Sendmail Smart Relay Configuring

Alexander Dalloz ad+lists at uni-x.org
Wed Feb 15 02:16:53 UTC 2006 

Am Mi, den 15.02.2006 schrieb Lovell Mcilwain um 1:08:

> So after your help with getting me started initially.  I found another 
> FAQ (http://www.cri.ch/linux/docs/sk0009.html) that gave me a step by 
> step of how to set up smtp relay for sendmail.
> 
> The additional steps I took were as follows:
> 
> Added the following to the sendmail.mc file:
> |* define(`SMART_HOST', `your-smtp-server')
> FEATURE(authinfo)dnl*
> *define(`RELAY_MAILER_ARGS', `TCP $h 587')
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')*

I would modify just 1 mailer and then define smart_host more specific.
Given you redefine the relay mailer to use port 587 outgoing then set

define(`SMART_HOST', `relay:your-smtp-server')dnl

Be aware that you need to put the smart host address into squared
brackets if the host has an MX record, which would cause the mail going
to a different, not intended host.

> Updated the sendmail.cf file
> ||* m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf*
> 
> Defined my account info in the AuthInfo file:
> ||* AuthInfo:<your-smtp-server> "U:<your-smtp-user>" 
> "P:<your-smtp-password>" "M:DIGEST-MD5"*
> Im not sure if the "M:" is correct since the server that I would be 
> logging into would be over TLS port 587 and usually just does a login 
> challenge and nothing more.  I don't know if I just need to specify login.

telnet <your smart host> 25
< greet message from smart host
> ehlo your.local.hostname

Now watch out which MECHs the server offers. You can't use DIGEST-MD5 if
the other server does not handle it.

> Updated the authinfo.db file
> |||*| makemap hash /etc/mail/authinfo < /etc/mail/authinfo|*
> |

Here I personally would use masquerading, maybe generics feature with it
in combination.

http://www.sendmail.org/m4/userdb.html

> Created a userdb for header rewriting
> |*|user:mailname foo at bar.com|*
> Created the userdb.db file
> *| makemap btree /etc/mail/userdb.db < /etc/mail/userdb|*
> 
> Sendmail, Tested, and got the following output:
> *[root at FC4FW mail]# /usr/sbin/sendmail -bv root at localhost
> root at localhost... deliverable: mailer local, user root
> 
> [root at FC4FW mail]# /usr/sbin/sendmail -bv lovell.mcilwain at gmail.com
> lovell.mcilwain at gmail.com... deliverable: mailer relay, host 
> foo.barr.com, user user at foo.com
> *
> This would leave me to belive that this was successful from what I see 
> in the output. But then I take a look at /var/log/maillog and find the 
> following:
> *
> *Feb 14 18:37:04 localhost sendmail[12272]: k1EEWlrh009414: 
> to=<lovell.mcilwain at gmail.com>, *ctladdr=<root at localhost.localdomain>* 
> (0/0), delay=09:04:17, xdelay=00:00:01, mailer=relay, pri=945174, 
> relay=foo.bar.com [11.222.333.444], dsn=5.0.0, *stat=Service unavailabl*e
> Feb 14 18:37:04 localhost sendmail[12272]: k1EEWlrh009414: 
> k1ENb3vE012272: *sender notify: Service unavailable

In your sendmail.mc you find a line

dnl define(`confLOG_LEVEL', `15')dnl

Remove the leading `dnl' and restart the sendmail service. Logging will
be more verbose then.
I suspect that the smart host you defined does not handle DIGEST-MD5
password challenges.

> *I thought the tutorial has gotten me closer to where I wanted to be but 
> can anyone else tell me what else Im missing to get this to work 
> properly?  The things I noticed off the top of my head were:
> 
> 1.The authentication method is wrong but I can't see any documentation 
> that states that the entry "M:login" will work.

If you call the smart host with an EHLO it will tell you what mechanism
it accepts (given it is properly configured it will handle it then).
Hope the remote server does STARTTLS sessions for LOGIN and PLAIN auth.

> 2. It still looks like the return mail is showing as 
> root at localhost.localdomain when I thought the usersdb.db file was 
> supposed to take care of this.  Did I need to restart sendmail or re run 
> the m4 command to update that there is now a usersdb.db in existance?

Do not test as root. root user has a special role: it is by default
defined as an exposed user. Always test as a mortal user.

> 3. Could this be an issue of not specifying the port number correctly 
> for sendmail to talk with the relay server properly?

I don't think so. If you think you made a mistake there you could sniff
the communication by running `tcpdump'.

> I know this mail was a bit lengthy but any help is appreciated :)

Much better you provide detailed information than a statement like "it
does not work" ;)

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 03:03:29 up 4 days, 11:54, load average: 0.04, 0.10, 0.14 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060215/cef79177/attachment-0001.sig>

More information about the fedora-list mailing list