How to configure sendmail for relaying mail over port 587 using authentication.

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5.1

Issue

  • Need to setup sendmail host to relay SMTP to ISP domain. Received the following error while testing a mail delivery :

    user@xxxx.com... Connecting to smtp.<hostname>.com. via relay
    user@xxxx.com... Deferred: Connection reset by smtp.xxxx.com.
    

Port 25 is blocked at mail server, it only accepts port 587.

Setup requirement in this server is,

  • This server (Local sendmail server) will receive mails from internal application (SAP) via port 25.
  • After receiving the mail from application, this server should relay the mail to the ISP which is smtp.XXX.com.
  • The local sendmail server should only do mail forwarding from application.

Resolution

  • The following line needs to be commented:

    "DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl"
    

Since the local sendmail is listening to port 25 and the ISP mail server needs port 587 for authentication. It would have been needed only when local domain was also required to authenticate. Please go through these steps correctly to configure smtp to sendmails with authentication over mail server.

  • Go to /etc/mail/  directory

    # cd /etc/mail
    
  • Create a directory

    # mkdir auth
    # chmod 700 auth
    
  • Create a file with the authentication information (example authinfo)

    # vim /etc/mail/auth/authinfo
    add following line and save:
    AuthInfo:smtp.isp-server.com "U:root"   Ï:user"   "P:password"   "M:PLAIN"
    

         Replace smtp.example.com with the hostname of your ISP and also specify valid username and password in USERNAME and PASSWORD fields.

  • Create the authentication database and make both files readable only by root:

    # cd /etc/mail/auth
    # makemap hash authinfo < authinfo
    # chmod 600 authinfo*
    
  • Modify the following lines in /etc/mail/sendmail.mc file as shown below:

    define(`SMART_HOST',`smtp.isp-server.com')dnl
    define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
    FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
    
  • Restart sendmail service:

    # service sendmail restart
    
    
    
    There is default "FEATURE(`authinfo',`Hash -o /etc/mail/authinfo.db')dnl" option available in sendmail.mc file.
         please comment or remove this line.
    
  • Make sure that "authinfo" file has correct permissions.

  • Check the duplicate entries by

    # less etc/mail/sendmail.mc | grep authinfo
    
    
    # less etc/mail/sendmail.mc | grep SMART_HOST
    
    
    # less etc/mail/sendmail.mc | grep confAUTH_MECHANISMS
    
  • To test the authentication, send an email to remote MTA using following command:

    # sendmail -Am -v -t 
    To: email@remote-domain.com
    From: root@localdomain.com
    Subject: Test
    
    Please ingore 
    Ctrl+D
    
    
    email@remote-domain.com
    ... Connecting to remote-domain.com. via relay...
    220 remote-domain.com ESMTP Sendmail 8.13.1/8.13.1; Tue, 11 May 2010 17:08:03 +0530
    >>> EHLO localdomain.com
    250-remote-domain.com Hello localdomain.com [IP-of-localdomain], pleased to meet you
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-8BITMIME
    250-SIZE
    250-DSN
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-DELIVERBY
    250 HELP
    >>> AUTH LOGIN
    334 VXNlcm5hbWU6
    >>> dGVzdEBkaGNwMjExLTIzLmdzc2xhYi5wbnEucmVkaGF0LmNvbQ==
    334 UGFzc3dvcmQ6
    >>> eA==
    235 2.0.0 OK Authenticated       <<--------- This is important if authentication is not successful then it will say "authentication failure" and email will not be delivered. 
    >>> MAIL From:< root@localdomain.com> SIZE=100 AUTH= root@domain-name-of-A
    250 2.1.0 < root@localdomain.com>... Sender ok
    >>> RCPT To:< email@remote-domain.com>
    >>> DATA
    250 2.1.5 < email@remote-domain.com>... Recipient ok
    354 Enter mail, end with "." on a line by itself
    >>> .
    250 2.0.0 o4BBc3Ce014542 Message accepted for delivery
     email@remote-domain.com... Sent (o4BBc3Ce014542 Message accepted for delivery)
    Closing connection to remote-domain.com.
    >>> QUIT
    

For more details on authentication refer follwing Kbase link:

How to configure sendmail to use a remote smtp server that requires authentification and how to test authentication? -- https://access.redhat.com/kb/docs/DOC-66304

Root Cause

  • Incomplete configuration of smtp server. Local server was not configured to provide authentication details to connect over port 587.

Diagnostic Steps

  • Its better first solve any probable network issue before going further. So check if mail server accepts connection over port 25.
  • Does it require any authentication before connecting to local smtp server. If authentication is required, please get all detail credentials.

  • Also check whether local server is allowed to accept mails from specified domain.

  • Make sure DNS and reverse DNS are configured and working properly.
  • Try sending mails using telnet, check whether it works fine.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.