View Full Version : sendmail and SMTP Auth(etification?) :-)

8th September 2006, 11:35 PM
Hallo Forum :-)

// First sorry my poor english knowlage
// Second sorry that I am a little bit better then a DAU :-)

My situation:

1.) I have a Fedora Core 3 Server here, and 5 Computers in local Network (Mac & Win)
2.) We send emails over our server using our provider.

Until last week, it functions everything nice, until our provider desidet to change from SMTP to SMTP with Auth. -> :-(

I read some of HowTo's and here and other Forums. I found a nice HowTo here (http://www.sendmail.org/%7Eca/email/auth.html) in Section: Using sendmail as a client with AUTH. It looks like easy to be understanded and so I try to import it in my config. But after long trys and readings it seams not to function for me.

I have the problem to understand infully the sendmail.mc

First question: what is the difference between:
define(`SMART_HOST',`smtp.your.provider')dnl and
dnl define(`SMART_HOST',`smtp.your.provider') and
dnl # define(`SMART_HOST',`smtp.your.provider')? OK the last one seems to be a comment, but what is the difference of the other two, and what is this "dnl"?

To come to the point, here is what I did:

A) I made a subdirectory /etc/mail/auth/
B) chmod 700 auth
C) I generate (via joe) a file named: /etc/mail/auth/client-info and content:

AuthInfo:smtp.myprovider.de "U:root" "I:MySMTP_Provider_User" "P:MySMTP_Provider_Password" "U.root" is realy letter by letter how it stays in my config. MySMTP_Provider_User and MySMTP_Provider_Password are replaced by my Username and Password, and smtp.myprovider.de is replaced by my provider. :-) So far, so good.

D) I generated the /etc/mail/auth/client-info.db via:

# makemap hash client-info < client-info
# chmod 600 client-info*

also OK..

E) now comes my problem: I tryed to change my sendmail.mc to use this login, how described at this HowTo site. here is my sendmail.mc (sorry for LOOONG listing):
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
VERSIONID(`setup for Red Hat Linux')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl #
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekey file')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl # ----- hier geaendert fuer SMTP -----
dnl DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl # FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl #
dnl # MASQUERADE_DOMAIN(mydomain.lan)dnl
define(`confDOMAIN_NAME', `nao-company.com')dnl I think anywhere here is the bug...

F) Then i made the "sendmail.mc" file via:
m4 sendmail.mc > sendmail.cf

G) .. and restarted the service sendmail via:

# /sbin/service sendmail restart

Everything looks nice, only the little point, that still no mails are sendet. So I made a little test. I stoped the sendmail service and started it via:

/usr/sbin/sendmail -bD -X /tmp/test.log one test email, for test, I can post the logfile, if asked here.

Can anyone help me? I wrote everything I know, and meanwhile I am fightig for this Problem for nearly a whole week :-(
Pleas help..

Mr Light :-)