Sendmail.mc entry for Smart Host on different port
Hi all, I use Scalix for email and point outbound SMTP connections to that of my ISP. The ISP recently started blocking 25, annoying lots of people of course.
Can anyone tell me how to modify the entry for the smart host server so that I can point to port 587 and also authenticate appropriately? thanks kh |
In your /etc/mail/sendmail.mc, try:
Code:
define(`SMART_HOST',`relay:your.relay.system.com')dnl (Note for googlers: if you ARE trying to relay through port 587, you probably want to use SMTP AUTH with it, here's how you do that: http://wiki.xdroop.com/space/sendmai...+a+smart+relay) |
mackdav,
well, I'm very close. Here's the log from the relay: Dec 22 23:52:40 lenny sendmail[30226]: STARTTLS=client, relay=smtp.isp.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Dec 22 23:52:40 lenny sendmail[30226]: mBN4qdfG030223: to=<"recipient">, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=122750, relay=smtp.isp.net [xx.xx.xx.xx], dsn=5.0.0, stat=Service unavailable I'm guessing the "verify=FAIL" is the problem. ISP seems to want to use TLS/SSL. Need a little help turning that on in sendmail. kh |
Nope, the way I read that the TLS session got set up -- verify=FAIL means something else. (Don't know what, though -- I think it means that the certs used to set up TLS were not externally verified.)
Usually "Service Unavailable" means that the receiving system won't relay for "<recipient>". Are you trying to relay through this system, or is it the destination? Are you doing the SMTP-AUTH bit as well? |
I'm trying to relay through this system (my ISP) from my email server, which worked previously on standard port 25 with the simple line in .mc:
define(`SMART_HOST',`smtp.comcast.net')dnl Of course now they've blocked 25; here is the current AUTH section: dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /usr/share/ssl/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH',`/etc/pki/tls/certs') dnl define(`confCACERT',`/etc/pki/tls/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/etc/pki/tls/certs/sendmail.pem') dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl ----------------------------------------------------------------- 1. Is the first section talking about AUTH for mail client connections? 2. Are the FEATURE lines setup right? Here is my current authinfo.db: AuthInfo:smtp.comcast.net "U:<username>" "P:<password>" "M:PLAIN" 1. Pretty sure I need to change the M parameter. Thanks again! kh |
Mine is DIGEST-MD5.
I think there is a way to ask the remote server what it will do. |
Had this same problem. The "M:PLAIN" was what worked for me, on smtp.comcast.net. They stopped using encryped authentication a bit ago, which caused problems on all my machines.
|
All times are GMT -5. The time now is 12:04 AM. |