sendmail & Verizon

Tue Mar 5 11:15:12 UTC 2013

Kevin J. Cummings wrote:
> Sorry, just re-subscripbed after a long absence.  Not sure if my
> original went through, so I'm resending.  Sorry if it is a duplicate, I
> wouldn't have seen any of the early responses....
> 
> Once upon a time, I was using a standard, out of the box, sendmail
> configuration to send email directly from my computer to any other on
> the internet.  Nice.
> 
> Then, while RCN was my ISP, RCN decided that home users couldn't send
> email (something about stopping SPAM) directly to the internat, and all
> email had to be forwarded through RCN's email servers.  Fine, I added:
> 
>> define(`SMART_HOST',`relay:[smtp.rcn.com]')dnl
> 
> to my sendmail.mc file.
> 
> Then, later, I switched to Verizon from RCN.  I not only had to change
> the SMART_HOST line to:
> 
>> define(`SMART_HOST',`relay:[outgoing.verizon.net]')dnl
>> define(`RELAY_MAILER',`smtps')dnl
>> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> 
> but I also had to set up /etc/mail/authinfo and add support for it to
> sendmail.mc:
> 
>> FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
> 
> and my /etc/mail/authinfo file looks like:
> 
>> AuthInfo:outgoing.verizon.net "I:userId" "P:password" "M:PLAIN"
> 
> And everything works fine.
> 
> NOW:  Verizon wants to:
> 
> 	1) change the outgoing server name to smtp.verizon.net
> 	2) change the port from 587 (MSA) to 465 (SMTPS), and
> 	3) require SSL for communication.
> 
> Sure, I can change my iPhone settings, and each Thunderbird instance in
> the house (and it works), but I want to keep the home network using *my*
> sendmail server for email, and have *IT* forward to Verizon.  (Besides,
> I have a few scripts that want to send a few housekeeping emails without
> invoking Thunderbird.)  I tried the obvious changes, but I think I'm
> missing something:
> 
>> define(`SMART_HOST',`relay:[smtp.verizon.net]')dnl
>> define(`RELAY_MAILER',`smtps')dnl
>> define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
> 
>> AuthInfo:smtp.verizon.net "I:userId" "P:password" "M:PLAIN"
> 
> This configuration results in "Communication Timed Out with
> smtp.verizon.net" or "read error from smtp.verizon.net", and mail justs
> sits in my local mqueue waiting to be delivered.
> 
> Can some sendmail guru please point out what I've missed?
> 
> Please keep the "switch to another MTA" to yourself.  I've been using
> sendmail at home since 1996!

Of course You must not switch to another MTA, sendmail is powerfull
and highly configurable!
IMO You should have in Your sendmail.mc defined some macros to support
SSL/TLS :

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/fhcacert.pem')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/server.crt')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/server.key')dnl

And when things are still bad, /var/log/maillog logs may help.
In SSL/TLS problems case, capturing MTA traffic by wireshark
(or tcpdump and then analyze .pcap file by wireshark) is usually
usefull.