LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (https://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   sendmail comcast authentication howto. (https://www.linuxquestions.org/questions/linux-desktop-74/sendmail-comcast-authentication-howto-621678/)

Agasfer 02-16-2008 05:01 PM
sendmail comcast authentication howto.
 
I wanted to be able to send email from my linux desktop. It turned out that emails from arbitrary IP addresses are not accepted by the majority of recipients' mail gateways anymore - the emails must come from a trusted source to be accepted.

Your favorite ISP or internet mail hosting service could be used to relay outgoing emails, you need to have an account with them to be able authenticate as the source of email. Once authenticated the relay will send your email on your behalf, and it will become much less likely to be rejected.

To make this (have a relay accept and forward your email) happen proved to be a very tricky task (at least for me, with 8 years of linux experience, mostly as a user and occasionally as an embedded kernel developer). It took a lot of googling and reading (including some excellent articles on this forum). I spent few hours figuring it all out.

There was no one place which would describe how to do it from beginning to end, and some things I discovered were not covered anywhere at all. I was very frustrated with the experience, and hope I can help others to get through this maze quicker.

So here goes, yet another howto.

Installing on a Ubuntu machine:
Code:
kv-a: ~ 4 > cat /proc/version
Linux version 2.6.22-14-generic (buildd@king) (gcc version 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)) #1 SMP Tue Dec 18 05:28:27 UTC 2007
The following commands were executed in the root mode, entered through
Code:
kv-a: ~ 5 > sudo bash
kv-a: ~ 1 #
If sendmail is not yet there, install it by runnig
Code:
apt-get instal sendmail
Once instalation is completed (it might be complaining about some FEATURE statements out of order or something to this respect - don't worry about it) you should be able to see the following:
Code:
kv-a: ~ 13 > sendmail -d0.1 -bv
Version 8.14.1
 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS
                MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX
                NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
                TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = localhost
  (canonical domain name) $j = localhost.localdomain
        (subdomain name) $m = localdomain
              (node name) $k = kvasha
========================================================

Notice: -bv may give misleading output for non-privileged user
Recipient names must be specified
Note the first string of output, the version number, also, make sure that STARTTLS and SASLv2 are in the list of 'Compiled with'. If either one is not there - you are up for a treat, you will need to build your own sendmail, I did not have to do it and do not cover the procedure here.

Now, make sure permissions are as expected, and missing directories are in place:
Code:
chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
chmod 0640 /etc/mail/*.{db,pag,dir}
chmod 0640 /etc/mail/statistics /var/log/sendmail.st
chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
chown root  /var/spool/mqueue
mkdir -p /var/run/sendmail/mta
chown smmta /var/run/sendmail/mta
chgrp smmsp /var/run/sendmail/mta
Don't worry if this complaints about some files not being present.

Now, root needs to be added to the smmsp group for the startup script to work:
Code:
kv-a: /etc/init.d 135 # rcsdiff /etc/group
===================================================================
RCS file: /etc/group,v
retrieving revision 1.1
diff -r1.1 /etc/group
62c62
< smmsp:x:122:
---
> smmsp:x:122:root
/etc/group will most likely be different in different installations. The important thing here is that root needs to be added at the end of the line for the smmsp group.

The startup file (/etc/init.d/sendmail) also needs modification, this is how I made it work (without this change start-stop-daemon could not create the PID file for sendmail. A wider context diff mode is chosen in case your version of /etc/init.d/sendmail is different and you can't use this patch directly. The important thing is that the directory where the PID file will be stored must be writable by root. This needs to be done in the script, because it eventually changes this directory's permissions before exiting:
Code:
kv-a: /etc/init.d 139 # rcsdiff -C 10 /etc/init.d/sendmail
===================================================================
RCS file: /etc/init.d/RCS/sendmail,v
retrieving revision 1.1
diff -C 10 -r1.1 /etc/init.d/sendmail
*** /etc/init.d/sendmail        2008/02/16 20:44:22    1.1
--- /etc/init.d/sendmail        2008/02/16 21:25:43
***************
*** 247,266 ****
--- 247,267 ----
                #
                # Allow Unix (local) connections betwixt MSP/MTA:
                touch $MTAL_SOCKET;
                #
                # We can only afford to clean the MTA queues if running daemon mode,
                # otherwise, there is a chance that a cronjob might still be using
                # the queue...  Thats also why we don't clean the MSP queues herein.
                #clean_queues;
                #
                # cd to a safe place to stash core files...
+              chmod g+w  $MTA_ROOT;
                cd $MTA_ROOT;
                CMD="$START_MTAL_CMD -- $MTAL_PARMS";
                if [ "$LOG_CMDS" = "Yes" ]; then
                        logger -i -p mail.debug -- "$0 $CMD";
                        fi;
                $CMD &
                #
                # Update permissions on smsocket
                sleep 2;
                chown $DAEMON_UID:smmsp $MTAL_SOCKET;
/etc/hosts also needs to be modified:
Code:
kv-a: /etc 10 # rcsdiff hosts
===================================================================
RCS file: hosts,v
retrieving revision 1.1
diff -r1.1 hosts
2c2
< 127.0.1.1    kvasha
---
> 127.0.1.1    kvasha localhost.localdomain
Of course your hostname will be different.

Phew, we are almost there. Now sendmail needs to be configured. In this setup I used smtp.comcast.net as the relay. The following line had to be added to /etc/mail/access:
Code:
kv-a: /etc/mail 144 # rcsdiff /etc/mail/access
===================================================================
RCS file: /etc/mail/RCS/access,v
retrieving revision 1.1
diff -r1.1 /etc/mail/access
139a140
> AuthInfo:smtp.comcast.net "U:<your_comcast_user_name>" "I:<your_comcast_user_name>" "P:<your comcast password>" "PLAIN"
I am not sure both I: and U: tags are required, but it works and I don' care. Other providers could use different authentication schemes, this might require tweaking the "PLAIN" part.

Now, the actual sendmail configuration:
Code:
kv-a: /etc/mail 145 # cat /etc/mail/sendmail.mc
#<standard file header skipped>
include(`/usr/share/sendmail/cf/m4/cf.m4')
divert(0)dnl
VERSIONID(`$Id: sendmail.mc,v 1.2 2008/02/14 05:32:16 root Exp root $')
OSTYPE(linux)dnl
define(`SMART_HOST',`[smtp.comcast.net]')dnl
MASQUERADE_AS(`<domain_name>')dnl
FEATURE(masquerade_envelope)dnl
MAILER(smtp)dnl{
The MASQUERADE_AS line is required to hide your internal host name, you can put there domain name of your mail provider, or the one you own. The email sent from this machine would look at the recipient side as coming from username@<domain_name>.com where <domain_name> is the parameter of MASQUERIDE_AS above.

Different installations might have cf.m4 in different directories, check where yours is and modify the include() line if needed.

Now, I had to restart it so many times that I put all commands in a bare bone shell script (no error checking, watch for console output for anything suspicious). Here is the script:
Code:
kv-a: /etc/mail 146 # cat /etc/mail/Build
#!/bin/bash
cd /etc/mail
access_user=$(ls -l access.db | awk '{ print $3}')
chown root access.db
makemap hash access < access
chown $access_user access.db
m4 sendmail.mc > sendmail.cf
/etc/init.d/sendmail restart
That's it folks, we are there:
Code:
kv-a: ~ 3 # cd /etc/mail
kv-a: /etc/mail 4 # chmod +x Build
kv-a: /etc/mail 5 # ./Build
 * Restarting Mail Transport Agent (MTA) sendmail [OK]
kv-a: /etc/mail 6 #
kv-a: /etc/mail ls | mail you@yours.com
You should receive a directory listing at you@yours.com or wherever you sent it!

If something goes wrong along the way (and a lot of things could and did for me multiple times) - check out /var/log/mail.*, search google for error messages, and you will get there, good luck!

Hangdog42 02-17-2008 06:31 AM
Very nice work! So this doesn't get completely buried, how about submitting it as a tutorial or part of the LQ Wiki?

archtoad6 02-19-2008 02:17 PM
Quote:
Originally Posted by Hangdog42 (Post 3060184)
Very nice work!
So this doesn't get completely buried,
how about submitting it as a tutorial or part of the LQ Wiki?
I second both sentiments, especially the Wiki part
-- I can't effectively read wide posts in the forum due to some kind of LQ-Konqueror mal-interaction.
I suspect a CSS problem, but I don't know enough to be sure.

Agasfer 02-20-2008 12:27 AM
guys, thank you for your encouragement, I'll look into adding this to the wiki.

The thing is that I found a lot of info on this forum just googling for keywords like `smtp' and `authentication'.

Hangdog42 02-20-2008 07:30 AM
That's OK, you took the time to pull together a nice how-to, which I haven't seen. This is something I've been meaning to set up on my server, it just hasn't floated to the top of my to-do list so this will definitely come in handy.


All times are GMT -5. The time now is 08:32 PM.