Re: [OT] sendmail relay to gmail smtp server

To: debian-user@lists.debian.org
Subject: Re: [OT] sendmail relay to gmail smtp server
From: Scott Ferguson <prettyfly.productions@gmail.com>
Date: Tue, 27 Dec 2011 14:46:29 +1100
Message-id: <[🔎] 4EF93F95.7040800@gmail.com>
In-reply-to: <[🔎] 874nwm8zx2.fsf@newsguy.com>
References: <[🔎] 874nwm8zx2.fsf@newsguy.com>

On 27/12/11 14:19, Harry Putnam wrote:
> First let me say, I'm not interested in switching mta's.
> 
> I want to use gmails' smtp server as Smart Host for my single user
> debian box running sendmail-8.14.4
> 
> I'm hooked up to an ISP called direcpath.tv in Atlanta that uses gmail
> smtp servers for its clients with addresses like reader@direcpath.tv
> 
> They have terrible to non-existent support and no support of linux/sendmail
> 
> They use smtp.gmail.com But before I get into the extra complication
> of their direcpath.tv overlay, and since I do have a normal gmail
> account I thought I'd first try to get the authentication for smtp
> working for that username.  hputnam3@gmail.com
> 
> So after dozens of small edits and restarts and makemaps ... cutting
> to the chase:
> 
> /etc/mail/authinfo
> 
> (password obfuscated)
> ,----
> | Athinfo:smtp.gmail.com "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: LOGIN PLAIN"
> | Athinfo:smtp.gmail.com:587 "U:root" "I:hputnam3@gmail.com" "P:??XX??" "M: LOGIN PLAIN"
> `----
> 
> -------        ---------       ---=---       ---------      -------- 
> 
> And I think what are the most relevant sendmail.mc settings (the whole
> *mc is inlined at the end).
> 
> /etc/mail/sendmail.mc
> 
> ,----
> | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> | define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> | 
> | FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl 
> | 
> | define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> | TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> | 
> | define(`SMART_HOST',`smtp.gmail.com')dnl
> `----
> 
> (And for the record, I did try bracketing the Smart Host like:
>  define(`SMART_HOST',`[smtp.gmail.com]')dnl)
> 
> I have some old masquerade settings that I doubt are causing a
> problem. I do have an account with them too.  I think the error would
> be different if they were causing problems, but here those are:
> 
> (Note, that removing those only gets the same error messages)
> ,----
> | MASQUERADE_AS(`newsguy.com')dnl
> | FEATURE(`allmasquerade')dnl
> | FEATURE(`masquerade_envelope')dnl
> | dnl # [HP 111006_211813  Testing local_no_masquerade #]dnl
> | FEATURE(`local_no_masquerade')dnl
> `----
> 
> -------        ---------       ---=---       ---------      -------- 
> 
> Relevant verbose smtp logs:
> ,----
> | 050 >>> EHLO reader.local.lan
> | 050 250-mx.google.com at your service, [65.50.57.227]
> | 050 250-SIZE 35882577
> | 050 250-8BITMIME
> | 050 250-AUTH LOGIN PLAIN XOAUTH
> | 050 250 ENHANCEDSTATUSCODES
> | 050 >>> MAIL From:<reader@newsguy.com> SIZE=563 AUTH=<>
> | 050 530-5.5.1 Authentication Required. Learn more at                              
> | 050 530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 py4sm63515568igc.2

                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^

> `----
> 
> The `learn more' address give just above is not all that helpfull.

It's the line above it that's relevant (the "learn more" is for the same
situation in a MUA - not SendMail).

You don't show your authentication settings eg.:-
define(`CERT_DIR’, `/etc/mail/certs’)
define(`confCACERT_PATH’, `CERT_DIR’)
define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)
define(`confCRL’, `CERT_DIR/ca-bundle.crt’)
define(`confSERVER_CERT’, `CERT_DIR/sendmail.pem’)
define(`confSERVER_KEY’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_CERT’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_KEY’, `CERT_DIR/sendmail.pem’)


> 
> -------        ---------       ---=---       ---------      -------- 
> 
> I think these are the sendmail logs that contain the relevant error:
> 
> (I'm not sure if the `verify=FAIL' means what it suggests)

I suspect it means exactly what it says.....


> 
> ,----
> | Dec 26 21:41:38 reader sm-mta[24243]: STARTTLS=client,
> | relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=FAIL,
> | cipher=RC4-SHA, bits=128/12
> | 
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243:
> |   to=<reader@newsguy.com>, ctladdr=<reader@reader.local.lan>
> |   (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30563,
> |   relay=smtp.gmail.com [209.85.225.109], dsn=5.0.0, 
> |   stat=Service unavailable
> | 
> | Dec 26 21:41:38 reader sm-mta[24243]: pBR2fbLX024243: pBR2fbLY024243: DSN: Service unavailable
> `----
> 
> -------        ---------       ---=---       ---------      -------- 
> 
> Full sendmail.mc
> 
> divert(-1)dnl
> divert(0)dnl
> define(`_USE_ETC_MAIL_')dnl
> include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
> VERSIONID(`$Id: current.mc,v 1.13 2011/12/26 17:38:01 reader Exp $')
> OSTYPE(`debian')dnl
> DOMAIN(`debian-mta')dnl
> undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
> 
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> 
> FEATURE(`authinfo', `hash /etc/mail/authinfo')dnl 
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> define(`SMART_HOST',`smtp.gmail.com')dnl
> FEATURE(`access_db',`hash -T<TMPF> /etc/mail/access.db')dnl
> 
> FEATURE(`no_default_msa')dnl
> DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
> DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
> define(`confPRIVACY_FLAGS', `needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
> define(`confCONNECTION_RATE_THROTTLE', `15')dnl
> define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
> FEATURE(`use_cw_file')dnl
> FEATURE(`greet_pause', `1000')dnl 1 seconds
> FEATURE(`delay_checks', `friend', `n')dnl
> define(`confBAD_RCPT_THROTTLE',`3')dnl
> FEATURE(`conncontrol', `nodelay', `terminate')dnl
> FEATURE(`ratecontrol', `nodelay', `terminate')dnl
> include(`/etc/mail/m4/dialup.m4')dnl
> include(`/etc/mail/m4/provider.m4')dnl
> 
> FEATURE(`always_add_domain')dnl
> MASQUERADE_AS(`newsguy.com')dnl
> FEATURE(`allmasquerade')dnl
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`local_no_masquerade')dnl
> 
> EXPOSED_USER(`root')dnl
> 
> MAILER_DEFINITIONS
> MAILER(`local')dnl
> MAILER(procmail)dnl
> MAILER(`smtp')dnl
> 
> 


Please post your cert (pem) settings.




Cheers

-- 
Iceweasel/Firefox extensions for finding answers to Debian questions:-
https://addons.mozilla.org/en-US/firefox/collections/Scott_Ferguson/debian/

Reply to:

Follow-Ups:
- Re: [OT] sendmail relay to gmail smtp server
  - From: Harry Putnam <reader@newsguy.com>

References:
- [OT] sendmail relay to gmail smtp server
  - From: Harry Putnam <reader@newsguy.com>

Prev by Date: Re: OT programming languages/ systems for advanced applications on Linux
Next by Date: Common Lisp (was: OT programming languages/ systems for advanced applications on Linux)
Previous by thread: [OT] sendmail relay to gmail smtp server
Next by thread: Re: [OT] sendmail relay to gmail smtp server
Index(es):
- Date
- Thread