SMTP Auth for Sendmail

From Nocrashwiki

My ISP, Bellsouth, along with just about every other major ISP, blocks port 25 outbound email from their dynamically assigned IP ranges (the IP address all the DSL and dial up customers receive).

This means your home Linux machine cant just send outbound email. In order to send outbound email you must first set your server to relay outbound mail to your ISPs server (which can be done with SMART_HOST in sendmail) and use SMTP_AUTH as a *CLIENT* to your ISPs mail server (Bellsouth for example requires SMTP_AUTH to their mailhost ,"mail.bellsouth.net", with PLAIN mech for authentication - many major ISPs do the same).

Many Linux distros use Sendmail as the default MTA (Fedora among them). There are many tutorials on the web concerning using Sendmail as an SMTP_AUTH server to accept incoming auth connections (such as JoreyBump, and a few years back there was my high level awesome mail server post :P). However, there are fewer that concern setting up Sendmail to use SMTP_AUTH as a client so that Sendmail itself can authenticate with another mail server (there are some such as this one for SBC/Yahoo - I just thought more and more specific info might be helpful).

In the case of BellSouth DSL I got a Fedora Sendmail setup working as follows (Core 4 with Sendmail 8.13.4 - Be advised, you should always BACKUP your existing conf files before you muck with them):

  • Note that the default locations on Fedora (and many distros) for Sendmail installed files is
"/etc/mail". sendmail.cf, sendmail.mc, access map, so on, are located at /etc/mail.
  • Check that your Sendmail binary has STARTTLS and SASL support:
sendmail -d0.1 -bv


(make sure STARTTLS and SASL are present in the output, this is the default on Fedora and other distors now so they are likely alread there - if you do not have these you need to backup and recompile sendmail to include them - see the aforementioned server oriented tutorials on this subject - Yes the client usage requires them.)

  • Edit your sendmail.mc to include the "smart host" option.
define(`SMART_HOST',`[mail.bellsouth.net]')


NOTE that the brackets are essential - they affect DNS and ISP based MX CNAME redirection - use them.

  • Edit your sendmail.mc to setup a map for "authinfo".
FEATURE(`authinfo',`hash /etc/mail/authinfo.db')


  • Check the rest of your sendmail.mc to make sure that things are sane and items relevant to STARTTLS and SASL

are uncommented and valid. For example check to ensure you have the certificate related entries (and that these entries are valid - you make have to create the sendmail.pem cert - from the cert dir "make sendmail.pem" assuming you have the OpenSSL libraries available): 

define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')


Make sure you also have the auth mechanisms defined/uncommented (I am not sure this should be required just for the client - but I had to enable to get things working): 

define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

Also you should turn up the logging temporarily in order to verify things: 

define(`confLOG_LEVEL', `20')dnl


  • Create the "authinfo" file in (the file that tells the SMTP_AUTH client what credentials to login with for what domain)
AuthInfo:[mail.bellsouth.net] "U:root"
"I:
user@bellsouth.net " "P:password" "M:LOGIN PLAIN"


  • With the newly edited "sendmail.mc" file use m4 (the sendmail macro burner) to create "sendmail.cf".
m4 sendmail.cf < sendmail.mc


  • With the newly created "authinfo" file make the authinfo.db which sendmail will use.
makemap hash /etc/mail/authinfo < /etc/mail/authinfo


  • Restart sendmail (default /etc/init.d/sendmail restart) and check the logs (default /etc/maillog) to make

sure there are no issues/errors/warnings. Errors such as unable to find STARTTLS certificate need to be addressed before you proceed, really there should be no errors or warnings, these have meanings. ;)

  • Run a map test to ensure that the "authinfo" db is being correctly picked up by your new sendmail configuration.
echo '/map authinfo AuthInfo:[mail.bellsouth.net]' | /usr/sbin/sendmail -bt



     If this is found and there is an entry then proceed, otherwise something is amiss with authinfo and that needs to be addressed.
  • Make an alias for the "root" user to go to an actual external email account (if not already done). For

example in /etc/aliases change the line under "Person that should get root's email" to go to

"root: user@gmail.com " where that is a valid external email account. Make sure to run "newaliases" to invoke.

  • Send an email to root and watch the logs.
mail root
Test
this is a test
Retrieved from "https://wiki.nocrash.net/index.php?title=SMTP_Auth_for_Sendmail&oldid=46"