set up sendmail on my laptop

Pedroski · 10-04-2023, 02:50 PM

Can I set up sendmail at home on my laptop to actually send a mail from a simple contact page html file, using PHP?

My contact page works fine from my little cloud server, just trying to make it work at home, if that can be done!

Following this tutorial, I installed sendmail and related things.

It says I must have these lines in /etc/mail/sendmail.mc

Quote:

define(`SMART_HOST', `your.smtp.server')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl

I believe my smtp server is: qq.smtp.com for qq mail. But I remember when I used to fetch emails with Python, I needed the IMAP server and IMAP password.

As sudo, using nano, I created /etc/mail/authinfo with the following content:

Quote:

AuthInfo:qq.smtp.com "U:me@foxmail.com" "P:topsecret" "M:PLAIN"

/etc/mail/authinfo.db did not exist but was created with:

Quote:

sudo makemap hash /etc/mail/authinfo < /etc/mail/authinfo

Also, must I start all lines in /etc/mail/sendmail.mc with dnl ???

After following all the instructions from the link above, I did this in bash

Quote:

echo "This is a test email." | mail -s "Test Email" myname@gmail.com

But I did not get the email!

Any tips please?

bathory · 10-05-2023, 07:39 AM

Quote:

I believe my smtp server is: qq.smtp.com for qq mail. But I remember when I used to fetch emails with Python, I needed the IMAP server and IMAP password.

The smtp servername is smtp.qq.com. It also uses port 587 STARTTLS or 465 SSL for connecting, so you have to define that also.
For the rest, you can take a look at this tutorial written for gmail. Replace gmail.com with qq.com and test.

Always take o look mail logs, that will help you identify whatever problems may exist.

Regards

Pedroski · 10-05-2023, 10:13 AM

Thanks for your advice!

I keep getting verify=FAIL

Quote:

Oct 5 15:20:02 pedro-HP sm-mta[18496]: STARTTLS=client, relay=smtp.qq.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128

I changed part of sendmail.mc to this:

Quote:

define(`SMART_HOST', `smtp.qq.com:457')dnl

In /etc/mail/authinfo I tried with my normal password and with the IMAP password, still get verify=FAIL. Each time I ran

Quote:

sudo make -C /etc/mail

and reloaded sendmail, but to no avail!

I'll try using a gmail email address!

computersavvy · 10-05-2023, 11:27 AM

It is worth noting that almost all mail servers are configured to reject mail that does not originate from an authorized domain smtp host that is defined by dns, and a local smtp server usually only accepts outgoing email from hosts within its own defined IP address range..

For example, it is quite possible to read mail by imap from a users mail server even when remote, but sending mail by the same server that originates from an IP address that is outside the domain of that server will be rejected.

I previously had this issue when using a local isp and traveling. I could send and receive email from home, but when remote I could only read email, not send.

Using gmail has its own intricacies when not using the web interface.

bathory · 10-05-2023, 11:35 AM

Quote:

define(`SMART_HOST', `smtp.qq.com:457')dnl

There is no such port 457 used by smtp.
You should use the submission port 587 and not like you did above. Try the following instead:

Code:

define(`SMART_HOST',`[smtp.qq.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

Also in the authinfo file, you probably need:

Code:

AuthInfo: "U:root" "I:account@qq.com" "P:password"

The FAIL in the logs, means that sendmail failed to get the smarthost certificate (most likely because of the wrong port number).

As for using gmail for relaying, you need to allow less secure apps to access gmail, that I personally don't like...

Pedroski · 10-07-2023, 01:48 AM

Thanks again for the tips!

I changed /etc/mail/sendmail.mc using the information from bathory above.

Quote:

sudo nano /etc/mail/sendmail.mc

Then I ran

Quote:

sudo makemap hash /etc/mail/authinfo < /etc/mail/authinfo
sudo make -C /etc/mail
sudo /etc/init.d/sendmail reload

I also installed something called sasl2-bin Not sure what that is, some kind of support for mail.

Quote:

sudo apt install sasl2-bin

Then I sent this again:

Quote:

echo "This is a test email." | mail -s "Test Email" me@gmail.com

But I still get a verify=FAIL even though at the end it says stat=Sent!! Maybe it is as computersavvy says, I have no fixed ip, so I get rejected, because they don't know where it is coming from.

Like I said, on my little cloud the form for sending a message works fine! I am just changing my webhost and my webpage, I thought I could test the form page from home! Not so important!

Quote:

Oct 7 07:23:45 pedro-HP sendmail[6636]: 3976NjmR006636: from=pedro@pedro-HP, size=148, class=0, nrcpts=1, msgid=<202310070623.3976NjmR006636@pedro-HP.home>, relay=pedro@localhost
Oct 7 07:23:46 pedro-HP sm-mta[6637]: 3976NkYi006637: from=<pedro@pedro-HP.home>, size=373, class=0, nrcpts=1, msgid=<202310070623.3976NjmR006636@pedro-HP.home>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Oct 7 07:23:46 pedro-HP sendmail[6636]: 3976NjmR006636: to=<me@gmail.com>, ctladdr=pedro@pedro-HP (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30148, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (3976NkYi006637 Message accepted for delivery)
Oct 7 07:23:48 pedro-HP sm-mta[6639]: STARTTLS=client, relay=smtp.qq.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NkYi006637: to=<me@gmail.com>, ctladdr=<pedro@pedro-HP.home> (1000/1000), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120373, relay=smtp.qq.com. [IPv6:240e:ff:f100:8019:0:0:0:6a], dsn=5.0.0, stat=Service unavailable
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NkYi006637: 3976NmYi006639: DSN: Service unavailable
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NmYi006639: to=<pedro@pedro-HP.home>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent

Thanks for your advice!

jayjwa · 10-07-2023, 01:03 PM

You have two issues going on. The verify stuff is with TLS, and you need to configure your sendmail install with the proper CA, certificates, and CRLs for the hosts for it to verify correctly.

Code:

define(`confCACERT_PATH', `/etc/ssl/certs')dnl
define(`confCACERT', `/etc/ssl/CA/atr2-ca-crt.pem')dnl 
define(`confSERVER_CERT', `/etc/mail/atr2-smtp-srv-cert.pem')dnl
define(`confSERVER_KEY', `/etc/mail/atr2-smtp-srv-key.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/atr2-smtp-client-cert.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/atr2-smtp-client-key.pem')dnl
define(`confCRL',`/etc/ssl/revolk/crl-bundle.pem')dnl

or wherever you put them on your install. There's probably a package to get all the CA certs if you don't have them already. They may be in a different location on your system. If the cert is not available, you can often get it from the organization itself or use openssl s_client.

Code:

2023-10-07T13:44:42.515590-04:00 atr2 sm-mta[28996]: STARTTLS=server, relay=jayjwa@localhost [127.0.0.1], version=TLSv1.3, verify=OK, cipher=TLS_AES_256_GCM_SHA384, bits=256/256

The second issue is as stated, almost all mailservers using block lists (almost all of them) will block you unless you are using Gmail or another mega-provider. You can thank Spamhaus and the other over-zealous outfits like them for making email virtually unusable by us little people.

bathory · 10-07-2023, 03:26 PM

Quote:

But I still get a verify=FAIL even though at the end it says stat=Sent!! Maybe it is as computersavvy says, I have no fixed ip, so I get rejected, because they don't know where it is coming from.

As I told you before and jayjwa also posted above, you miss the qq.com CA, so your server fails to validate the certificate presented by smtp.qq.com
Maybe you need to add STARTTLS to sendmail

Quote:

Oct 7 07:23:45 pedro-HP sendmail[6636]: 3976NjmR006636: from=pedro@pedro-HP, size=148, class=0, nrcpts=1, msgid=<202310070623.3976NjmR006636@pedro-HP.home>, relay=pedro@localhost
Oct 7 07:23:46 pedro-HP sm-mta[6637]: 3976NkYi006637: from=<pedro@pedro-HP.home>, size=373, class=0, nrcpts=1, msgid=<202310070623.3976NjmR006636@pedro-HP.home>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Oct 7 07:23:46 pedro-HP sendmail[6636]: 3976NjmR006636: to=<me@gmail.com>, ctladdr=pedro@pedro-HP (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30148, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (3976NkYi006637 Message accepted for delivery)
Oct 7 07:23:48 pedro-HP sm-mta[6639]: STARTTLS=client, relay=smtp.qq.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NkYi006637: to=<me@gmail.com>, ctladdr=<pedro@pedro-HP.home> (1000/1000), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=120373, relay=smtp.qq.com. [IPv6:240e:ff:f100:8019:0:0:0:6a], dsn=5.0.0, stat=Service unavailable
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NkYi006637: 3976NmYi006639: DSN: Service unavailable
Oct 7 07:23:48 pedro-HP sm-mta[6639]: 3976NmYi006639: to=<pedro@pedro-HP.home>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, stat=Sent

Most likely smtp.qq.com does not like the sender email address (pedro@pedro-HP)
You can use masquerade to change the domain part to a FQDN one (pedro@your-domain.com)

Pedroski · 10-10-2023, 12:24 PM

Thanks again for tips and advice.

Please excuse my ignorance, I have created ssl keys so that I could ssl into my old cloud server.

That worked well, and I always used Filezilla to upload new html and php. (After testing it on this laptop.)

Where would I get certificates to put in /etc/mail/certs/ so that this: define(`confCACERT_PATH', `/etc/mail/certs/') could work?

At present there is no directory /etc/mail/certs/ and as such, also no certificates.

On my little cloud server I had a fixed ip, but apart from that, I did none of this stuff. Nevertheless my form.php worked fine. It sent an email to me using php mail().

Code:

$to1 = "me@foxmail.com";
$subject = $q1 . " message";
$headers = "From: me@some.com\r\n";
$headers .= 'Content-Type: text/plain; charset=utf-8';
mail($to1, $subject, $body, $headers);

I made another version of form.php so people could upload files, contact details and a message, but those were saved on the cloud, not emailed to anywhere.

But that is about the limit of my computer ability!!

bathory · 10-11-2023, 02:31 AM

Quote:

Please excuse my ignorance, I have created ssl keys so that I could ssl into my old cloud server.

This is ssh you using to connect, not ssl.

Anyway, here is an excerpt from a nice howto here at LQ about creating cert/key for sendmail STARTTLS:

Quote:

mkdir /etc/mail/certs
cd /etc/mail/certs
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 1865

When prompted for the Common Name be sure to enter the FQDN of your webserver i.e. www.mywebserver.com
Now that we have our own CA lets go ahead and make a certificate and sign it.

openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 1460

Note that the CA is good for 5 years (1865 days) and the cert is good for 4 years (1460 days). Its always a good idea to make the cert invalid before
the CA that signed it.

Next, we must put the right permissions on our cert as it contains sensitive data

chmod 600 sendmail.pem

Pedroski · 10-14-2023, 05:20 AM

Thanks for the tips

Oh, sorry, I was thinking of ssh keys for connecting to the cloud server!

I found this link for setting up Postfix in Ubuntu.

I read, "Setting up Postfix can be a daunting task!" so I am not very hopeful!

But on the cloud server, I think it is already set up, because, on my last cloud server, my contact form worked fine!

Pedroski · 10-16-2023, 03:27 AM

Hi again, now I am trying to use sendmail on my new cloud server.

I have set up sendmail on the cloud server according to the instructions here.

I get this error in /var/log/mail.log I used my real email@foxmail.com (foxmail is an alias for qq)

Maybe I need to put my domain name somewhere?

Goes to sleep

Quote:

pedro@ubuntu:/etc/mail$ sudo tail -f /var/log/mail.log
Oct 16 07:41:37 ubuntu sm-mta[9820]: 39G7LxLs009694: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:19:38, xdelay=00:00:00, mailer=esmtp, pri=210428, relay=mx1.qq.com., dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 07:51:35 ubuntu sm-mta[10298]: 39G7KxTg009686: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:30:36, xdelay=00:06:32, mailer=esmtp, pri=300428, relay=mx1.qq.com. [162.62.116.184], dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 07:51:35 ubuntu sm-mta[10298]: 39G7LxLs009694: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:29:36, xdelay=00:00:00, mailer=esmtp, pri=300428, relay=mx1.qq.com., dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 08:00:02 ubuntu sm-msp-queue[10362]: My unqualified host name (ubuntu) unknown; sleeping for retry
Oct 16 08:01:02 ubuntu sm-msp-queue[10362]: unable to qualify my own domain name (ubuntu) -- using short name
Oct 16 08:01:35 ubuntu sm-mta[10327]: 39G7KxTg009686: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:40:36, xdelay=00:06:32, mailer=esmtp, pri=390428, relay=mx1.qq.com. [162.62.116.184], dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 08:01:35 ubuntu sm-mta[10327]: 39G7LxLs009694: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:39:36, xdelay=00:00:00, mailer=esmtp, pri=390428, relay=mx1.qq.com., dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 08:11:35 ubuntu sm-mta[10377]: 39G7KxTg009686: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:50:36, xdelay=00:06:33, mailer=esmtp, pri=480428, relay=mx1.qq.com. [162.62.116.184], dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 08:11:35 ubuntu sm-mta[10377]: 39G7LxLs009694: to=<me@foxmail.com>, ctladdr=<www-data@ubuntu> (33/33), delay=00:49:36, xdelay=00:00:00, mailer=esmtp, pri=480428, relay=mx1.qq.com., dsn=4.0.0, stat=Deferred: Connection timed out with mx1.qq.com.
Oct 16 08:14:45 ubuntu sendmail[10679]: My unqualified host name (ubuntu) unknown; sleeping for retry

bathory · 10-16-2023, 06:25 AM

Quote:

Oct 16 08:00:02 ubuntu sm-msp-queue[10362]: My unqualified host name (ubuntu) unknown; sleeping for retry
Oct 16 08:01:02 ubuntu sm-msp-queue[10362]: unable to qualify my own domain name (ubuntu) -- using short name

You should use a nameserver to resolve hosts/domains when running your own mailserver.
As a workaround you can add first in /etc/hosts the following line:

Code:

127.0.0.1 ubuntu.example.com ubuntu localhost localhost.localdomain

Pedroski · 10-16-2023, 07:41 AM

Thanks!

Should I put my actual webpage name?

Like this:

127.0.0.1 www.mywebpage.com mywebpage localhost localhost.localdomain

Where mywebpage is actually my domain name??

My little cloud server is a Ubuntu 22.04 Server.

bathory · 10-16-2023, 10:35 AM

Quote:

Originally Posted by Pedroski

Thanks!

Should I put my actual webpage name?

Like this:

127.0.0.1 www.mywebpage.com mywebpage localhost localhost.localdomain

Where mywebpage is actually my domain name??

My little cloud server is a Ubuntu 22.04 Server.

According to the mail logs you posted previously, your hostname is ubuntu. If you want mail from your server to be accepted by other mailservers you need a FQDN for it. And this FQDN must be provided by a dns. The /etc/hosts file will work only locally for the mailserver itself.
When you connect to qq.com, their smtp server will ask a dns to resolve your IP and match it with your FQDN. In your case is sees as hostname just a plain ubuntu, so it closes connection in order to prevent "spam".

Now if you want to have also a webserver with the name www.mywebpage.com (and/or mywebpage.com), you can also put these names in /etc/hosts. But again they will be available only locally.
A different computer can access your webserver using your server's public IP, nut if you like that computer to use www.mywebpage.com you need again a dns, or add a similar entry in the other computer's hosts file.