Sorry, just re-subscripbed after a long absence. Not sure if my original went through, so I'm resending. Sorry if it is a duplicate, I wouldn't have seen any of the early responses....
Once upon a time, I was using a standard, out of the box, sendmail configuration to send email directly from my computer to any other on the internet. Nice.
Then, while RCN was my ISP, RCN decided that home users couldn't send email (something about stopping SPAM) directly to the internat, and all email had to be forwarded through RCN's email servers. Fine, I added:
define(`SMART_HOST',`relay:[smtp.rcn.com]')dnl
to my sendmail.mc file.
Then, later, I switched to Verizon from RCN. I not only had to change the SMART_HOST line to:
define(`SMART_HOST',`relay:[outgoing.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
but I also had to set up /etc/mail/authinfo and add support for it to sendmail.mc:
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
and my /etc/mail/authinfo file looks like:
AuthInfo:outgoing.verizon.net "I:userId" "P:password" "M:PLAIN"
And everything works fine.
NOW: Verizon wants to:
1) change the outgoing server name to smtp.verizon.net 2) change the port from 587 (MSA) to 465 (SMTPS), and 3) require SSL for communication.
Sure, I can change my iPhone settings, and each Thunderbird instance in the house (and it works), but I want to keep the home network using *my* sendmail server for email, and have *IT* forward to Verizon. (Besides, I have a few scripts that want to send a few housekeeping emails without invoking Thunderbird.) I tried the obvious changes, but I think I'm missing something:
define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
This configuration results in "Communication Timed Out with smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs sits in my local mqueue waiting to be delivered.
Can some sendmail guru please point out what I've missed?
Please keep the "switch to another MTA" to yourself. I've been using sendmail at home since 1996!
THANKS!
On Mon, 2013-03-04 at 23:11 -0500, Kevin J. Cummings wrote:
Sorry, just re-subscripbed after a long absence. Not sure if my original went through, so I'm resending. Sorry if it is a duplicate, I wouldn't have seen any of the early responses....
Once upon a time, I was using a standard, out of the box, sendmail configuration to send email directly from my computer to any other on the internet. Nice.
Then, while RCN was my ISP, RCN decided that home users couldn't send email (something about stopping SPAM) directly to the internat, and all email had to be forwarded through RCN's email servers. Fine, I added:
define(`SMART_HOST',`relay:[smtp.rcn.com]')dnl
to my sendmail.mc file.
Then, later, I switched to Verizon from RCN. I not only had to change the SMART_HOST line to:
define(`SMART_HOST',`relay:[outgoing.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
but I also had to set up /etc/mail/authinfo and add support for it to sendmail.mc:
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
and my /etc/mail/authinfo file looks like:
AuthInfo:outgoing.verizon.net "I:userId" "P:password" "M:PLAIN"
And everything works fine.
NOW: Verizon wants to:
- change the outgoing server name to smtp.verizon.net
- change the port from 587 (MSA) to 465 (SMTPS), and
- require SSL for communication.
Sure, I can change my iPhone settings, and each Thunderbird instance in the house (and it works), but I want to keep the home network using *my* sendmail server for email, and have *IT* forward to Verizon. (Besides, I have a few scripts that want to send a few housekeeping emails without invoking Thunderbird.) I tried the obvious changes, but I think I'm missing something:
define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
This configuration results in "Communication Timed Out with smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs sits in my local mqueue waiting to be delivered.
Can some sendmail guru please point out what I've missed?
Please keep the "switch to another MTA" to yourself. I've been using sendmail at home since 1996!
THANKS!
Hi Kevin,
Just to get you started can we confirm connectivity to the server: # host smtp.verizon.net # ping smtp.verizon.net
Then see if you can open a session using telnet on all the ports and run the SMTP hello message: # telnet smtp.verizon.net 25 ehlo hostname # telnet smtp.verizon.net 465 ehlo hostname # telnet smtp.verizon.net 587 ehlo hostname
With these we should be able to judge connectivity and available options on the ports.
Thanks, Michael
On 03/04/2013 11:29 PM, Michael E. Maher wrote:
On Mon, 2013-03-04 at 23:11 -0500, Kevin J. Cummings wrote:
Sorry, just re-subscripbed after a long absence. Not sure if my original went through, so I'm resending. Sorry if it is a duplicate, I wouldn't have seen any of the early responses....
Once upon a time, I was using a standard, out of the box, sendmail configuration to send email directly from my computer to any other on the internet. Nice.
Then, while RCN was my ISP, RCN decided that home users couldn't send email (something about stopping SPAM) directly to the internat, and all email had to be forwarded through RCN's email servers. Fine, I added:
define(`SMART_HOST',`relay:[smtp.rcn.com]')dnl
to my sendmail.mc file.
Then, later, I switched to Verizon from RCN. I not only had to change the SMART_HOST line to:
define(`SMART_HOST',`relay:[outgoing.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
but I also had to set up /etc/mail/authinfo and add support for it to sendmail.mc:
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
and my /etc/mail/authinfo file looks like:
AuthInfo:outgoing.verizon.net "I:userId" "P:password" "M:PLAIN"
And everything works fine.
NOW: Verizon wants to:
- change the outgoing server name to smtp.verizon.net
- change the port from 587 (MSA) to 465 (SMTPS), and
- require SSL for communication.
Sure, I can change my iPhone settings, and each Thunderbird instance in the house (and it works), but I want to keep the home network using *my* sendmail server for email, and have *IT* forward to Verizon. (Besides, I have a few scripts that want to send a few housekeeping emails without invoking Thunderbird.) I tried the obvious changes, but I think I'm missing something:
define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
This configuration results in "Communication Timed Out with smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs sits in my local mqueue waiting to be delivered.
Can some sendmail guru please point out what I've missed?
Please keep the "switch to another MTA" to yourself. I've been using sendmail at home since 1996!
THANKS!
Hi Kevin,
Just to get you started can we confirm connectivity to the server: # host smtp.verizon.net
smtp.verizon.net has address 206.46.232.100
# ping smtp.verizon.net
PING smtp.verizon.net (206.46.232.100) 56(84) bytes of data. ^C --- smtp.verizon.net ping statistics --- 9 packets transmitted, 0 received, 100% packet loss, time 7999ms
I'm not sure what this proves as so many hosts these days are configure to not respond to pings, so they can't be DDOSed via ping.
Then see if you can open a session using telnet on all the ports and run the SMTP hello message: # telnet smtp.verizon.net 25 ehlo hostname
Trying 206.46.232.100... ehlo kjc386 ^C
# telnet smtp.verizon.net 465 ehlo hostname
Trying 206.46.232.100... Connected to smtp.verizon.net. Escape character is '^]'. ehlo kjc386 Connection closed by foreign host.
# telnet smtp.verizon.net 587 ehlo hostname
Trying 206.46.232.100... ehlo kjc386 ^C
With these we should be able to judge connectivity and available options on the ports.
Hope this helps.
Thanks, Michael
Hi,
On Tue, 2013-03-05 at 22:36 -0500, Kevin J. Cummings wrote:
I'm not sure what this proves as so many hosts these days are configure to not respond to pings, so they can't be DDOSed via ping.
Yeah does seem more common now.
Then see if you can open a session using telnet on all the ports and run the SMTP hello message: # telnet smtp.verizon.net 25 ehlo hostname
Trying 206.46.232.100... ehlo kjc386 ^C
This we expect.
# telnet smtp.verizon.net 465 ehlo hostname
Trying 206.46.232.100... Connected to smtp.verizon.net. Escape character is '^]'. ehlo kjc386 Connection closed by foreign host.
# telnet smtp.verizon.net 587 ehlo hostname
Trying 206.46.232.100... ehlo kjc386 ^C
So port 465 is the only one being listened on and will not except anything other than an SSL connection at all, so can't really gain any information.
Sounds like your best bet is to use stunnel. I don't have a reference for sendmail but you could probably adapt the one for postfix[0] pretty trivially. Debian also has a pretty nice write up[1] on this.
Thanks, Michael
[0]http://www.postfix.org/TLS_README.html#client_smtps [1]http://www.debian-administration.org/article/604/Postfix_Smarthost_using_Aut...
On 03/05/2013 09:47 PM, Michael E. Maher wrote:
Sounds like your best bet is to use stunnel. I don't have a reference for sendmail but you could probably adapt the one for postfix[0] pretty trivially. Debian also has a pretty nice write up[1] on this.
There is one other possibility, but it's not quite free. I use Verizon DSL, but I also have my own domain, and I'm able to send all of my outgoing mail through my hosting company's SMTP server using Port 587.
Kevin J. Cummings wrote:
Sorry, just re-subscripbed after a long absence. Not sure if my original went through, so I'm resending. Sorry if it is a duplicate, I wouldn't have seen any of the early responses....
Once upon a time, I was using a standard, out of the box, sendmail configuration to send email directly from my computer to any other on the internet. Nice.
Then, while RCN was my ISP, RCN decided that home users couldn't send email (something about stopping SPAM) directly to the internat, and all email had to be forwarded through RCN's email servers. Fine, I added:
define(`SMART_HOST',`relay:[smtp.rcn.com]')dnl
to my sendmail.mc file.
Then, later, I switched to Verizon from RCN. I not only had to change the SMART_HOST line to:
define(`SMART_HOST',`relay:[outgoing.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
but I also had to set up /etc/mail/authinfo and add support for it to sendmail.mc:
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
and my /etc/mail/authinfo file looks like:
AuthInfo:outgoing.verizon.net "I:userId" "P:password" "M:PLAIN"
And everything works fine.
NOW: Verizon wants to:
- change the outgoing server name to smtp.verizon.net
- change the port from 587 (MSA) to 465 (SMTPS), and
- require SSL for communication.
Sure, I can change my iPhone settings, and each Thunderbird instance in the house (and it works), but I want to keep the home network using *my* sendmail server for email, and have *IT* forward to Verizon. (Besides, I have a few scripts that want to send a few housekeeping emails without invoking Thunderbird.) I tried the obvious changes, but I think I'm missing something:
define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
This configuration results in "Communication Timed Out with smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs sits in my local mqueue waiting to be delivered.
Can some sendmail guru please point out what I've missed?
Please keep the "switch to another MTA" to yourself. I've been using sendmail at home since 1996!
Of course You must not switch to another MTA, sendmail is powerfull and highly configurable! IMO You should have in Your sendmail.mc defined some macros to support SSL/TLS :
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/fhcacert.pem')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/server.crt')dnl define(`confSERVER_KEY', `/etc/pki/tls/private/server.key')dnl
And when things are still bad, /var/log/maillog logs may help. In SSL/TLS problems case, capturing MTA traffic by wireshark (or tcpdump and then analyze .pcap file by wireshark) is usually usefull.
On 03/04/2013 10:11 PM, Kevin J. Cummings wrote:
NOW: Verizon wants to:
- change the outgoing server name to smtp.verizon.net
- change the port from 587 (MSA) to 465 (SMTPS), and
- require SSL for communication.
Sure, I can change my iPhone settings, and each Thunderbird instance in the house (and it works), but I want to keep the home network using *my* sendmail server for email, and have *IT* forward to Verizon. (Besides, I have a few scripts that want to send a few housekeeping emails without invoking Thunderbird.) I tried the obvious changes, but I think I'm missing something:
define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl define(`RELAY_MAILER',`smtps')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
This configuration results in "Communication Timed Out with smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs sits in my local mqueue waiting to be delivered.
The simple answer is that sendmail can't do that by itself as it has no support for client-side SSL. You need to use a program such as _stunnel_ to provide the encryption wrapper. Here is a fedoraproject wiki posting that describes the basics:
https://fedoraproject.org/wiki/Configure_sendmail_as_a_client_for_SMTPs
That's basically what I had running back in 2007 when Comcast didn't allow global access to port 587. I'd post the whole setup that I used, but my old sysVinit script for starting an stunnel service wouldn't be worth much these days
On 03/05/2013 05:45 PM, Robert Nichols wrote:
The simple answer is that sendmail can't do that by itself as it has no support for client-side SSL. You need to use a program such as _stunnel_ to provide the encryption wrapper. Here is a fedoraproject wiki posting that describes the basics:
https://fedoraproject.org/wiki/Configure_sendmail_as_a_client_for_SMTPs
Yeah, I read that. It looks like a start. I already have stunnel installed (for what I can't remember, I thought it was my IPv6 tunnel, but I'm no longer sure), and I have no stunnel process running atm.
That's basically what I had running back in 2007 when Comcast didn't allow global access to port 587. I'd post the whole setup that I used, but my old sysVinit script for starting an stunnel service wouldn't be worth much these days
Try me, my mail server is still running F14....
Awesome! The stunnel trick works!
1) I set up /etc/stunnel/stunnel.conf as in the Fedora Wiki example (I used port 25025).
2) I then ran "stunnel" from root. [I'll have to put that in rc.local before I reboot.]
3) In sendmail.mc, I used: define(`SMART_HOST', `relay:[localhost]') define(`RELAY_MAILER', `smtps') define(`RELAY_MAILER_ARGS', 'tcp $h 25025')
4) Changed my /etc/mail/authinfo file to remove the hostname after AuthInfo:
5) ran make in /etc/mail (this should remake both authinfo.db and sendmail.cf)
6) restarted sendmail
And my first test email got delivered to my ISP address!
Thanks to all for the info.
-- Kevin J. Cummings kjchome@verizon.net cummings@kjchome.homeip.net cummings@kjc386.framingham.ma.us Registered Linux User #1232 (http://www.linuxcounter.net/)
On Mar 5, 2013, at 23:22, "Kevin J. Cummings" cummings@kjchome.homeip.net wrote:
On 03/05/2013 05:45 PM, Robert Nichols wrote:
The simple answer is that sendmail can't do that by itself as it has no support for client-side SSL. You need to use a program such as _stunnel_ to provide the encryption wrapper. Here is a fedoraproject wiki posting that describes the basics:
https://fedoraproject.org/wiki/Configure_sendmail_as_a_client_for_SMTPs
Yeah, I read that. It looks like a start. I already have stunnel installed (for what I can't remember, I thought it was my IPv6 tunnel, but I'm no longer sure), and I have no stunnel process running atm.
That's basically what I had running back in 2007 when Comcast didn't allow global access to port 587. I'd post the whole setup that I used, but my old sysVinit script for starting an stunnel service wouldn't be worth much these days
Try me, my mail server is still running F14....
-- Kevin J. Cummings kjchome@verizon.net cummings@kjchome.homeip.net cummings@kjc386.framingham.ma.us Registered Linux User #1232 (http://www.linuxcounter.net/) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/05/2013 10:22 PM, Kevin J. Cummings wrote:
On 03/05/2013 05:45 PM, Robert Nichols wrote:
https://fedoraproject.org/wiki/Configure_sendmail_as_a_client_for_SMTPs
Yeah, I read that. It looks like a start. I already have stunnel installed (for what I can't remember, I thought it was my IPv6 tunnel, but I'm no longer sure), and I have no stunnel process running atm.
That's basically what I had running back in 2007 when Comcast didn't allow global access to port 587. I'd post the whole setup that I used, but my old sysVinit script for starting an stunnel service wouldn't be worth much these days
Try me, my mail server is still running F14....
OK. I've attached the init.d script for a "mailtunnel" service and the "mailtunnel.conf" file that goes in /etc/mail/. You'll need to adjust the parameters to match the sendmail config that I see you've already got running.
-
Franta Hanzlík -
Joe Zeff -
Kevin Cummings -
Michael E. Maher -
Robert Nichols