Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Linux Forums > Linux - Desktop
User Name
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.


Search this Thread
Old 02-16-2008, 05:01 PM   #1
LQ Newbie
Registered: Apr 2006
Posts: 3

Rep: Reputation: 0
sendmail comcast authentication howto.

I wanted to be able to send email from my linux desktop. It turned out that emails from arbitrary IP addresses are not accepted by the majority of recipients' mail gateways anymore - the emails must come from a trusted source to be accepted.

Your favorite ISP or internet mail hosting service could be used to relay outgoing emails, you need to have an account with them to be able authenticate as the source of email. Once authenticated the relay will send your email on your behalf, and it will become much less likely to be rejected.

To make this (have a relay accept and forward your email) happen proved to be a very tricky task (at least for me, with 8 years of linux experience, mostly as a user and occasionally as an embedded kernel developer). It took a lot of googling and reading (including some excellent articles on this forum). I spent few hours figuring it all out.

There was no one place which would describe how to do it from beginning to end, and some things I discovered were not covered anywhere at all. I was very frustrated with the experience, and hope I can help others to get through this maze quicker.

So here goes, yet another howto.

Installing on a Ubuntu machine:
kv-a: ~ 4 > cat /proc/version
Linux version 2.6.22-14-generic (buildd@king) (gcc version 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)) #1 SMP Tue Dec 18 05:28:27 UTC 2007
The following commands were executed in the root mode, entered through
kv-a: ~ 5 > sudo bash
kv-a: ~ 1 #
If sendmail is not yet there, install it by runnig
apt-get instal sendmail
Once instalation is completed (it might be complaining about some FEATURE statements out of order or something to this respect - don't worry about it) you should be able to see the following:
kv-a: ~ 13 > sendmail -d0.1 -bv
Version 8.14.1

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = localhost
  (canonical domain name) $j = localhost.localdomain
         (subdomain name) $m = localdomain
              (node name) $k = kvasha

Notice: -bv may give misleading output for non-privileged user
Recipient names must be specified
Note the first string of output, the version number, also, make sure that STARTTLS and SASLv2 are in the list of 'Compiled with'. If either one is not there - you are up for a treat, you will need to build your own sendmail, I did not have to do it and do not cover the procedure here.

Now, make sure permissions are as expected, and missing directories are in place:
chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
chmod 0640 /etc/mail/*.{db,pag,dir}
chmod 0640 /etc/mail/statistics /var/log/
chmod 0600 /var/run/ /etc/mail/
chown root  /var/spool/mqueue
mkdir -p /var/run/sendmail/mta
chown smmta /var/run/sendmail/mta
chgrp smmsp /var/run/sendmail/mta
Don't worry if this complaints about some files not being present.

Now, root needs to be added to the smmsp group for the startup script to work:
kv-a: /etc/init.d 135 # rcsdiff /etc/group
RCS file: /etc/group,v
retrieving revision 1.1
diff -r1.1 /etc/group
< smmsp:x:122:
> smmsp:x:122:root
/etc/group will most likely be different in different installations. The important thing here is that root needs to be added at the end of the line for the smmsp group.

The startup file (/etc/init.d/sendmail) also needs modification, this is how I made it work (without this change start-stop-daemon could not create the PID file for sendmail. A wider context diff mode is chosen in case your version of /etc/init.d/sendmail is different and you can't use this patch directly. The important thing is that the directory where the PID file will be stored must be writable by root. This needs to be done in the script, because it eventually changes this directory's permissions before exiting:
kv-a: /etc/init.d 139 # rcsdiff -C 10 /etc/init.d/sendmail
RCS file: /etc/init.d/RCS/sendmail,v
retrieving revision 1.1
diff -C 10 -r1.1 /etc/init.d/sendmail
*** /etc/init.d/sendmail        2008/02/16 20:44:22     1.1
--- /etc/init.d/sendmail        2008/02/16 21:25:43
*** 247,266 ****
--- 247,267 ----
                # Allow Unix (local) connections betwixt MSP/MTA:
                touch $MTAL_SOCKET;
                # We can only afford to clean the MTA queues if running daemon mode,
                # otherwise, there is a chance that a cronjob might still be using
                # the queue...  Thats also why we don't clean the MSP queues herein.
                # cd to a safe place to stash core files...
+               chmod g+w  $MTA_ROOT;
                cd $MTA_ROOT;
                CMD="$START_MTAL_CMD -- $MTAL_PARMS";
                if [ "$LOG_CMDS" = "Yes" ]; then
                        logger -i -p mail.debug -- "$0 $CMD";
                $CMD &
                # Update permissions on smsocket
                sleep 2;
                chown $DAEMON_UID:smmsp $MTAL_SOCKET;
/etc/hosts also needs to be modified:
kv-a: /etc 10 # rcsdiff hosts
RCS file: hosts,v
retrieving revision 1.1
diff -r1.1 hosts
<     kvasha
>     kvasha localhost.localdomain
Of course your hostname will be different.

Phew, we are almost there. Now sendmail needs to be configured. In this setup I used as the relay. The following line had to be added to /etc/mail/access:
kv-a: /etc/mail 144 # rcsdiff /etc/mail/access
RCS file: /etc/mail/RCS/access,v
retrieving revision 1.1
diff -r1.1 /etc/mail/access
> "U:<your_comcast_user_name>" "I:<your_comcast_user_name>" "P:<your comcast password>" "PLAIN"
I am not sure both I: and U: tags are required, but it works and I don' care. Other providers could use different authentication schemes, this might require tweaking the "PLAIN" part.

Now, the actual sendmail configuration:
kv-a: /etc/mail 145 # cat /etc/mail/
#<standard file header skipped>
VERSIONID(`$Id:,v 1.2 2008/02/14 05:32:16 root Exp root $')
The MASQUERADE_AS line is required to hide your internal host name, you can put there domain name of your mail provider, or the one you own. The email sent from this machine would look at the recipient side as coming from username@<domain_name>.com where <domain_name> is the parameter of MASQUERIDE_AS above.

Different installations might have cf.m4 in different directories, check where yours is and modify the include() line if needed.

Now, I had to restart it so many times that I put all commands in a bare bone shell script (no error checking, watch for console output for anything suspicious). Here is the script:
kv-a: /etc/mail 146 # cat /etc/mail/Build
cd /etc/mail
access_user=$(ls -l access.db | awk '{ print $3}')
chown root access.db
makemap hash access < access
chown $access_user access.db
m4 >
/etc/init.d/sendmail restart
That's it folks, we are there:
kv-a: ~ 3 # cd /etc/mail
kv-a: /etc/mail 4 # chmod +x Build
kv-a: /etc/mail 5 # ./Build
 * Restarting Mail Transport Agent (MTA) sendmail [OK]
kv-a: /etc/mail 6 # 
kv-a: /etc/mail ls | mail
You should receive a directory listing at or wherever you sent it!

If something goes wrong along the way (and a lot of things could and did for me multiple times) - check out /var/log/mail.*, search google for error messages, and you will get there, good luck!

Last edited by Agasfer; 02-16-2008 at 05:14 PM.
Old 02-17-2008, 06:31 AM   #2
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,781
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
Very nice work! So this doesn't get completely buried, how about submitting it as a tutorial or part of the LQ Wiki?
Old 02-19-2008, 02:17 PM   #3
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 230Reputation: 230Reputation: 230
Originally Posted by Hangdog42 View Post
Very nice work!
So this doesn't get completely buried,
how about submitting it as a tutorial or part of the LQ Wiki?
I second both sentiments, especially the Wiki part
-- I can't effectively read wide posts in the forum due to some kind of LQ-Konqueror mal-interaction.
I suspect a CSS problem, but I don't know enough to be sure.
Old 02-20-2008, 12:27 AM   #4
LQ Newbie
Registered: Apr 2006
Posts: 3

Original Poster
Rep: Reputation: 0
guys, thank you for your encouragement, I'll look into adding this to the wiki.

The thing is that I found a lot of info on this forum just googling for keywords like `smtp' and `authentication'.
Old 02-20-2008, 07:30 AM   #5
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,781
Blog Entries: 1

Rep: Reputation: 412Reputation: 412Reputation: 412Reputation: 412Reputation: 412
That's OK, you took the time to pull together a nice how-to, which I haven't seen. This is something I've been meaning to set up on my server, it just hasn't floated to the top of my to-do list so this will definitely come in handy.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DISCUSSION: Comcast and KMail - HOWTO kittani LinuxAnswers Discussion 3 02-26-2007 05:04 PM
Howto configure sendmail SMARTHOST with authentication?? jfaberna Linux - Networking 3 02-22-2006 09:00 PM
wlan authentication howto? ArchNGEL Linux - Wireless Networking 1 10-03-2005 08:53 AM
Comcast Kmail - HOWTO kittani Linux - Newbie 2 06-26-2004 11:54 PM
Sendmail config for SMTP Auth - Problems with Comcast and AOL SForsgren Linux - Software 5 05-15-2003 11:20 PM

All times are GMT -5. The time now is 05:50 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration