help: using smtp.gmail.com as SMART_HOST
- From: "fg.295224" <fg.295224@xxxxxxxxx>
- Date: 3 Jul 2006 10:45:52 -0700
I apologize in advance for bothering you all, but I am
looking for help, ideally here (in comp.mail.sendmail). If
you know of some web page which covers my precise situation
I will go read it, but I haven't stumbled on one yet.
The overview is that I want to read and write mail on my
linux machine, which is on the Internet via DHCP, at
different places, via different ISPs beyond my control
(think wireless coffee shops). I want to use an email
client of my choice, with my Google gmail address.
Google's help page for "configuring other mail clients"
<http://mail.google.com/support/bin/answer.py?answer=13287>
said their "Incoming Mail (POP3) Server -- requires SSL" and
is pop.gmail.com, using port 995.
Retrieving mail is not the problem since my Google searches
said that fetchmail would retrieve it, and indeed this shell
script works fine. It prompts for my gmail password, then
gets my new mail (and I know a .fetchmailrc works also):
#!/bin/sh
fetchmail \
-p POP3 --ssl -u fg.295224@xxxxxxxxx -k pop.gmail.com
Sending mail is the problem. I want to use sendmail (as a
client, I believe the term is) to send my mail to Google's
gmail server, which will then send it onward for me. (I
want to use sendmail for personal reasons, and am aware that
postfix and many others can also do this sort of thing.)
I made a new Fedora Core 5 partition for testing (yum
updated), so I don't kill something I care about. I have
made few changes to it. (It's still "localhost.localdomain"
as "LOCAL_DOMAIN(`localhost.localdomain')dnl" is in
sendmail.mc.) I am not trying to use it as a "relay"
machine to pass on email other machines send it; I log in to
it and generate my email there and that's fine with me.
Google's help pages didn't have any "sendmail" section (see
http://mail.google.com/support/bin/topic.py?topic=1555), but
the same help page for "configuring other mail clients" said
their "Outgoing Mail (SMTP) Server -- requires TLS" and said
smtp.gmail.com (use authentication)
Use Authentication: Yes
Use STARTTLS: Yes (some clients call this SSL)
Port: 465 or 587
As a proof of concept, I briefly used Thunderbird (on my
FC5) to send mail (to a non-gmail address). I chose "SSL"
in Thunderbird's configuration window and it selected (and
successfully sent to) port 465 (which I had to open up in my
firewall first) at Google. The Google Thunderbird help page
says that "TLS" should also work, as long as you (manually)
select port 587. I presume either port (and thus protocol)
is fine with Google but that's just my GUESS. A footnote
says "Please note that if your client does not support SMTP
authentication, you won't be able to send mail through your
client using your Gmail address." But I'm not sure what
that means. Port 25 is not mentioned on that page at all.
My problem is that I haven't been able to guess (or stumble
upon) whatever settings in sendmail's sendmail.mc file (and
related files, if necessary) will work. Everything I try
(which gets that far) seems to produce a rejection email
back to me, with "530 5.7.0 Authentication Required" in it.
That isn't very specific. So I'm hoping you can help me.
An
rpm -qa | egrep 'sendmail|openssl|cyrus|fetchmail' | sort
tells me (let me know if you need to know another one):
cyrus-sasl-2.1.21-10
cyrus-sasl-devel-2.1.21-10
cyrus-sasl-lib-2.1.21-10
cyrus-sasl-plain-2.1.21-10
fetchmail-6.3.4-0.fc5.1
openssl-0.9.8a-5.2
openssl-devel-0.9.8a-5.2
openssl-perl-0.9.8a-5.2
sendmail-8.13.6-0.FC5.1
sendmail-cf-8.13.6-0.FC5.1
sendmail-doc-8.13.6-0.FC5.1
This was one of the first things I did:
define(`SMART_HOST',`[smtp.gmail.com]')
but it wasn't enough (just by itself).
I started up saslauthd (chkconfig saslauthd on;
/etc/init.d/saslauthd start) since I read in sendmail.mc:
Please remember that saslauthd needs to be running for AUTH
but I don't know if it is really needed for me -- since I
don't know if I need AUTH or not. (Remember, I just want to
send email from my machine to Google, for Google to send
onward. I don't want other machines to be able to connect
to me and send email onward, "relay" their mail, so I don't
know if I need AUTH for what I want to do or not.) Note
also that if saslauthd has any configuration files that I
didn't touch them (and wouldn't know what to do).
I don't see any way to put my gmail name and password into
sendmail's sendmail.mc file, so I'm guessing that they have
to go into some external file, so I have
FEATURE(`authinfo')dnl
I have tried three things in my /etc/mail/authinfo file:
AuthInfo:smtp.gmail.com "U:fg.295224@xxxxxxxxx" "P:myGmailPassword"
AuthInfo:smtp.gmail.com "U:root" "I:fg.295224@xxxxxxxxx"
"P:myGmailPassword"
AuthInfo:smtp.gmail.com "U:fg.295224@xxxxxxxxx"
"I:fg.295224@xxxxxxxxx" "P:myGmailPassword"
but none have worked (at least with whatever sendmail.mc
settings I had at the time). (Since
POSSIBLE += $(shell test -f authinfo && echo authinfo.db)
all: ${CFFILES} ${POSSIBLE} ...
is in /etc/mail/Makefile, whenever I say
make -C /etc/mail && /etc/init.d/sendmail restart
the file /etc/mail/authinfo.db is rebuilt, if needed.)
Do I need some setting of M:type in my authinfo file? If
so, which? And some postings said you have to use a more
specific hostname in the authinfo file, the actual machine's
actual name I guess (which may be "gmail-smtp.l.google.com"
for me). Would that do it? I haven't tried that. (I hate
the thought of defeating DNS by putting in a specific name.)
(I don't run a DNS server; I use what DHCP tells me.)
I have only edited "sendmail.mc" and added "authinfo" in
/etc/mail (plus their two derived files), but all the other
files are the way Fedora/sendmail made them. For instance
access, submit.mc, and trusted-users. The domaintable,
mailertable, and virtusertable files are still zero-length.
I have tried various combinations of
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
and
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5
CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
but I don't really know what I should have to talk to gmail,
and thus which of these (or something else) is needed. (I
know the "dnl" comments the line; I merely mean to show that
I've had those two lines in (separately) or commented out.)
And I don't know the difference between these:
define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_OPTIONS', `A p')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
and so I don't know which one of those three I need -- or if
I even need one of them at all! (The default file has "A".)
And while STARTTLS is mentioned in sendmail.mc there doesn't
seem to be some obvious (to me) command to use it or not.
Yet on some of my attempts I'm using it, since I can then
see (cryptic) references in /var/log/maillog to STARTTLS.
Maybe it's somehow turned on or off by the presence or
absence of "certificates" or "keys" in sendmail.mc? For
instance
cd /usr/share/ssl/certs; make sendmail.pem
is in sendmail.mc, so I have been there and done that (as
the saying goes), but in the modern (or FC5) place:
cd /etc/pki/tls/certs; make sendmail.pem
There are lots of postings about "certificates" or "keys" on
the Internet, and since I don't really understand them I
just try various things (but none have worked).
Do I need a "sendmail.pem" (or "sendmail.crt" whatever the
difference is) to send to smtp.gmail.com? That is, maybe
it's only needed for "AUTH relaying" (whatever that is) and
I need "STARTTLS" instead? Or maybe it's only needed for
"STARTTLS" (whatever that is) and I need "AUTH relaying"
instead? Maybe I only need
define(`confCLIENT_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
and not
define(`confSERVER_CERT',`/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY',`/etc/pki/tls/certs/sendmail.pem')dnl
also? I also tried various things like
define(`confSERVER_CERT',`/etc/pki/tls/certs/localhost.crt')dnl
define(`confSERVER_KEY',`/etc/pki/tls/private/localhost.key')dnl
(or the CLIENT names) but they didn't seem to do it either.
Or maybe my problem was not the presence or absence of a
"certificate" or a "key" but rather what was in them
instead? Does it really matter what the answers to the
questions are? Some web postings say to put your name or
your machine's name in specific answers, yet others don't.
(What if mine doesn't have a name? Not an official one.)
Some say a "certificate" must be signed by a "certificate
authority" (CA) but others don't. I haven't the slightest
idea. (I saw lots of references to the "CA.pl" perl script,
but it took me a while to learn that it was in openssl-perl
(nearly alone in there), so I downloaded that package too.)
I find it hard to imagine that Google will force every user
who wants to use POP/SMTP clients to connect to their server
to buy a real certificate, say from VeriSign or Thawte. If
certificates are needed I'm guessing that "self-signed" ones
will do (or else the real "bundle" which is already there).
My (SSL) "fetchmail" just worked; I didn't make anything.
By the way, I can manually telnet to smtp.gmail.com on ports
25, 465, and 587, so nothing is being blocked by any ISP (at
least when I tested by doing the telnets).
I only twice tried to change sendmail.mc so that it goes to
some specific port at smtp.gmail.com (once 465, once 587).
For one thing, I'm not sure of the syntax. For instance, in
define(`RELAY_MAILER_ARGS',`TCP $h 587')dnl
what does the "$h" do/mean? Do I need it? Or do I want
define(`ESMTP_MAILER_ARGS',`TCP $h 587')dnl
instead? (And do I want
define(`SMART_HOST',`relay:[smtp.gmail.com]')
instead of the basic one?) Or do I want
define(`RELAY_MAILER_ARGS',`TCP $h 465')dnl
instead?
But I am also wondering if the specific port directive is
needed, since the "well-known ports" are perhaps already
implicitly specified, once I (somehow) specify the protocol.
(Not that I know how to do that either.)
Well, this is an overlong posting already, so I don't plan
to add to it, like by posting /var/log/maillog extracts.
But I will post anything you specifically ask to see, or the
contents of the maillog after some specific change you tell
me to make, that sort of thing.
I am really really hoping that one of you will understand
what Google is saying about incoming SMTP connections
<http://mail.google.com/support/bin/answer.py?answer=13287>
and will be able to tell me what to do, what set of things I
need to enable or create (or edit). I am stumbling around
in the dark, since I don't really know sendmail (or the
related protocols), but I'm hoping that the answer is there
and reasonably obvious to one of you sendmail wizards.
In any case I want to thank you very much for taking the
time to read this. I apologize again for its length, but I
didn't know what might matter and what doesn't.
Thank you.
=========================================================
Appendix 1, the unedited (Fedora Core 5) sendmail.mc file
(from "grep -v '^dnl' /etc/mail.orig/sendmail.mc"):
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
.
- Prev by Date: Re: Sendmail AUTH with sasl2 RHEL4
- Next by Date: Re: filter relay based on recipient address
- Previous by thread: help: using smtp.gmail.com as SMART_HOST
- Next by thread: Stats comp.mail.sendmail (last 7 days)
- Index(es):
Relevant Pages
|
