TBOne,
I have been trying various things in the sendmail.mc based on a variety of suggestions from the web, but so far I have either failed to connect to the relay or got a 5.1.1 DSN (User Unknown). The authinfo file I have is basically the same - so I know that the user and password were fine, so the User Unknown appears to be related to the SSL settings.
I now have in the .mc:
.....
define(`SMART_HOST', `smtp.hosts.co.uk')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
FEATURE(`genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
....
define(`confAUTH_OPTIONS', `A p')dnl
.....
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
....
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confCRL', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
I have created a sendmail.pem in the /etc/pki/tls/certs directory as another site said to create it by issuing a 'make sendmail.pem' in that directory - that seemed to work fine. I am not after using may laptop to relay 'other' users messages - just to send the CRON entries etc to my external EMail address.
So I seem to have the certs, the Auth'd login was already working - but still no joy - the latest changes - using the above settings and an 'AuthInfo' file of:
AuthInfo:smtp.hosts.co.uk "U:mail-user" "P
assword" "M:LOGIN"
give me log entries of:
Mar 29 14:38:44 retsol610 sendmail[10672]: r2TEci4E010672: from=username, size=246, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, relay=username@localhost
Mar 29 14:38:44 retsol610 sendmail[10673]: STARTTLS=server, relay=retsol610 [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Mar 29 14:38:44 retsol610 sendmail[10672]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Mar 29 14:38:44 retsol610 sendmail[10673]: r2TEciMv010673: from=<username@localhost.localdomain>, size=521, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=retsol610 [127.0.0.1]
Mar 29 14:38:45 retsol610 sendmail[10672]: r2TEci4E010672: to=username@aaa.bbb.ccc, ctladdr=username (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (r2TEciMv010673 Message accepted for delivery)
Mar 29 14:38:45 retsol610 sendmail[10675]: STARTTLS=client, relay=smtp.hosts.co.uk., version=TLSv1/SSLv3, verify=OK, cipher=AES256-SHA, bits=256/256
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: to=<username@aaa.bbb.ccc>, ctladdr=<username@localhost.localdomain> (500/500), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120521, relay=smtp.hosts.co.uk. [85.233.160.19], dsn=5.1.1, stat=User unknown
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: r2TEcjMu010675: DSN: User unknown
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEcjMu010675: to=username@xxx.yyy.zzz, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31837, relay=smtp.hosts.co.uk., dsn=4.0.0, stat=Deferred: Connection reset by smtp.hosts.co.uk.
I think I may need to start again, and reset the mc file. The problem is that I'm not sure what each part plays (ie whether I need to create my own certs via openssl - or whether the 'make sendmail.pem' was ok; whether I need to point the relay to port 465 (and alo then modify the authinfo accordingly); whether I need saslauthd running). I'm not sure either which of the settings in the mc file are to cater for sendmail being an SSL server rather than what I trying to achieve ie connect as an SSL client.
From what I've found, a few other people have had similar issues - but I haven't found one set of settings that agree with each other, and none so far have worked for me.
I'll try from the start again tomorrow.