LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-28-2013, 08:09 AM   #1
SteveT
Member
 
Registered: Oct 2003
Location: South East UK
Distribution: Fedora Core 16
Posts: 66

Rep: Reputation: 15
Sendmail - SSL/TLS - smtp.hosts.co.uk


I managed a while back to get sendmail working with my mail provider using authenticated access (from my laptop). That all worked fine, and I set up the system to send cron logs etc via EMail to my external mail address. Fine.

Over the past few days, the provider has moved to SSL/TLS and I am no longer getting the alerts sent from my laptop. The mail queue shows the messages as failing on auth.

As an aside, I also use Evolution to send/receive mail from the same laptop - and I have changed that config to use SSL for the smtp side ok - and mail is working fine through that client.

Now looking at sendmail config, it looks like I can build SSL into the product by either creating openssl certificates and then altering the sendmail.mc, rebuilding the .cf and restarting - or another solution seemed to be setting up an 'stunnel' connection.

Has anyone had a similar issue - and which option was 'simplest' (I'm just a dabbler rather than an expert!)?


PS the reason for mentioning Evo, was if Evo connects and sends ok, what certs does it use then to make the connection - and can I piggyback on one set of certs from sendmail?
 
Old 03-29-2013, 08:53 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,218

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
Quote:
Originally Posted by SteveT View Post
I managed a while back to get sendmail working with my mail provider using authenticated access (from my laptop). That all worked fine, and I set up the system to send cron logs etc via EMail to my external mail address. Fine.

Over the past few days, the provider has moved to SSL/TLS and I am no longer getting the alerts sent from my laptop. The mail queue shows the messages as failing on auth.

As an aside, I also use Evolution to send/receive mail from the same laptop - and I have changed that config to use SSL for the smtp side ok - and mail is working fine through that client. Now looking at sendmail config, it looks like I can build SSL into the product by either creating openssl certificates and then altering the sendmail.mc, rebuilding the .cf and restarting - or another solution seemed to be setting up an 'stunnel' connection.

Has anyone had a similar issue - and which option was 'simplest' (I'm just a dabbler rather than an expert!)?
Well, 'simplest' with SSL is a broad term. However, this document isn't too hard to follow, and should at least get you going:
http://aput.net/~jheiss/sendmail/tlsandrelay.shtml

Quote:
PS the reason for mentioning Evo, was if Evo connects and sends ok, what certs does it use then to make the connection - and can I piggyback on one set of certs from sendmail?
I don't think so, since (I believe), that Evolution keeps certificates in one of it's own .db files. You may want to contact your upstream relay provider, and just ask them for the certificate. Since you're authorized to have access, it shouldn't be an issue.
 
Old 03-29-2013, 10:21 AM   #3
SteveT
Member
 
Registered: Oct 2003
Location: South East UK
Distribution: Fedora Core 16
Posts: 66

Original Poster
Rep: Reputation: 15
TBOne,
I have been trying various things in the sendmail.mc based on a variety of suggestions from the web, but so far I have either failed to connect to the relay or got a 5.1.1 DSN (User Unknown). The authinfo file I have is basically the same - so I know that the user and password were fine, so the User Unknown appears to be related to the SSL settings.

I now have in the .mc:
.....
define(`SMART_HOST', `smtp.hosts.co.uk')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
FEATURE(`genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

....
define(`confAUTH_OPTIONS', `A p')dnl
.....
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
....
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confCRL', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl


I have created a sendmail.pem in the /etc/pki/tls/certs directory as another site said to create it by issuing a 'make sendmail.pem' in that directory - that seemed to work fine. I am not after using may laptop to relay 'other' users messages - just to send the CRON entries etc to my external EMail address.

So I seem to have the certs, the Auth'd login was already working - but still no joy - the latest changes - using the above settings and an 'AuthInfo' file of:
AuthInfo:smtp.hosts.co.uk "U:mail-user" "Password" "M:LOGIN"

give me log entries of:
Mar 29 14:38:44 retsol610 sendmail[10672]: r2TEci4E010672: from=username, size=246, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, relay=username@localhost
Mar 29 14:38:44 retsol610 sendmail[10673]: STARTTLS=server, relay=retsol610 [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Mar 29 14:38:44 retsol610 sendmail[10672]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256
Mar 29 14:38:44 retsol610 sendmail[10673]: r2TEciMv010673: from=<username@localhost.localdomain>, size=521, class=0, nrcpts=1, msgid=<201303291438.r2TEci4E010672@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=retsol610 [127.0.0.1]
Mar 29 14:38:45 retsol610 sendmail[10672]: r2TEci4E010672: to=username@aaa.bbb.ccc, ctladdr=username (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30246, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (r2TEciMv010673 Message accepted for delivery)
Mar 29 14:38:45 retsol610 sendmail[10675]: STARTTLS=client, relay=smtp.hosts.co.uk., version=TLSv1/SSLv3, verify=OK, cipher=AES256-SHA, bits=256/256
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: to=<username@aaa.bbb.ccc>, ctladdr=<username@localhost.localdomain> (500/500), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120521, relay=smtp.hosts.co.uk. [85.233.160.19], dsn=5.1.1, stat=User unknown
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEciMv010673: r2TEcjMu010675: DSN: User unknown
Mar 29 14:38:45 retsol610 sendmail[10675]: r2TEcjMu010675: to=username@xxx.yyy.zzz, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31837, relay=smtp.hosts.co.uk., dsn=4.0.0, stat=Deferred: Connection reset by smtp.hosts.co.uk.



I think I may need to start again, and reset the mc file. The problem is that I'm not sure what each part plays (ie whether I need to create my own certs via openssl - or whether the 'make sendmail.pem' was ok; whether I need to point the relay to port 465 (and alo then modify the authinfo accordingly); whether I need saslauthd running). I'm not sure either which of the settings in the mc file are to cater for sendmail being an SSL server rather than what I trying to achieve ie connect as an SSL client.

From what I've found, a few other people have had similar issues - but I haven't found one set of settings that agree with each other, and none so far have worked for me.


I'll try from the start again tomorrow.
 
  


Reply

Tags
sendmail, smtp, ssl, tls


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple Mailserver with sendmail, dovecot and SSL/TLS dsh Linux - Server 0 10-16-2008 02:11 PM
question with sendmail `smart_host' TLS/ssl on slackware current. ragebot Slackware 1 07-09-2008 10:55 PM
opensuse 10.3 and sending smtp via SSL/TLS newbuyer17 Linux - Server 1 02-27-2008 02:26 AM
TLS (SSL) Between Sendmail and Outlook sigtau66 Linux - Security 5 08-30-2006 09:40 PM
sendmail and SMTP hosts gw1500se Mandriva 0 07-19-2004 06:57 PM


All times are GMT -5. The time now is 08:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration