[SOLVED] Need help integrating sendmail with SendGrid

mfoley · 03-31-2020, 09:35 AM

I've just signed up for sendgrid using the SMTP relay method. I've used this method successfully with other smart hosts requiring authentication, but not with SendGrid. I'm hoping some LQ expert has configured sendgrid and can help me out.

My sendmail.mc file has:

Code:

define(`SMART_HOST',`smtp.sendgrid.net')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl

My /etc/mail/authinfo file has:

Code:

AuthInfo:smtp.sendgrid.net "U:myapikey" "P:mypw"

where myapikey is the keyname I created on the sendGrid site and mypw is the password they generated.

I built authinfo.db with 'makemap hash authinfo < authinfo'. Permissions on authinfo.db are -rw-r-----.

I've created /etc/sasl2/Sendmail.conf containing:

Code:

pwcheck_method: saslauthd
mech_list: EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

Permissions on that file and parent directory are: -rw-------.
saslauthd is running.

maillog has:

Code:

Mar 31 10:29:14 hiram sm-mta[19809]: STARTTLS=client, relay=smtp.sendgrid.net., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 31 10:29:14 hiram sm-mta[19809]: 02VETDmH019802: AUTH=client, available mechanisms do not fulfill requirements
Mar 31 10:29:14 hiram sm-mta[19809]: AUTH=client, relay=smtp.sendgrid.net., temporary failure, connection abort
Mar 31 10:29:14 hiram sm-mta[19809]: 02VETDmH019802: to=<mfoley@novatec-inc.com>, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120574, relay=smtp.sendgrid.net. [167.89.123.53], dsn=4.0.0, stat=Deferred: Temporary AUTH failure

Any idea what I'm doing wrong?

More ...
Actually, I just read that saslauthd is not needed unless someone is authenticating with me.

Later:
stopped saslauthd. Changed authinfo to

Code:

AuthInfo:smtp.sendgrid.net "U:myapikey" "P:mypw" "M:PLAIN"

New maillog results:

Code:

Mar 31 10:55:20 hiram sm-mta[23284]: STARTTLS=client, relay=smtp.sendgrid.net., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 31 10:55:20 hiram sm-mta[23284]: 02VEtIg8023277: to=<mfoley@novatec-inc.com>, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120587, relay=smtp.sendgrid.net. [167.89.115.53], dsn=4.0.0, stat=Deferred: Connection reset by smtp.sendgrid.net

Even later ...

I tried putting the AuthInfo stuff in access.db. Same results.

bathory · 04-01-2020, 07:19 AM

Hi,

Did you try to use port 587 (submission) to connect to the smarthost?
See this for more details

Regards

mfoley · 04-02-2020, 11:59 PM

Quote:

Originally Posted by bathory

Hi,

Did you try to use port 587 (submission) to connect to the smarthost?
See this for more details

Regards

Thanks for the feedback. I was using that page for setting up, but did not use port 587. The "Setup Guide" they sent me lists ports: 25, 587, 465, so I thought I could just use 25. Per your link, I added the following to my .mc file:

Code:

define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

Now, when I restart sendmail I get:

Code:

Apr  3 00:18:33 hiram sm-mta[5664]: STARTTLS=client, relay=smtp.sendgrid.net., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Apr  3 00:18:33 hiram sm-mta[5664]: 0334IWwu005657: to=<mfoley@novatec-inc.com>, delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120576, relay=smtp.sendgrid.net. [167.89.115.18], dsn=4.0.0, stat=Deferred

This time, I did not get the "Temporary AUTH failure", but the messages doesn't deliver. It retried 25 minutes later with the same log results.

port 587, as I understand it, is for TLS. This host does not have a TLS certificate. Before I go off and create one, would that be the problem with getting the "Deferred"?

A certificate gets created for a specific domain. This host has several domains. If I need to create a certificate, do I just pick one of them?

bathory · 04-03-2020, 03:55 AM

Hi,

Quote:

This time, I did not get the "Temporary AUTH failure", but the messages doesn't deliver. It retried 25 minutes later with the same log results.

port 587, as I understand it, is for TLS. This host does not have a TLS certificate. Before I go off and create one, would that be the problem with getting the "Deferred"?

A certificate gets created for a specific domain. This host has several domains. If I need to create a certificate, do I just pick one of them?

I guess you need to contact their support for specific help.
My advise to use the submission port (587), is because I use a similar setup using gmail as smarthost

BTW looking again your /etc/mail/authinfo and that of the gmail setup, I think you should use something like:

Code:

AuthInfo:smtp.sendgrid.net "U:root" "I:myapikey" "P:mypw"

mfoley · 04-03-2020, 06:14 PM

Quote:

Originally Posted by bathory

Hi,

I guess you need to contact their support for specific help.
My advise to use the submission port (587), is because I use a similar setup using gmail as smarthost

BTW looking again your /etc/mail/authinfo and that of the gmail setup, I think you should use something like:

Code:

AuthInfo:smtp.sendgrid.net "U:root" "I:myapikey" "P:mypw"

Tried your suggested AuthInfo config. Didn't work, but did return the "Temporary AUTH failure" much quicker!

I do have a ticket in, but nothing back from them yet. There is no support forum, or tech support email contact. You have to call sales!

scasey · 04-03-2020, 06:39 PM

This SendGrid page seems fairly comprehensive.
Oops. My bad. That link is for postfix, not sendmail. Bathory posted the relevant page in #2.
Sorry...

mfoley · 04-16-2020, 10:51 AM

I got some feedback from sendGrid tech support. Their setup page was confusing. I had to enter an Id string whereupon it returns a password. I understood the Id string to be the 'apikey', to correspond to "yourusername" in the link referenced in #2, and to be the U: parameter in the AuthInfo, but no. The U: parameter is literally "apikey"! Once I used that, it worked. Dunno what the Id string is used for, or why their documentation says "yourusername". It's not "yourusername".