LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-03-2010, 11:59 PM   #1
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Rep: Reputation: 15
Sendmail SMTP send doesn't work with OS X 10.6 mail.app clients


Hey there,

I've been having this problem since 10.6 released, but have until now been successful with the "just use Thunderbird" response. My sendmail server hasn't been changed, but as clients upgrade from OSX 10.5 to 10.6 suddenly mail.app will no longer connects to send SMTP messages through the server. (IMAP connections to the same server using the same user/pass combinations work perfectly) When I look at the logs, things basically stop right after the STARTTLS command.

Google indicates alot of people are having similar problems, but I'm not seeing any solutions. Do any of you administrate sendmail servers where some of your clients are using Apple's Mail.app on Snow Leopard, and if so what settings are you using?

At this point, I'm happy to make changes to the server to accommodate Apple's issue, I have too many Mac users connecting to my server. I just can't figure out what to change. I've enabled virtually every possible login authentication combination, and none of them work.

Thanks,
Ted Cox
 
Old 09-23-2010, 04:08 AM   #2
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Original Poster
Rep: Reputation: 15
I've just discovered that this problem also plagues iphones and ipod touch devices. They can connect to dovecot IMAP just fine, but can't send via sendmail.

Here's my sendmail.mc:

Code:
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confLOG_LEVEL', `9')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/heroesincCA.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/jeremiah-sendmail-07.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/private/jeremiah-sendmail-07.key')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
define(`confMAX_DAEMON_CHILDREN', `20')dnl
define(`confCONNECTION_RATE_THROTTLE', `3')dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
LOCAL_DOMAIN(`XXXXX.XX')dnl
FEATURE(`delay_checks')dnl
define(`MILTER', 1)
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m')

MAILER(smtp)dnl
MAILER(procmail)dnl
And here's the output log from the client (mail.app):

Code:
CONNECTED Sep 23 11:03:46.556 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0

CONNECTED Sep 23 11:03:46.556 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156ed500

READ Sep 23 11:03:47.013 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
220 xxx.xxx.xx ESMTP Sendmail 8.13.8/8.13.8; Thu, 23 Sep 2010 03:01:39 -0600

WROTE Sep 23 11:03:47.018 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
EHLO [192.168.0.101]

READ Sep 23 11:03:47.216 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
250-xxx.xxx.xx Hello mrclient.dslprovider.net [12.345.67.89], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP

WROTE Sep 23 11:03:47.219 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
STARTTLS

READ Sep 23 11:03:47.430 [kCFStreamSocketSecurityLevelNone]  -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
220 2.0.0 Ready to start TLS

READ Sep 23 11:03:47.648 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156ed500
* OK Dovecot ready.

WROTE Sep 23 11:03:47.652 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156f1710
1.12 CAPABILITY

READ Sep 23 11:03:47.853 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156f1710
* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS AUTH=PLAIN
1.12 OK Capability completed.

WROTE Sep 23 11:03:47.857 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156f1710
2.12 LOGIN ted ******

READ Sep 23 11:03:48.060 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x1156f1710
2.12 OK Logged in.

WROTE Sep 23 11:03:48.065 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x11cc02b80
3.12 CAPABILITY

READ Sep 23 11:03:48.265 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x11cc02b80
* CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS
3.12 OK Capability completed.

WROTE Sep 23 11:03:48.270 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x101c64980
4.12 LIST "" ""

READ Sep 23 11:03:48.535 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x101c64980
* LIST (\Noselect) "." ""
4.12 OK List completed.

WROTE Sep 23 11:03:48.540 [kCFStreamSocketSecurityLevelNegotiatedSSL]  -- host:xxx.xxx.xx -- port:993 -- socket:0x11a64c200 -- thread:0x101c64980
5.12 LOGOUT
If anyone has any thoughts, I'd really appreciate a push in the right direction. Thanks!
 
Old 09-18-2011, 08:09 PM   #3
VaughanR
LQ Newbie
 
Registered: Apr 2006
Posts: 2

Rep: Reputation: 1
Smile

I ran into the same problem the other day and still could not find any authoritative answer to this question, so I thought I would post my findings.

The issue seems to be the response that Mac Mail has when it looks at the certificate provided by sendmail. By looking at the log window in the Mac's Connection Doctor I noticed that the linux sendmail server was waiting for the Mac to respond to its "Ready to start TLS" handshake.

You can test whether TLS is working between the sendmail server and the Mac by using openssl on the Mac. In a terminal on the Mac I did:
# openssl s_client -connect your_sendmail_server_ip:your_smtp_port -starttls smtp

This told me that my certificate was expired. I updated the sendmail certificate on the server by running:
% /etc/pki/tls/certs/make sendmail

After running the same openssl command again, it confirmed I had a self-signed certificate as expected.
Using the ehlo ... command and then AUTH PLAIN ... command in openssl, I confirmed that I could login using credentials from the mac. To do this, you have to get the "user password" key to pass to the AUTH PLAIN command, I did this by (substitute username and password for your mail user and its password):
# echo -ne '\000username\000password' | openssl base64
and copying the output at the end of the AUTH PLAIN line.
The response I got was "OK Authenticated" so now I knew that I could login using TLS from the Mac. So why wasn't mail logging in?

Well my guess was that Mac mail checks the certificate and if it is not current or if it is self-signed it refuses to use it. Hence not responding to the server's "Ready to start TLS" response.

The fix was to setup the Mac mail account again, I followed the steps outlined in https://www2.suresupport.com/faq.php/80/483. This time when it came to answering the question about using the certificate (Step 4). I clicked 'View Certificate' and checked the box which said 'Always trust certificates from ...'. That was all it took and Mac mail was happy to send again.
 
1 members found this post helpful.
Old 09-19-2011, 01:58 AM   #4
tedcox
LQ Newbie
 
Registered: Jan 2004
Distribution: Fedora Core
Posts: 23

Original Poster
Rep: Reputation: 15
VaughanR,

Thanks. I bet that was exactly my problem. I switched to Zimbra a year ago, since I couldn't solve this. But I've been thinking about coming back to sendmail/dovecot as the maintenance is substantially easier.

Thanks for posting your solution.
 
Old 09-19-2011, 02:13 AM   #5
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 13.37, 14.0
Posts: 392

Rep: Reputation: 49
Maybe your authentication mechanism does not work. STRTTLS is successful but after this it is not able to authenticate.
Doevcot uses its own authentication mechanism so if it works with Doevcot it doesn't mean it should work with sendmail too.

To test it try to configure the sendmail temporarily to accept plain or login authentication without encryption. This should do it:
Quote:
define(`confAUTH_OPTIONS', `A')dnl
After you find out that its ok, you can return to encrypted communication. You should see the plain and login in the SMTP response like this:
Quote:
READ Sep 23 11:03:47.216 [kCFStreamSocketSecurityLevelNone] -- host:xxx.xxx.xx -- port:25 -- socket:0x1174d3500 -- thread:0x1174b7de0
250-xxx.xxx.xx Hello mrclient.dslprovider.net [12.345.67.89], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
What about the maillog of the sendmail? Does it contain some information about the error?
 
  


Reply

Tags
os x, sendmail, smtp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
want to send mail to other clients through terminals am_it_wild Linux - Networking 0 03-27-2009 03:24 PM
sendmail can't send to my smtp-server boggiTBU Linux - Server 1 09-03-2007 05:22 AM
Unable to send mail to some mail servers due smtp greetings malformed atotomex Linux - Networking 6 12-20-2005 04:38 PM
can't send email, smtp or sendmail dtra Linux - Software 1 11-19-2005 06:00 PM
SENDMAIL as an SMTP RELAY SERVER that can send email to internet. how? kublador Linux - Software 7 10-25-2003 08:43 AM


All times are GMT -5. The time now is 05:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration