)
Anyway I've attached my sendmail.mc (rename .txt to .mc) and test

Regards

Quote:

Originally Posted by bathory (Post 4183715)

I'm getting some errors trying to process it. I fixed the first by creating the authinfo file and .db hash, sourced from the client-info file I had been using.

There was a reference to include a file which I don't have, so I commented that out, but there are still issues:

Code:

554 5.0.0 /etc/mail/sendmail.cf: line 1: invalid argument to V line: "ERSIONID(setup for l"

451 4.0.0 /etc/mail/sendmail.cf: line 5: fileclass: cannot open 'ATURE(authinfo,hash': No such file or directory

554 5.0.0 /etc/mail/sendmail.cf: line 10: unknown configuration line "LOCAL_RULESETS"

554 5.0.0 No local mailer defined

554 5.0.0 QueueDirectory (Q) option must be set

I copied the VERSIONID line from my original sendmail.mc, but that didn't seem to help.

Are we on the same sendmail version? The RPM for mine is: sendmail-8.14.2-1.fc8 (as delivered with Fedora Core 8).

Use the include statement in your sendmail.mc (include(`/usr/share/sendmail-cf/m4/cf.m4')dnl)
Other than that I guess you can keep the rest as is

Quote:

Originally Posted by bathory (Post 4183768)

Use the include statement in your sendmail.mc (include(`/usr/share/sendmail-cf/m4/cf.m4')dnl)
Other than that I guess you can keep the rest as is

Ok, missed the fact I had that line in my original sendmail.mc. Copied it in, re-did the m4 command and restarted, tried a test (setting the to: address to an alternate email address of mine, and setting the from: address to the same account that I'm trying to use to authenticate.

Test still failed, results here:

Code:

From MAILER-DAEMON@localhost.localdomain  Tue Dec  7 14:42:42 2010

Return-Path: <MAILER-DAEMON@localhost.localdomain>

Received: from localhost (localhost)

        by localhost.localdomain (8.14.2/8.14.2) id oB7Jggqe006084;

        Tue, 7 Dec 2010 14:42:42 -0500

Date: Tue, 7 Dec 2010 14:42:42 -0500

From: Mail Delivery Subsystem <MAILER-DAEMON@localhost.localdomain>

Message-Id: <201012071942.oB7Jggqe006084@localhost.localdomain>

To: postmaster@localhost.localdomain

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

        boundary="oB7Jggqe006084.1291750962/localhost.localdomain"

Subject: Postmaster notify: see transcript for details

Auto-Submitted: auto-generated (postmaster-notification)

Status: RO



This is a MIME-encapsulated message



--oB7Jggqe006084.1291750962/localhost.localdomain



The original message was received at Tue, 7 Dec 2010 14:42:42 -0500

from localhost



  ----- The following addresses had permanent fatal errors -----

<rickg@datarealm.com>

    (reason: 554 5.7.1 <rickg@datarealm.com>: Relay access denied)



  ----- Transcript of session follows -----

... while talking to smtp2.datarealm.com.:

>>> DATA

<<< 554 5.7.1 <rickg@datarealm.com>: Relay access denied

554 5.0.0 Service unavailable

<<< 554 5.5.1 Error: no valid recipients



--oB7Jggqe006084.1291750962/localhost.localdomain

Content-Type: message/delivery-status



Reporting-MTA: dns; localhost.localdomain

Received-From-MTA: DNS; rnd

Arrival-Date: Tue, 7 Dec 2010 14:42:42 -0500



Final-Recipient: RFC822; rickg@datarealm.com

Action: failed

Status: 5.7.1

Remote-MTA: DNS; smtp2.datarealm.com

Diagnostic-Code: SMTP; 554 5.7.1 <rickg@datarealm.com>: Relay access denied

Last-Attempt-Date: Tue, 7 Dec 2010 14:42:42 -0500



--oB7Jggqe006084.1291750962/localhost.localdomain

Content-Type: message/rfc822



Return-Path: <MAILER-DAEMON>

Received: from localhost (localhost)

        by localhost.localdomain (8.14.2/8.14.2) id oB7Jggqd006084;

        Tue, 7 Dec 2010 14:42:42 -0500

Date: Tue, 7 Dec 2010 14:42:42 -0500

From: Mail Delivery Subsystem <MAILER-DAEMON>

Message-Id: <201012071942.oB7Jggqd006084@localhost.localdomain>

To: <rickg@datarealm.com>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

        boundary="oB7Jggqd006084.1291750962/localhost.localdomain"

Subject: Returned mail: see transcript for details

Auto-Submitted: auto-generated (failure)



This is a MIME-encapsulated message



--oB7Jggqd006084.1291750962/localhost.localdomain



The original message was received at Tue, 7 Dec 2010 14:42:40 -0500

from rnd [127.0.0.1]



  ----- The following addresses had permanent fatal errors -----

<rgreene@xanodria.com>

    (reason: 554 5.7.1 <rgreene@xanodria.com>: Relay access denied)



  ----- Transcript of session follows -----

... while talking to smtp2.datarealm.com.:

>>> DATA

<<< 554 5.7.1 <rgreene@xanodria.com>: Relay access denied

554 5.0.0 Service unavailable

<<< 554 5.5.1 Error: no valid recipients



--oB7Jggqd006084.1291750962/localhost.localdomain

Content-Type: message/delivery-status



Reporting-MTA: dns; localhost.localdomain

Received-From-MTA: DNS; rnd

Arrival-Date: Tue, 7 Dec 2010 14:42:40 -0500



Final-Recipient: RFC822; rgreene@xanodria.com

Action: failed

Status: 5.7.1

Remote-MTA: DNS; smtp2.datarealm.com

Diagnostic-Code: SMTP; 554 5.7.1 <rgreene@xanodria.com>: Relay access denied

Last-Attempt-Date: Tue, 7 Dec 2010 14:42:41 -0500



--oB7Jggqd006084.1291750962/localhost.localdomain

Content-Type: message/rfc822



Return-Path: <rickg@datarealm.com>

Received: from localhost.localdomain (rnd [127.0.0.1])

        by localhost.localdomain (8.14.2/8.14.2) with ESMTP id oB7Jgdqd006081

        for <rgreene@xanodria.com>; Tue, 7 Dec 2010 14:42:40 -0500

Received: (from root@localhost)

        by localhost.localdomain (8.14.2/8.14.2/Submit) id oB7JgcS5006080

        for rgreene@xanodria.com; Tue, 7 Dec 2010 14:42:38 -0500

Date: Tue, 7 Dec 2010 14:42:38 -0500

From: rickg@datarealm.com

Message-Id: <201012071942.oB7JgcS5006080@localhost.localdomain>

To: rgreene@xanodria.com

Subject: testing



testing



--oB7Jggqd006084.1291750962/localhost.localdomain--





--oB7Jggqe006084.1291750962/localhost.localdomain--

Should we just give up, or do you think we are close? Really appreciate the time you've put into this so far, either way.

Rick

Well, I don't think we're close at all. In fact you're still getting the same "Relay access denied" error!
I guess you use an authinfo, like this:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

Other than that you can, try for once to use plain username/password and M:PLAIN in authinfo and see if you get something different.

Quote:

Originally Posted by bathory (Post 4183946)

Well, I don't think we're close at all. In fact you're still getting the same "Relay access denied" error!
I guess you use an authinfo, like this:

Code:

AuthInfo:smtp2.datarealm.com "I=user_in_base64" "P=my_password_in_base64" "M:LOGIN"

Other than that you can, try for once to use plain username/password and M:PLAIN in authinfo and see if you get something different.

*sigh* That didn't change anything.

I keep coming back to the thought that my sendmail, acting as a client, is not properly doing the authentication bit, since both you and I have manually connected to the SMTP daemon at my provider and made it work. How else can we test this?

Did you try the PLAIN auth option just in case? Or setup a mail client, like Thunderbird, to use directly your ISP mail server.

Quote:

since both you and I have manually connected to the SMTP daemon at my provider and made it work

I didn't use telnet on port 587 of your provider, but a mail command as in post #14.

If you feel adventurous you can install a sniffer like wireshark and watch the traffic from you box to the remote smtp server on port 587 and see if sendmail sends the correct credentials.

Quote:

Originally Posted by bathory (Post 4184886)

Did you try the PLAIN auth option just in case? Or setup a mail client, like Thunderbird, to use directly your ISP mail server.

I did try the plain, that was what my last post was about, sorry, I don't think I was very clear on that. PLAIN didn't help. Thunderbird is my Windows-based email client, and it works all the time.

Quote:

I didn't use telnet on port 587 of your provider, but a mail command as in post #14.

I did do the telnet to port 587, and ran the SMTP commands manually, using "AUTH LOGIN" and the base-64 encoded versions, and that did work.

Quote:

If you feel adventurous you can install a sniffer like wireshark and watch the traffic from you box to the remote smtp server on port 587 and see if sendmail sends the correct credentials.

I guess that's what I'll have to try...it's either that, or just give up at this point.

By, using telnet on smarthost port 587, you bypass sendmail, so it works. The strange thing is that sedmail is not working as a client to the smarthost with the same credentials.
Do you have cyrus-sasl or cyrus-sasl-2 installed? What gives?

Code:

sendmail -d0.1 -bv root |grep SASL

Quote:

Originally Posted by bathory (Post 4185251)

Code:

sendmail -d0.1 -bv root |grep SASL

Here's what I got trying that commmand:

Code:

# sendmail -d0.1 -bv root | grep SASL

NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS

And thinking ahead, here's my sasl RPM list:

Code:

# rpm -qa | grep sasl

cyrus-sasl-lib-2.1.22-8.fc8

cyrus-sasl-plain-2.1.22-8.fc8

cyrus-sasl-md5-2.1.22-8.fc8

cyrus-sasl-2.1.22-8.fc8

cyrus-sasl-devel-2.1.22-8.fc8

And currently running sasl processes:

Code:

# ps -ef | grep -i sasl

root    11476 16852  0 07:46 pts/1    00:00:00 grep -i sasl

root    17067    1  0 Dec01 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

root    17068 17067  0 Dec01 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

root    17069 17067  0 Dec01 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

root    17071 17067  0 Dec01 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

root    17072 17067  0 Dec01 ?        00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam

Well it was expected that sasl2 is installed, but I thought to ask anyway.
MAybe you can increase logging by adding

Code:

define(`confLOG_LEVEL', `20')dnl

in sendmail.mc, or starting sendmail from CLI using:

Code:

/usr/sbin/sendmail -L sm-mta -bd -q25m -O LogLevel=20 -X /tmp/smtp.log

and watch the logs

I just noticed these messages that were pulled out of the system logs by "logwatch":

Code:

Warning: STARTTLS file errors:

    client: file /etc/mail/certs/CA.cert.pem unsafe: No such file or directory

    server: file /etc/mail/certs/smtp.cert.pem unsafe: No such file or directory



 **Unmatched Entries**

    Subject:testing: 3 Time(s)

    STARTTLS=client, error: load verify locs /etc/mail/certs/, /etc/mail/certs/CA.cert.pem failed: 0: 1 Time(s)

    Subject:Returned.mail:see.transcript.for.details: 1 Time(s)

Could those be related?

Quote:

Originally Posted by bathory (Post 4185873)

Well it was expected that sasl2 is installed, but I thought to ask anyway.
MAybe you can increase logging by adding

Code:

define(`confLOG_LEVEL', `20')dnl

in sendmail.mc, or starting sendmail from CLI using:

Code:

/usr/sbin/sendmail -L sm-mta -bd -q25m -O LogLevel=20 -X /tmp/smtp.log

and watch the logs

Ok, it looks like my guess was right, sendmail isn't doing the authentication or doing it incorrectly, if I'm reading this right. However, I've no clue as to why...here's the entire /var/log/maillog contents, starting from the last restart of sendmail with the above changed added in.

Code:

Dec  9 10:42:02 rnd sendmail[12034]: alias database /etc/aliases rebuilt by rgreene

Dec  9 10:42:02 rnd sendmail[12034]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total

Dec  9 10:42:03 rnd sendmail[12041]: starting daemon (8.14.2): SMTP+queueing@01:00:00

Dec  9 10:42:03 rnd sendmail[12041]: STARTTLS: CRLFile missing

Dec  9 10:42:03 rnd sendmail[12041]: STARTTLS=server: file /etc/mail/certs/smtp.cert.pem unsafe: No such file or directory

Dec  9 10:42:03 rnd sendmail[12041]: started as: /usr/sbin/sendmail -bd -q1h

Dec  9 10:42:03 rnd sm-msp-queue[12049]: starting daemon (8.14.2): queueing@01:00:00

Dec  9 10:42:16 rnd sendmail[12054]: oB9FgEsf012054: from=rickg@datarealm.com, size=51, class=0, nrcpts=1, msgid=<201012091542.oB9FgEsf012054@localhost.localdomain>, relay=root@localhost

Dec  9 10:42:16 rnd sendmail[12055]: NOQUEUE: connect from rnd [127.0.0.1]

Dec  9 10:42:16 rnd sendmail[12055]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 ANONYMOUS LOGIN PLAIN, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: Milter: no active filter

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 220 localhost.localdomain ESMTP Sendmail 8.14.2/8.14.2; Thu, 9 Dec 2010 10:42:16 -0500

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: <-- EHLO localhost.localdomain

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-localhost.localdomain Hello rnd [127.0.0.1], pleased to meet you

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-ENHANCEDSTATUSCODES

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-PIPELINING

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-8BITMIME

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-SIZE

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-DSN

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-ETRN

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250-DELIVERBY

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250 HELP

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: <-- MAIL From:<rickg@datarealm.com> SIZE=51 AUTH=rickg@datarealm.com

Dec  9 10:42:16 rnd sendmail[12055]: ruleset=trust_auth, arg1=rickg@datarealm.com, relay=rnd [127.0.0.1], reject=550 5.7.1 <rickg@datarealm.com>... not authenticated

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250 2.1.0 <rickg@datarealm.com>... Sender ok

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: <-- RCPT To:<rgreene@xanodria.com>

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250 2.1.5 <rgreene@xanodria.com>... Recipient ok

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: <-- DATA

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 354 Enter mail, end with "." on a line by itself

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: Subject:testing

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: from=<rickg@datarealm.com>, size=335, class=0, nrcpts=1, msgid=<201012091542.oB9FgEsf012054@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=rnd [127.0.0.1]

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwA012055: --- 250 2.0.0 oB9FgGwA012055 Message accepted for delivery

Dec  9 10:42:16 rnd sendmail[12054]: oB9FgEsf012054: to=rgreene@xanodria.com, ctladdr=rickg@datarealm.com (0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30051, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oB9FgGwA012055 Message accepted for delivery)

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwB012055: <-- QUIT

Dec  9 10:42:16 rnd sendmail[12055]: oB9FgGwB012055: --- 221 2.0.0 localhost.localdomain closing connection

Dec  9 10:42:17 rnd sendmail[12057]: oB9FgGwA012055: SMTP outgoing connect on rnd

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS: ClientCertFile missing

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS: ClientKeyFile missing

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS: CRLFile missing

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client: file /etc/mail/certs/CA.cert.pem unsafe: No such file or directory

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client, error: load verify locs /etc/mail/certs/, /etc/mail/certs/CA.cert.pem failed: 0

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client: 12057:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/mail/certs/CA.cert.pem','r')

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client: 12057:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client: 12057:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:279:

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client, init=1

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client, start=ok

Dec  9 10:42:17 rnd sendmail[12057]: STARTTLS=client, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]:last message repeated 2 times

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=client, get_verify: 20 get_peer: 0xb8f65380

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=client, relay=smtp2.datarealm.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=client, cert-subject=/C=US/postalCode=54016/ST=Wisconsin/L=Hudson/streetAddress=PO+20Box+201616/O=Datarealm+20Internet+20Services,+20LLC/OU=Security+20Services/OU=Comodo+20PremiumSSL+20Wildcard/CN=*.datarealm.com, cert-issuer=/C=US/ST=UT/L=Salt+20Lake+20City/O=The+20USERTRUST+20Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware, verifymsg=unable to get local issuer certificate

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]: AUTH=client, relay=smtp2.datarealm.com., mech=, bits=0

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgGwA012055: to=<rgreene@xanodria.com>, delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120335, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgGwA012055: oB9FgIwA012057: DSN: Service unavailable

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]:last message repeated 2 times

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: to=<rickg@datarealm.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31555, relay=smtp2.datarealm.com. [65.23.128.130], dsn=5.7.1, stat=Service unavailable

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: alias MAILER-DAEMON => postmaster

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: alias postmaster => root

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: alias postmaster => root

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: oB9FgIwB012057: return to sender: Service unavailable

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwB012057: Subject:testing

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwB012057: Subject:Returned.mail:see.transcript.for.details

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwB012057: Subject:testing

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwB012057: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32579, dsn=2.0.0, stat=Sent

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwB012057: done; delay=00:00:00, ntries=1

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgIwA012057: done; delay=00:00:00, ntries=1

Dec  9 10:42:18 rnd sendmail[12057]: oB9FgGwA012055: done; delay=00:00:02, ntries=1

Dec  9 10:42:18 rnd sendmail[12057]: STARTTLS=read, info: fds=9/8, err=2

Dec  9 10:42:19 rnd sendmail[12057]: STARTTLS=client, SSL_shutdown not done

Strangely, it doesn't look like it's actually trying to contact the SMART_HOST relay, but it is just contacting itself??

Regarding the certs, I guess you're still using the sendmail.mc from my sendmail that is configured with TLS. Remove those lines in your sendmail.mc and recreate sendmail.cf.

At the beginning of the logs there is the connection to your sendmail while it's receiving your mail. The connection to smarthost start with:

Quote:

Dec 9 10:42:18 rnd sendmail[12057]: AUTH=client, relay=smtp2.datarealm.com., mech=, bits=0

I think that in fact this is your problem, i.e. mech is empty, instead of mech=LOGIN, but I don't know why is that happening!

Quote:

Originally Posted by bathory (Post 4186143)

Regarding the certs, I guess you're still using the sendmail.mc from my sendmail that is configured with TLS. Remove those lines in your sendmail.mc and recreate sendmail.cf.

I couldn't tell for certain what entries to comment out, can you clarify?

Remove the following:

Quote:

define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')
define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')

Quote:

Originally Posted by bathory (Post 4186275)

Remove the following:

Ok, got those out, less errors on the startup now.

Still getting that "mech=" blank entry, scratching my head on that one too.

Since I'm out of ideas, I suggest you to follow this tutorial written to use gmail as a smarthost on port 587.
To create the ssl certificates read #3 here