Telling sendmail to auth?

Question

I've been sitting here for a few hours now attempting to get sendmail to send the emails through an external SMTP server. I've gotten very close, but now I'm completely stuck. It seems that sendmail isn't sending the authentication information I've set. Is there some configuration line I'm missing?

Please help. :(

Running CentOS 5.7

EDIT:

As requested, I'll add a few things from my sendmail here.

Where I've specified to use auth information:

FEATURE(authinfo',hash -o /etc/mail/auth/client-info.db')dnl

/etc/mail/auth/client-info:

AuthInfo:in.mailjet.com "U:myusername" "P:mypassword" "M:PLAIN"

Attempting to send an email:

# sendmail -AM -t -v
to:myemail@gmail.com
from:root@mydomain.com
.
myemail@gmail.com... Connecting to in6.mailjet.com. via relay...
220 in6.mailjet.com ESMTP Mailjet
>>> EHLO mydomain.com
250-in6.mailjet.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO mydomain.com
250-in6.mailjet.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
>>> MAIL From:<root@mydomain.com> SIZE=37
250 2.1.0 Ok
>>> RCPT To:<myemail@gmail.com>
>>> DATA
554 5.7.1 <myemail@gmail.com>: Relay access denied
554 5.5.1 Error: no valid recipients
>>> RSET
250 2.0.0 Ok
/root/dead.letter... Saved message in /root/dead.letter
Closing connection to in6.mailjet.com.
>>> QUIT
221 2.0.0 Bye

I'm assuming that this external provider requires SMTP AUTH. If so, **how** have you configured your local sendmail to send authentication information? — MadHatter, Feb 15 '12 at 09:57
@MadHatter You assume correctly. I'm not entirely sure if I've done this correctly; I've never messed with mail daemons before. I believe this is what should be telling it to auth: `define(`confAUTH_OPTIONS', `A p y')dnl` using information from `FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl` — Rob, Feb 15 '12 at 09:59
`confAUTH_OPTIONS A p y` relate almost entirely to sendmail's support for requiring clients to authenticate to it via SMTP AUTH, not having it authenticate to an upstream. — MadHatter, Feb 15 '12 at 10:08
That said, authinfo can indeed be used as you suggest. It might be useful to see some log output from sendmail when you try to relay via your upstream, plus the contents of the source to client-info.db (with passwords suitably redacted, of course). Local protocol is generally to edit these into your question, rather than appending a long series of qualifying comments, by the way! — MadHatter, Feb 15 '12 at 10:12
@MadHatter few things added in, hope it provides some insight to my problem. — Rob, Feb 15 '12 at 10:19
OK, it looks like you're never sending any authentication data. I've never used `authinfo` in this way before, so I can't help - but hopefully if someone comes along who has, they now have all the data they need to throw some light quickly upon the problem. — MadHatter, Feb 15 '12 at 10:26
@MadHatter Okay, well thanks for listing what I should provide. — Rob, Feb 15 '12 at 10:30
Hey try `yum erase sendmail -y` and `yum install postfix` :D Just kidding, but sendmail is a bit of a dinosaur and if it's not a problem for you, then switch to something like postfix — Martino Dino, Apr 13 '13 at 11:41
@MartinoDino Hey, what's wrong with sendmail? If it was good enough for the '80s, it's good enough now. Besides I'm sure postfix doesn't do UUCP or X400. So there ;-) — Jenny D, Jul 12 '13 at 16:00

score 1 · Answer 1 · answered May 09 '13 at 09:10

i had the same issue. Finally made it with several configurations.

/etc/mail/sendmail.mc
    define('SMART_HOST','smtp.yourdomain.com')dnl
    define('confAUTH_OPTIONS','A')dnl
    FEATURE('authinfo','hash -o /etc/mail/authinfo.db')dnl
    MASQUERADE_AS('yourdomain.com')dnl
    FEATURE(masquerade_envelope)dnl
    FEATURE(masquerade_entire_domain)dnl
    MASQUERADE_DOMAIN('yourdomain.com.')dnl
    FEATURE('relay_based_on_MX')dnl
    FEATURE('genericstable')dnl
    GENERICS_DOMAIN('localhost.localdomain')dnl

/etc/mail/authinfo (660 permissions)
    Authinfo:yourdomain.com "U:yoursmtpuserid" "P:yourpassword" "M:PLAIN"
    Authinfo: "U:yoursmtpuserid" "P:yourpassword" "M:PLAIN"

>makemap hash /etc/mail/authinfo < /etc/mail/authinfo

/etc/mail/access (660 permissions)
    connect:localhost.localdomain RELAY
    connect:localhost RELAY
    connect:127.0.0.1 RELAY

>makemap hash /etc/mail/access < /etc/mail/access


/etc/genericstable
    root youruseremail@yourdomain.com

>makemap hash /etc/mail/genericstable < /etc/mail/genericstable


/etc/named.conf
    options{
          listen-on port 53 {127.0.0.1;};
    };

>cp -f /etc/named.conf /var/named/chroot/etc/

/etc/resolve.conf
    nameserver  127.0.0.1
    nameserver  youriplocal
    domain      localdomain

>chkconfig -> named on
          -> saslauthd on
          -> sendmail on

>service named restart
>service saslauthd restart
>service sendmail restart

To test it you can execute:

sendmail -Am -t -v to:emaildestination from:youremail

I hope it works for you.

score 1 · Answer 2 · answered Mar 28 '19 at 10:54

1

My short configuration in sendmail.mc for SMTP Auth as a client for mailjet.com :

include(`/etc/mail/sasl/sasl.m4')dnl
define(`SMART_HOST', `[in-v3.mailjet.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl

587 because port 25 is blocked. STARTTLS and ESMTP are now automaticely in Sendmail. Before, libsasl2-modules (in addition to the not necessary libsasl2-modules-db) and sasl2-bin must be installed. Thinks to switch to START=yes in /etc/defa ult/saslauthd (in debian)

In access:

AuthInfo:mailjet.com "U:5xxxxx" "P:f6xxxxxx" "M:LOGIN PLAIN DIGEST-MD5 CRAM-MD5"

And finally, run /usr/share/sendmail/update_auth.

So, there are only 2 files to modify sendmail.mc and access. After of course, make in /etc/mail then service sendmail restart.

ps: A lot of tutorial, add :587 after AuthInfo:mailjet.com, it's AMHA an error. A debug -d60.5 (different lookup map) it's my prove.

answered Mar 28 '19 at 10:54

dge

41
4

Where does the `/etc/mail/sasl/sasl.m4` file come from? What does it contain? – Old Geezer Feb 19 '21 at 03:43
@old-geezer This file is generate from `/usr/share/sendmail/update_authm4`. It's for boot this mechanism and custom some variable like : `define(`confTO_AUTH', `2m')` `define(`confAUTH_REALM', `')` `define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN')` `TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN')` – dge Feb 19 '21 at 11:37
I got it to work by installing `sasl2-bin` and `libsasl2-modules`. It worked even when I removed that `include` line. – Old Geezer Feb 19 '21 at 14:55

score 0 · Answer 3 · answered Feb 15 '12 at 22:20

0

For sendmail, I usually manage SMTP auth by adding an entry in /etc/mail/access. A quick example for your setup is here:

# /etc/mail/access
# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
AuthInfo:in.mailjet.com "U:smmsp" "I:myusername" "P:mypassword" "M:PLAIN"

Save that and restart the sendmail daemon, /sbin/service sendmail restart.

answered Feb 15 '12 at 22:20

ewwhite

197,159
92
443
809

Did not fix it. :( – Rob Feb 15 '12 at 22:55
Maybe your host requires the submission port (587). Try it with "AuthInfo:in.mailjet.com:587..." – ewwhite Feb 15 '12 at 22:59
Still the same. :( – Rob Feb 15 '12 at 23:12
1

You do not have to restart sendmail when you update the access database. You have to rebuild the access database: makemap hash access < access – adamo Feb 19 '12 at 02:17

adamo · Answer 4 · 2012-02-19T20:16:45.533

0

Did you run:

makemap hash client-info < client-info

Unless you build the client-info.db file from the text one using the command above, the information that is in there, is not read by sendmail

EDIT #1:

From the bat book I copy that:

When sendmail connects to another host, and that other host offers to authenticate, that connected-to host’s IP address, hostname, and domain are looked up in the database.

If the IP address, host, or domain is not found, the connection is allowed, but sendmail will not attempt to authenticate it. Otherwise, the information in the matching right column is returned for sendmail to use.

You are connecting to in6.mailjet.com which is an MX for in.mailjet.com. So maybe you have to change your AuthInfo: line to:

AuthInfo:mailjet.com "U:myusername" "P:mypassword" "M:PLAIN"

EDIT #2:

You seem to have a minor typo in the FEATURE(authinfo) declaration:

FEATURE(`authinfo', `hash -o /etc/mail/auth/client-info.db')dnl

edited Feb 19 '12 at 20:16

answered Feb 19 '12 at 02:18

adamo

6,925
3
30
58

Yes, I've done that. – Rob Feb 19 '12 at 10:42
Could it be a typographical error then just like in [this question](http://serverfault.com/a/345050/25640)? – adamo Feb 19 '12 at 19:41
I re-edited my answer after consulting with the bat book. – adamo Feb 19 '12 at 19:57
That didn't solve it, either. I'll try your first edit. – Rob Feb 22 '12 at 03:26
Tried the first one, still no success. – Rob Feb 22 '12 at 03:31
Is it possible that you have not built the new sendmail.cf after editing sendmail.mc? Also please declare `FEATURE(authinfo)` as shown above in your .mc file. The procedure is: edit sendmail.mc, build sendmail.cf and then restart sendmail. – adamo Feb 22 '12 at 06:24
Done done done done and still failing :( – Rob Feb 22 '12 at 18:42

score 0 · Answer 5 · answered Mar 13 '13 at 14:05

Remove -o (optional) from feature authinfo and restart/reload sendmail. It will make sendmail refuse to start without access to authinfo map/file.

FEATURE(`authinfo',`hash ...')

Repeat sending you test email with tracking map lookups (includes tracking authinfo map lookups)

sendmail -d60.5 -AM -t -v

Does sendmail look for authinfo entries? [The answear should narrow list of possible problems]

Telling sendmail to auth?

5 Answers5

Linked