Sendmail Configuration SMTP Relay Port 465

I am trying to setup a Ubuntu VM with sendmail (LAMP) and I cannot seem to get sendmail to actually send anything. I have read that I need to setup a SMTP relay to a valid domain name, which I have (not Gmail).

Here are the steps that I am taking (as root):

apt-get install sendmail mailutils
cd /etc/mail
mkdir auth
chmod 700 auth
vi auth/client-info
    AuthInfo:mail.<mydomain.net> "U:user" "I:user" "P:password"
    TLS_Srv:mail.<mydomain.net> ENCR:128
makemap hash auth/client-info < auth/client-info
chmod 600 auth/client-info
vi sendmail.mc
    After MAILER_DEFINITIONS:
    Add define(`SMART_HOST',`mail.<mydomain.net>')dnl
    define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
    FEATURE('authinfo','hash /etc/mail/auth/client-info')dnl
m4 sendmail.mc > sendmail.cf

When I test it, I do

(echo subject: test; echo ) | sendmail -v -i -Am -- myaddress@gmail.com

and it seems like it hangs on this without doing anything.

In my error log, /var/log/mail.err I have the following:

Mar 24 09:40:01 webDev sm-msp-queue[15397]: My unqualified host name (webDev) unknown; sleeping for retry
Mar 24 09:41:01 webDev sm-msp-queue[15397]: unable to qualify my own domain name (webDev) -- using short name

The only thing that I cannot figure out is how to use a different port since the server is setup to use port 465. Connection security is SSL/TLS and plaintext password.

What am I missing to get this configuration working?

EDIT: I have changed /etc/hosts and set my computername to a FQDN and it no longer seems like it is hanging.

I now have a problem "Deferred: Connection refused by " Using Wireshark I have found the packets being sent to mail. are on port 25. An Nmap scan of mail. port 25 as closed.

mightymouse3062

Posted 2013-03-24T13:44:33.777

Reputation: 33

Answers

At this point I have abandoned the idea of using my host as a sendmail relay and moved over to using Gmail.

I found a bunch of sites that helped get it configured. I have tested this on Ubuntu and CentOS... I hope it can be of some help to someone.

apt-get update

vi /etc/hostname
# Enter valid FQDN name

apt-get install sendmail sendmail-cf sasl2-bin

cd /etc/mail
mkdir certs
chmod 700 certs/
cd certs/

openssl dsaparam 1024 -out dsa1024.pem
openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out /etc/mail/certs/mycert.pem -

keyout /etc/mail/certs/mykey.pem
# Enter "US" for Country Name (Can leave everything else blank)

openssl req -x509 -new -days 3650 -key /etc/mail/certs/mykey.pem -out 

/etc/mail/certs/mycert.pem
# Enter "US" for Country Name (Can leave everything else blank)

ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem
chmod 600 /etc/mail/certs/*

cd ..
mkdir auth
chmod 700 auth/

vi auth/client-info

content:

AuthInfo:smtp.gmail.com "U:root" "I:<emailAddress>@gmail.com" "P:password"
AuthInfo: "U:root" "I:<emailAddress>@gmail.com" "P:password"

then,

makemap -r hash /etc/mail/auth/client-info.db < /etc/mail/auth/client-info

vi sendmail.mc

Above "MAILER(local)dnl" Add:

dnl #
dnl # SSL Settings
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/CAcert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
dnl #
dnl # GMAIL FORWARDING
define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl

afterwards,

m4 sendmail.mc > sendmail.cf

service sendmail stop

service sendmail start

(echo subject: test; echo ) | /usr/sbin/sendmail -v -i -Am -- email@domain.com

mightymouse3062

Posted 2013-03-24T13:44:33.777

Reputation: 33

My unqualified host name (X) unknown; sleeping for retry

Set your host Fully Qualified Domain Name (Hostname+domain_name)

Use hostname for quick fix, edit /etc/hostname for permanent change.

Less preffered option:
If you merely want to make sendmail happy then follow sendmail's "Who Am I?" (define confDOMAIN_NAME) in both sendmail.mc and subit.mc, recompile them to *.cf files.

AnFi

Posted 2013-03-24T13:44:33.777

Reputation: 771

How would I do that if I don't have a domain name defined locally? – mightymouse3062 – 2013-03-24T17:32:14.457

You can get free DNS domain at e.g. https://freedns.afraid.org/ or https://account.dyn.com/entrance/ and most likely MANY more OR use rDNS name set by your ISP if your hosts uses static public IP address.

– AnFi – 2013-03-24T17:55:40.490

Forcing encrypted outgoing SMTP (for plain text AUTH)

mail.mouseware.net (Exim) litens on port 25 (smtp) and 465 (smtps). It offers STARTTLS on port 25. STARTTLS turns unencrypted connection in encrypted one.

You force sendmail to always use STARTTLS on SMTP connections to mail.mouseware.net.
Use the following access table entry:

TLS_Srv:mail.mouseware.net ENCR:128

ENCR:128 - require 128 bits encryption without server cerificate verification
VERIFY:128 - require 128 bits encryption with server cerificate verification

To test it execute as root command below:
(echo subject: test; echo ) | sendmail -v -i -Am -- john.doe@example.net

P.S. Sendmail can easily handle incoming SMTPS connections, outgoing connections are harder to configure. In cases when access to port 25 is blocked sendail may be configured to contact port 587 (SMTP for submission by clients).

AnFi

Posted 2013-03-24T13:44:33.777

Reputation: 771

I have changed my auth/client-info file (see above) and I am now getting the error "Deferred: Connection refused by mouseware.net.". – mightymouse3062 – 2013-03-25T20:49:54.617

Use the test command provided in the answer. – AnFi – 2013-03-25T22:05:17.887

I apologize, should have clarified... when I run the test command, that is the error I receive. – mightymouse3062 – 2013-03-25T23:20:30.707

Can you get SMTP greeting? telnet mail.mouseware.net 25 – AnFi – 2013-03-26T07:10:55.617

No, I receive the error "telnet: Unable to connect to remote host: Connection timed out" for "telnet mail.mouseware.net 25" – mightymouse3062 – 2013-03-26T11:31:07.740

Can you telnet smtps port? telnet mail.mouseware.net 465 You will get no smtp greeting message unless your telnet supports SSL. Debian's telnet-ssl package supports SSL. – AnFi – 2013-03-26T11:48:15.083

Yes, port 465 works. – mightymouse3062 – 2013-03-26T21:37:51.897