Sendmail SMTP send doesn't work with OS X 10.6 mail.app clients
I've been having this problem since 10.6 released, but have until now been successful with the "just use Thunderbird" response. My sendmail server hasn't been changed, but as clients upgrade from OSX 10.5 to 10.6 suddenly mail.app will no longer connects to send SMTP messages through the server. (IMAP connections to the same server using the same user/pass combinations work perfectly) When I look at the logs, things basically stop right after the STARTTLS command.
Google indicates alot of people are having similar problems, but I'm not seeing any solutions. Do any of you administrate sendmail servers where some of your clients are using Apple's Mail.app on Snow Leopard, and if so what settings are you using?
At this point, I'm happy to make changes to the server to accommodate Apple's issue, I have too many Mac users connecting to my server. I just can't figure out what to change. I've enabled virtually every possible login authentication combination, and none of them work.
I've just discovered that this problem also plagues iphones and ipod touch devices. They can connect to dovecot IMAP just fine, but can't send via sendmail.
Here's my sendmail.mc:
I ran into the same problem the other day and still could not find any authoritative answer to this question, so I thought I would post my findings.
The issue seems to be the response that Mac Mail has when it looks at the certificate provided by sendmail. By looking at the log window in the Mac's Connection Doctor I noticed that the linux sendmail server was waiting for the Mac to respond to its "Ready to start TLS" handshake.
You can test whether TLS is working between the sendmail server and the Mac by using openssl on the Mac. In a terminal on the Mac I did:
# openssl s_client -connect your_sendmail_server_ip:your_smtp_port -starttls smtp
This told me that my certificate was expired. I updated the sendmail certificate on the server by running:
% /etc/pki/tls/certs/make sendmail
After running the same openssl command again, it confirmed I had a self-signed certificate as expected.
Using the ehlo ... command and then AUTH PLAIN ... command in openssl, I confirmed that I could login using credentials from the mac. To do this, you have to get the "user password" key to pass to the AUTH PLAIN command, I did this by (substitute username and password for your mail user and its password):
# echo -ne '\000username\000password' | openssl base64
and copying the output at the end of the AUTH PLAIN line.
The response I got was "OK Authenticated" so now I knew that I could login using TLS from the Mac. So why wasn't mail logging in?
Well my guess was that Mac mail checks the certificate and if it is not current or if it is self-signed it refuses to use it. Hence not responding to the server's "Ready to start TLS" response.
The fix was to setup the Mac mail account again, I followed the steps outlined in https://www2.suresupport.com/faq.php/80/483. This time when it came to answering the question about using the certificate (Step 4). I clicked 'View Certificate' and checked the box which said 'Always trust certificates from ...'. That was all it took and Mac mail was happy to send again.:D
Thanks. I bet that was exactly my problem. I switched to Zimbra a year ago, since I couldn't solve this. But I've been thinking about coming back to sendmail/dovecot as the maintenance is substantially easier.
Thanks for posting your solution.
Maybe your authentication mechanism does not work. STRTTLS is successful but after this it is not able to authenticate.
Doevcot uses its own authentication mechanism so if it works with Doevcot it doesn't mean it should work with sendmail too.
To test it try to configure the sendmail temporarily to accept plain or login authentication without encryption. This should do it:
|All times are GMT -5. The time now is 05:25 PM.|