Loading...
 
Send a link

Sendmail



MX list for confighell.com. points back to home.confighell.com

This happend to me on a host because my mail server (mail.relay.dk) is running inside a jail (confighell.com) on the same host (home.confighell.com).

The jails can easily mail the mail jail, but the host install kept getting this error.

Mar 18 14:56:35 home sm-mta[55112]: n2IDuZFJ055110: SYSERR(root): MX list for confighell.com. points back to home.confighell.com
Mar 18 14:56:35 home sm-mta[55112]: n2IDuZFJ055110: n2IDuZFJ055112: DSN: MX list for confighell.com. points back to home.confighell.com


The solution is fairly simple. Just edit the file /etc/mail/mailertable

confighell.com smtp:[10.1.2.3]

Where 10.1.2.3 is the IP of the mail jail.

Then run
make all install && /etc/rc.d/sendmail restart


Sendmail SMTP AUTH


Install from ports

cd /usr/ports/security/cyrus-sasl2
* Remember to check "PLAIN" (since we enable TLS soon, it's OK)
make install

cd /usr/ports/security/cyrus-sasl2-saslauthd
make install

cd /usr/ports/mail/sendmail-sasl
* Remember to check "TLS" and "SASL2".
make install


Generate self-signed SSL certificate

openssl req -new -x509 -nodes -out /etc/ssl/certs/sendmail.pem -keyout /etc/ssl/certs/sendmail-key.pem -days 1825


Insert lines in /etc/mail/hostname.mc

dnl SASL
TRUST_AUTH_MECH(`LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN GSSAPI EXTERNAL DIGEST-MD5 CRAM-MD5')dnl

dnl SSL
define(`confCACERT_PATH', `/etc/ssl/certs')dnl
define(`confCACERT',      `/etc/ssl/certs/sendmail.pem')dnl
define(`confSERVER_CERT', `/etc/ssl/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/ssl/certs/sendmail.pem')dnl
define(`confSERVER_KEY',  `/etc/ssl/certs/sendmail-key.pem')dnl
define(`confCLIENT_KEY',  `/etc/ssl/certs/sendmail-key.pem')dnl


Stop sendmail

/etc/rc.d/sendmail stop


Insert lines in /etc/rc.conf

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
saslauthd_enable="YES"


Start AUTH daemon and new sendmail (from ports)

/usr/local/etc/rc.d/saslauthd start
/usr/local/etc/rc.d/sendmail.sh start


Cyrus-SASL2


Get latest version from:

ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/(external link) (found at http://asg.web.cmu.edu/cyrus/download/)(external link)

Install

# tar zxf cyrus-sasl-2.1.21.tar.gz
# cd cyrus-sasl-2.1.21
# ./configure --with-dblib=gdbm --enable-krb4=no --enable-gssapi=no --enable-login --enable-plain
# make
# make install
# ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
# mkdir -p /var/state/saslauthd


Make file /usr/local/etc/rc.d/saslauthd.sh
#!/bin/sh
/usr/local/sbin/saslauthd -a getpwent -n 20


Make file /var/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd


chmod it:
chmod 755 /usr/local/etc/rc.d/saslauthd.sh


run it:
/usr/local/etc/rc.d/saslauthd.sh


Time to patch devtools/Site/site.config.m4 (inside sendmail src root)
APPENDDEF(`confENVDEF', `-DSASL=2 -DHASURANDOMDEV')
APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -lcrypto -lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl2')
APPENDDEF(`confINCDIRS', `-I/usr/local/include')


Patch sendmail.mc:
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl


Recompile sendmail.mc (see file INSTALL in sendmail src)

Restart sendmail
killall -HUP sendmail


Hints


Encode/decode string to use for authentication (auth/sasl)
$ echo "A String" | mmencode
QSBTdHJpbmcK
$ echo "QSBTdHJpbmcK"|mmencode -u
A String


Test

telnet localhost 25
ehlo you
auth login
334 VXNlcm5hbWU6
<enter encoded username>
334 UGFzc3dvcmQ6
<enter encoded password>
235 2.0.0 OK Authenticated
mail from:test@domain.tld
rcpt to:test2@domain.tld
data
test
.
quit


How to remove a specific e-mail address from the mail queue

cd /var/spool/mqueue
find . -name "[d,q,Q,D]f*" -exec grep -nil "email@address.tld" {} \; | xargs rm


Error messages and handling

http://www.unix.org.ua/orelly/networking/sendmail/ch23_03.htm(external link)

Links

http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls/(external link)