-1

I realize there are a lot of posts on this topic, though after hours I am still unable to connect to gmail.

I noticed that the output does not include DIGEST-MD5 listed, could this be an issue?

Any thoughts would be great appreciated, thank you.

Testing output - /usr/sbin/sendmail -Am -d60.5 -v -i -f EMAIL_FROM -- EMAIL_TO

Replacements: HOST, EMAIL_TO, EMAIL_FROM - to hide my info

map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(host, hotmail.com, %0=hotmail.com) => hotmail.com. (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
EMAIL_TO@hotmail.com... Connecting to smtp.gmail.com port 587 via relay...
220 smtp.gmail.com ESMTP c142sm62872634pfb.23 - gsmtp
>>> EHLO host.HOST.us
250-smtp.gmail.com at your service, [2604:880:a:6::49]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
map_lookup(access, Try_TLS:smtp.gmail.com, %0=Try_TLS:smtp.gmail.com) => NOT FOUND (0)
map_lookup(access, Try_TLS:gmail.com, %0=Try_TLS:gmail.com) => NOT FOUND (0)
map_lookup(access, Try_TLS:com, %0=Try_TLS:com) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6:2607:f8b0:400e:c04::6d, %0=Try_TLS:IPv6:2607:f8b0:400e:c04::6d) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6:2607:f8b0:400e:c04, %0=Try_TLS:IPv6:2607:f8b0:400e:c04) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6:2607:f8b0:400e, %0=Try_TLS:IPv6:2607:f8b0:400e) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6:2607:f8b0, %0=Try_TLS:IPv6:2607:f8b0) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6:2607, %0=Try_TLS:IPv6:2607) => NOT FOUND (0)
map_lookup(access, Try_TLS:IPv6, %0=Try_TLS:IPv6) => NOT FOUND (0)
map_lookup(access, Try_TLS:, %0=Try_TLS:) => NOT FOUND (0)
>>> STARTTLS
220 2.0.0 Ready to start TLS
map_lookup(macro, {TLS_Name}, %0={TLS_Name}, %1=smtp.gmail.com) =>  (0)
map_lookup(access, TLS_Srv:smtp.gmail.com, %0=TLS_Srv:smtp.gmail.com) => NOT FOUND (0)
map_lookup(access, TLS_Srv:gmail.com, %0=TLS_Srv:gmail.com) => NOT FOUND (0)
map_lookup(access, TLS_Srv:com, %0=TLS_Srv:com) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6:2607:f8b0:400e:c04::6d, %0=TLS_Srv:IPv6:2607:f8b0:400e:c04::6d) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6:2607:f8b0:400e:c04, %0=TLS_Srv:IPv6:2607:f8b0:400e:c04) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6:2607:f8b0:400e, %0=TLS_Srv:IPv6:2607:f8b0:400e) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6:2607:f8b0, %0=TLS_Srv:IPv6:2607:f8b0) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6:2607, %0=TLS_Srv:IPv6:2607) => NOT FOUND (0)
map_lookup(access, TLS_Srv:IPv6, %0=TLS_Srv:IPv6) => NOT FOUND (0)
map_lookup(access, TLS_Srv:, %0=TLS_Srv:) => NOT FOUND (0)
>>> EHLO host.HOST.us
250-smtp.gmail.com at your service, [2604:880:a:6::49]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
map_lookup(authinfo, AuthInfo:smtp.gmail.com, %0=AuthInfo:smtp.gmail.com) => "U:root" "I:EMAIL_FROM@gmail.com" "P:ThePwd" "M:LOGIN PLAIN" (0)
>>> AUTH LOGIN
334 VXNlcm5hbWU6
>>> amNoYW1iZXJzLmRldkBnbWFpbC5jb20=
334 UGFzc3dvcmQ6
>>> R2F0b3JhZGUxMw==
534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbuS
534-5.7.14 Kjh2f9Ji2tN_QIHz37GgrtjUaZplTN6wTQCrTqS81MBGxZ_06YW_UStfTEeNrr22ojuR1m
534-5.7.14 hL5QeQZthDLzX_YFsm_CCKakd5IgiVSJR_q9P3oHWVG3vku1bZfyfjL-1H9W2asQNeSErX
534-5.7.14 TKklx2lrQouxJRfUDwjDKgEoRuNT2Sepk9ivzWTyAz8ts_Y6X7ZrZmKaTChYop6nA7UI8O
534-5.7.14 egJYhLam_mut3Dy7fdNcadDlFs6hM> Please log in via your web browser and
534-5.7.14 then try again.
534-5.7.14  Learn more at
534 5.7.14  https://support.google.com/mail/answer/78754 c142sm62872634pfb.23 - gsmtp
>>> AUTH PLAIN cm9vdABqY2hhbWJlcnMuZGV2QGdtYWlsLmNvbQBHYXRvcmFkZTEz
534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbtA
534-5.7.14 ZCJ1UdQ2ZBQLxWkMA8M5RLayX61Hbjuoqa-OwEBAynkDlLtuBK3e-UMiOCVnmhtoTLq0_O
534-5.7.14 KayzsmxccKQ8ak2jO5qzEdL6DuZh5KpkbUpIusonC-FpfGjq162R0gzQi1jKB-SmAkh3lG
534-5.7.14 ezDlPu5uxJXUQY3gGqmLD4DWBuTAscp5NheklEtCzg1dqbkkjBnXZlWdEyMLJrS20RKSU8
534-5.7.14 hcAKMtbvybC4BBchJlj7FH0Wpw4HA> Please log in via your web browser and
534-5.7.14 then try again.
534-5.7.14  Learn more at
534 5.7.14  https://support.google.com/mail/answer/78754 c142sm62872634pfb.23 - gsmtp
>>> MAIL From:<EMAIL_FROM@gmail.com> SIZE=77
530-5.5.1 Authentication Required. Learn more at
530 5.5.1  https://support.google.com/mail/?p=WantAuthError c142sm62872634pfb.23 - gsmtp
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(dequote, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(host, hotmail.com, %0=hotmail.com) => hotmail.com. (0)
EMAIL_FROM@gmail.com... Using cached ESMTP connection to smtp.gmail.com via relay...
>>> RSET
250 2.1.5 Flushed c142sm62872634pfb.23 - gsmtp
>>> MAIL From:<>
530-5.5.1 Authentication Required. Learn more at
530 5.5.1  https://support.google.com/mail/?p=WantAuthError c142sm62872634pfb.23 - gsmtp
map_lookup(dequote, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
map_lookup(dequote, postmaster, %0=postmaster) => NOT FOUND (0)
map_lookup(dequote, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
map_lookup(dequote, MAILER-DAEMON, %0=MAILER-DAEMON) => NOT FOUND (0)
map_lookup(host, gmail.com, %0=gmail.com) => gmail.com. (0)
MAILER-DAEMON... Saved message in /var/lib/sendmail/dead.letter
Closing connection to smtp.gmail.com
>>> QUIT
221 2.0.0 closing connection c142sm62872634pfb.23 - gsmtp

sendmail.mc - showing only what I changed

MAILER_DEFINITIONS
dnl#
define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl#
FEATURE(`authinfo',`hash /etc/mail/auth/auth-info.db')dnl
dnl#
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/ca-cert.crt')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl
dnl #
define(`confAUTH_OPTIONS', `A p y')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

Setup script

#!/bin/bash

cd /etc/mail

echo
echo

if [ ! -d "/etc/mail/auth" ]; then
  /bin/mkdir /etc/mail/auth
fi

rm -rf /var/spool/mqueue/*
rm -rf /var/spool/mqueue-client/*
rm -rf /etc/mail/certs


if [ ! -d "/etc/mail/certs" ]; then
    echo "CERT"
    echo

    /bin/mkdir /etc/mail/certs
    cd /etc/mail/certs

    /usr/bin/openssl req \
        -x509 -nodes -days 365 -sha384 \
        -subj '/C=US/ST=California/L=Westminster/CN=host.DOMAIN.us' \
        -newkey rsa:2048 -keyout ca-cert.pem -out ca-cert.crt

    /usr/bin/openssl req \
        -x509 -nodes -days 365 -sha384 \
        -subj '/C=US/ST=California/L=Westminster/CN=host.DOMAIN.us' \
        -newkey rsa:2048 -keyout sendmail.pem -out sendmail.pem

    /bin/cat /srv/scripts/ca-google.txt >> ./ca-cert.crt

    /bin/chmod 0600 ./*

    cd /etc/mail

    echo
fi



echo "AuthInfo:smtp.gmail.com  \"U:root\" \"I:EMAIL_FROM@gmail.com\" \"P:ThePwd\" " > ./auth/auth-info
echo "AuthInfo: \"U:root\" \"I:EMAIL_FROM@gmail.com\" \"P:ThePwd\" " >> ./auth/auth-info
/usr/sbin/makemap hash ./auth/auth-info.db < ./auth/auth-info
/bin/chmod 0600 ./auth/*

/bin/cp /srv/scripts/sendmail.mc /etc/mail/sendmail.mc
/bin/cp /srv/scripts/sendmail.mc /usr/share/sendmail/cf/debian/sendmail.mc
/usr/bin/m4 sendmail.mc > sendmail.cf
#/usr/bin/make -C /etc/mail
/bin/sh /etc/init.d/sendmail restart

echo
echo

CA-Google.txt

-----BEGIN CERTIFICATE-----
MIIEgDCCA2igAwIBAgIIeD5JWPwgbC4wDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYxMTEwMTU1MjM4WhcNMTcwMjAyMTUzMTAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu8hp6
49Q6yFc1oXjE/BF0rmAgNwa3LjlzyFos46FPOhTG+4r+jyhOdjvBpdp7TA+3vI5y
3nhqVXl00EvhIvOQ7w0cMpOCRYtFSUIP2//eSuCFENL4mr+DeY8QPIL48Pg33tCT
laUGVGrSEkNId3Sh/TfWwvW4LzPXzYkWZ/oBOp6yXHWN2pqdaY1xQMWleBBGT0g0
pRzoN5iehiThFddu4XpLyT6Tz6hoj2ri1r9LlrOZF7ZR1aNhXTcGcw5LLI/Ap9Tm
R7FhSR5XYiUCmkij81Ra7lGHxyCbbFgs+Dug2o9jKp9CoNTKjUvSkVV1qZ/Too80
lEFuAA6pXctH5s7zAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBRe+GRFPyCZGExoLYvnGMSjpmjBcjAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAgCIi5DL0iR9gJYyU
1uiXGwEr2RkSS8I8t1Ep7CSKcnZXCvLkqzUBhie3mzBb8IvQoiihiTMtCzT80pGZ
bWJvfRcRcrV3BT6hh9y2gW4kmVwkNyJKSQsAs5bMfgnQ1K4YgPhDx9ZVhtX64cvE
aKlMaoW7boX/Y+WEJDLI846+qXIja5Yj29GQbP3v1wZsVykkx+RpIMlVgnpqKIgb
erKxn6cpIvc99hkM3s5ssCrCul9H3a+/2uKp3gkliyRcGSq+3Ksoch/H/7DEdVPg
mbHjTW/y8b3+shfV1F3aReJDaL9rpw6dvGGgjR7hFHTYwDZ8wn5XOwSkBoq1cnm3
aNQWGA==
-----END CERTIFICATE-----

Log output

Nov 24 19:44:45 host sendmail[14916]: uAP0ijkb014916: from=EMAIL_FROM@gmail.com, size=77, class=0, nrcpts=1, msgid=<201611250044.uAP0ijkb014916@host.DOMAIN.us>, relay=root@localhost
Nov 24 19:44:45 host sendmail[14916]: STARTTLS=client, relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkb014916: to=EMAIL_TO@hotmail.com, ctladdr=EMAIL_FROM@gmail.com (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30077, relay=smtp.gmail.com [IPv6:2607:f8b0:400e:c04::6d], dsn=5.0.0, stat=Service unavailable
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkb014916: uAP0ijkc014916: DSN: Service unavailable
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkc014916: to=EMAIL_FROM@gmail.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30000, relay=smtp.gmail.com, dsn=5.0.0, stat=Service unavailable
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkc014916: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=30000, dsn=5.1.1, stat=User unknown
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkc014916: to=postmaster, delay=00:00:00, mailer=local, pri=30000, dsn=5.1.1, stat=User unknown
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkc014916: uAP0ijkd014916: return to sender: User unknown
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkd014916: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Nov 24 19:44:46 host sendmail[14916]: uAP0ijkc014916: Saved message in /var/lib/sendmail/dead.letter
Nov 24 19:45:01 host sendmail[14940]: uAP0j1VI014940: from=root, size=261, class=0, nrcpts=1, msgid=<201611250045.uAP0j1VI014940@host.DOMAIN.us>, relay=root@localhost
Nov 24 19:45:01 host sendmail[14946]: uAP0j12W014946: from=root, size=264, class=0, nrcpts=1, msgid=<201611250045.uAP0j12W014946@host.DOMAIN.us>, relay=root@localhost

Cretits:

https://www.madboa.com/geek/openssl/#key-removepass

https://linuxconfig.org/configuring-gmail-as-sendmail-email-relay

Edit:

I updated the script to the correct one.

After Andrzej added the suggestion about checking the ca-certs I found the gmail ca-cert and added that in.

Next Andrzej suggested removing " M: LOGIN PLAIN " from echo "AuthInfo:smtp.gmail.com \"U:root\" \"I:EMAIL_FROM@gmail.com\" \"P:ThePwd\" " > ./auth/auth-info and that did it.

Thank again, this was a frustrating one.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Jon C.
  • 101
  • 1
  • 3
  • 1
    I suggest that you do what it told you to do. – Michael Hampton Nov 25 '16 at 01:37
  • @MichaelHampton Thanks for the negative advices. if I saw it, I would not have spent the time to post this... – Jon C. Nov 25 '16 at 02:01
  • You might have. Many people do just that. Indeed, you gave no indication that you've done _anything_ to solve the problem other than paste logs here, or that you even know what the problem is. Please edit your question appropriately. – Michael Hampton Nov 25 '16 at 03:05
  • Haha, again you spend more energy being negative than helpful. This is a help site. "though after hours I am still unable to connect to gmail", that would indicate I spent hours working on it. Plus the credit links would indicate I went through various sites. It's pretty sad you are determined not to help. – Jon C. Nov 25 '16 at 05:36
  • I've been trying to help you this whole time! How you misinterpret it as negative or not helping is a complete mystery. Perhaps you should check your assumptions in addition to making the necessary fixes to your question. – Michael Hampton Nov 25 '16 at 08:34
  • Very possible. I would appreciate your help if you are willing. What do suggest I try? – Jon C. Nov 26 '16 at 07:57

1 Answers1

0

Your problem seems to caused by google's "improved" security.

1) Make sure you have allowed "less secure apps" in your google account setup.
2) Login to your google accounts via web browser and check google's "security warnings". Google "security checks" do produce "false positives" sometimes.

verify=Fail

Debian/Ubuntu check: Have you installed ca-certificates package?
https://launchpad.net/ubuntu/+source/ca-certificates

AnFi
  • 6,103
  • 1
  • 14
  • 27
  • Thank you for the reply. The output is from your testing script, it's excellent .... "Less secure app" is enable, good thought ... I installed the ca-certs to be sure, no difference. I am playing with the google ca-cert. https://support.google.com/a/answer/6180220 – Jon C. Nov 26 '16 at 08:00
  • BTW: **DO NOT** post `AUTH LOGIN` command followup. It is simple to decode. – AnFi Nov 26 '16 at 10:06
  • Bingo! That did it, thank you. -- I will add to the question – Jon C. Nov 27 '16 at 20:47