Sendmail.mc entry for Smart Host on different port
Hi all, I use Scalix for email and point outbound SMTP connections to that of my ISP. The ISP recently started blocking 25, annoying lots of people of course.
Can anyone tell me how to modify the entry for the smart host server so that I can point to port 587 and also authenticate appropriately?
In your /etc/mail/sendmail.mc, try:
(Note for googlers: if you ARE trying to relay through port 587, you probably want to use SMTP AUTH with it, here's how you do that: http://wiki.xdroop.com/space/sendmai...+a+smart+relay)
well, I'm very close. Here's the log from the relay:
Dec 22 23:52:40 lenny sendmail: STARTTLS=client, relay=smtp.isp.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Dec 22 23:52:40 lenny sendmail: mBN4qdfG030223: to=<"recipient">, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=122750, relay=smtp.isp.net [xx.xx.xx.xx], dsn=5.0.0, stat=Service unavailable
I'm guessing the "verify=FAIL" is the problem. ISP seems to want to use TLS/SSL. Need a little help turning that on in sendmail.
Nope, the way I read that the TLS session got set up -- verify=FAIL means something else. (Don't know what, though -- I think it means that the certs used to set up TLS were not externally verified.)
Usually "Service Unavailable" means that the receiving system won't relay for "<recipient>". Are you trying to relay through this system, or is it the destination?
Are you doing the SMTP-AUTH bit as well?
I'm trying to relay through this system (my ISP) from my email server, which worked previously on standard port 25 with the simple line in .mc:
Of course now they've blocked 25; here is the current AUTH section:
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
1. Is the first section talking about AUTH for mail client connections?
2. Are the FEATURE lines setup right?
Here is my current authinfo.db:
AuthInfo:smtp.comcast.net "U:<username>" "P:<password>" "M:PLAIN"
1. Pretty sure I need to change the M parameter.
Mine is DIGEST-MD5.
I think there is a way to ask the remote server what it will do.
Had this same problem. The "M:PLAIN" was what worked for me, on smtp.comcast.net. They stopped using encryped authentication a bit ago, which caused problems on all my machines.
|All times are GMT -5. The time now is 10:43 AM.|