Sendmail - SSL/TLS - smtp.hosts.co.uk
I managed a while back to get sendmail working with my mail provider using authenticated access (from my laptop). That all worked fine, and I set up the system to send cron logs etc via EMail to my external mail address. Fine.
Over the past few days, the provider has moved to SSL/TLS and I am no longer getting the alerts sent from my laptop. The mail queue shows the messages as failing on auth. As an aside, I also use Evolution to send/receive mail from the same laptop - and I have changed that config to use SSL for the smtp side ok - and mail is working fine through that client. Now looking at sendmail config, it looks like I can build SSL into the product by either creating openssl certificates and then altering the sendmail.mc, rebuilding the .cf and restarting - or another solution seemed to be setting up an 'stunnel' connection. Has anyone had a similar issue - and which option was 'simplest' (I'm just a dabbler rather than an expert!)? PS the reason for mentioning Evo, was if Evo connects and sends ok, what certs does it use then to make the connection - and can I piggyback on one set of certs from sendmail? |
Quote:
http://aput.net/~jheiss/sendmail/tlsandrelay.shtml Quote:
|
TBOne,
I have been trying various things in the sendmail.mc based on a variety of suggestions from the web, but so far I have either failed to connect to the relay or got a 5.1.1 DSN (User Unknown). The authinfo file I have is basically the same - so I know that the user and password were fine, so the User Unknown appears to be related to the SSL settings. I now have in the .mc: ..... define(`SMART_HOST', `smtp.hosts.co.uk')dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl FEATURE(`genericstable')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl .... define(`confAUTH_OPTIONS', `A p')dnl ..... TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl .... define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confCRL', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl I have created a sendmail.pem in the /etc/pki/tls/certs directory as another site said to create it by issuing a 'make sendmail.pem' in that directory - that seemed to work fine. I am not after using may laptop to relay 'other' users messages - just to send the CRON entries etc to my external EMail address. So I seem to have the certs, the Auth'd login was already working - but still no joy - the latest changes - using the above settings and an 'AuthInfo' file of: AuthInfo:smtp.hosts.co.uk "U:mail-user" "P:password" "M:LOGIN" give me log entries of: Mar 29 14:38:44 retsol610 sendmail[10672]: r2TEci4E010672: from=username, size=246, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, relay=username@localhost Mar 29 14:38:44 retsol610 sendmail[10673]: STARTTLS=server, relay=retsol610 [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256 Mar 29 14:38:44 retsol610 sendmail[10672]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Mar 29 14:38:44 retsol610 sendmail[10673]: r2TEciMv010673: from=<username@localhost.localdomain>, size=521, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=retsol610 [127.0.0.1] Mar 29 14:38:45 retsol610 sendmail[10672]: r2TEci4E010672: to=username@aaa.bbb.ccc, ctladdr=username (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (r2TEciMv010673 Message accepted for delivery) Mar 29 14:38:45 retsol610 sendmail[10675]: STARTTLS=client, relay=smtp.hosts.co.uk., version=TLSv1/SSLv3, verify=OK, cipher=AES256-SHA, bits=256/256 Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: to=<username@aaa.bbb.ccc>, ctladdr=<username@localhost.localdomain> (500/500), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120521, relay=smtp.hosts.co.uk. [85.233.160.19], dsn=5.1.1, stat=User unknown Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: r2TEcjMu010675: DSN: User unknown Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEcjMu010675: to=username@xxx.yyy.zzz, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31837, relay=smtp.hosts.co.uk., dsn=4.0.0, stat=Deferred: Connection reset by smtp.hosts.co.uk. I think I may need to start again, and reset the mc file. The problem is that I'm not sure what each part plays (ie whether I need to create my own certs via openssl - or whether the 'make sendmail.pem' was ok; whether I need to point the relay to port 465 (and alo then modify the authinfo accordingly); whether I need saslauthd running). I'm not sure either which of the settings in the mc file are to cater for sendmail being an SSL server rather than what I trying to achieve ie connect as an SSL client. From what I've found, a few other people have had similar issues - but I haven't found one set of settings that agree with each other, and none so far have worked for me. I'll try from the start again tomorrow. |
All times are GMT -5. The time now is 12:54 AM. |