/var/net/sys/admin/blog
| More

1. Wonder why you can’t send email from your linux server?

2. Is your mail server or 3rd party email hosting provider requires authentication for your outgoing server to send out emails successfully?

3. Are you using a default sendmail email client on your linux box and wonder why your getting maillog errors such as this:

——-sample sendmail maillog error from my nagios server—————
Oct  2 17:03:54 nms sendmail[25657]: n9293qiw025655: to=<nagios@freelinuxtutorials.com>,

ctladdr=<root@nms.freelinuxtutorials.com> (0/0), dela0928, relay=smtp.freelinuxtutorials.com.

[216.200.145.17], dsn=5.1.1, stat=User unknown
Oct  2 17:03:54 nms sendmail[25657]: n9293qiw025655: n9293siw025657: DSN: User unknown
Oct  2 17:03:54 nms sendmail[25657]: n9293siw025657: to=<root@nms.freelinuxtutorials.com>,

delay=00:00:00, xdelay=00:00:00, mailer=local
Oct  2 17:07:24 nms sendmail[25953]: n9297NHS025953: from=root, size=0,, nrcpts=0,

relay=root@localhost
Oct  2 17:08:22 nms sendmail[26153]: n9298Ml4026153: from=nagios, size=462,, nrcpts=1,

msgid=<200910020908.n9298Ml4026153@
Oct  2 17:08:22 nms sendmail[26154]: n9298Me6026154: from=<nagios@nms.freelinuxtutorials.com>, size=720,

class=0, nrcpts=1, msgid=<20091oto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] (may be forged)

——————————————

4. Is your Sendmail as your default MTA cannot send out emails to a mail server authenticated SMTP?

If you have these four(4) issues, then you need to set your Sendmail as SMTP AUTH client

Here’s how to do it:

1. On a RPM based distro such as Fedora, CentOS or RHEL, the default locations of sendmail configuration

files are in /etc/mail.

Important config files as follow:
a. sendmail.cf
b. sendmail.mc
c. access
d. authinfo
e. trusted users
f. mailertable
g. virtusertable

Issue the command :

[root@nms mail]# sendmail -d0.1 -bv
Version 8.14.3
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = nms
(canonical domain name) $j = nms.freelinuxtutorials.com
(subdomain name) $m = freelinuxtutorials.com
(node name) $k = nms.freelinuxtutorials.com
========================================================

Recipient names must be specified

As you can see above, your sendmail have SASL and STARTTLS, which are requirement for client usage

2. Add an MX record lookup on your sendmail.mc config for the smart host
Ex:

define(`SMART_HOST’, `smtp.freelinuxtutorials.com’)

This is to define specifically the SMTP server you want your server to communicate with

3. Configure sendmail.mc for “authinfo”.

FEATURE(`authinfo’,`hash /etc/mail/authinfo.db’)

4. Configure lines in the sendmail.mc if there’s certificate related entries (Optional). You can just
take out the  “dn1” prefix to uncomment

dnl define(`confCACERT_PATH’, `/etc/pki/tls/certs’)dnl
dnl define(`confCACERT’, `/etc/pki/tls/certs/ca-bundle.crt’)dnl
dnl define(`confSERVER_CERT’, `/etc/pki/tls/certs/sendmail.pem’)dnl
dnl define(`confSERVER_KEY’, `/etc/pki/tls/certs/sendmail.pem’)dnl

5. You can leave this as default if it is not required
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
dnl define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

6. Configure an “authinfo”, the credentials to login should be define here.
Let say you have an email address
darwin@freelinuxtutorials.com with password “iwashere”, then line should look like this

AuthInfo:smtp.freelinuxtutorials.com “U:nagios” “I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN

PLAIN”

7. Make the authinfo.db by invoking this command

makemap hash /etc/mail/authinfo < /etc/mail/authinfo

8. the command “m4” should be use to create sendmail.cf from a modified sendmail.mc config, such as this

m4 sendmail.mc > sendmail.cf

9. Restart sendmail service

service sendmail restart

or

/etc/init.d/sendmail restart

10. Check your logs (/etc/maillog) or (/var/log/maillog) to see for errors or warnings. You can use tail command to see the output

#tail -f /var/log/maillog

Testing:

1. Run a map test to verify that the authinfo db is correctly setup and being address to sendmail config

[root@nms mail]# echo ‘/map authinfo AuthInfo:smtp.freelinuxtutorials.com’ | /usr/sbin/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> map_lookup: authinfo (AuthInfo:smtp.freelinuxtutorials.com) returns “U:nagios”

“I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN PLAIN” (0) >

2. Send a test mail and check the logs.

A successful log as follows:

Oct  2 17:10:02 nms sendmail[26348]: n929A23w026348: to=nagios@freelinuxtutorials.com, ctladdr=nagios

(502/502), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30477, relay=[127.0.0.1] [127.0.0.1],

dsn=2.0.0, stat=Sent (n929A2BT026349 Message accepted for delivery)

Extra tip: You can set your SMTP log level to 20 for debugging purposes
in sendmail.mc:

define(`confLOG_LEVEL’, `20′)dnl

A sample log will give something like this:

11:17:21 totsp sendmail[27587]: n1338jTQ388214: MAIL From: SIZE=29 AUTH=root@nms.freelinuxtutorials.com

Just drop a comment if you have clarifications. Enjoy!

Share

7 Responses to “Configure Sendmail for SMTP Authentication”

  1. sendmail client with AUTH - The UNIX and Linux Forums

    on February 7 2012

    […] The smtp server need SMTP AUTH in order to send email with SMTP. I configure and follow this link . Sendmail as SMTP Authentication | Free Linux Tutorials I try to send email using sendmail to this smtp server but failure with AUTH . [root@localhost […]

  2. mahi

    on April 6 2012

    I have facing issue of dsn=5.6.0, stat=Data format error
    Apr 6 15:40:19 sendmail[15823]: q36AAH8l015821: q36AAJ8l015823: DSN: Data format error.

    Why such error come.

    Any pointers will be helpful.

    Thanks,
    Mahesh Shinde.

  3. freelinu

    on April 7 2012

    hi mahi,
    this error somehow tells that the source has an invalid domain name
    mostly that error is related to DNS…
    pls. check your /etc/hosts file or DNS 🙂

  4. Linux Topics – Tutorials « Zeeshan Ahmad Bhatti

    on December 29 2012

    […] Configure Sendmail for SMTP Authentication […]

  5. Horatio

    on April 7 2013

    I’ve had authenticated mail working with my mail provider for a while.
    Recently, the mail provider has introduced SSL in conjunction with the existing authentication.
    Do you have any experience of configuring this? I’ve tried what seems like umpteen setups and still no joy. I’m currently getting a ‘dsn 5.1.1 – user unknown’.
    I’m running Fedora 16, and sendmail has SSL compiled in.

    Any thoughts on what the config should look like?

  6. sachin

    on May 7 2013

    Hi,

    Is it possible to use authentication via client certificates only and not using username/password?

    Is it possible?

    regards

  7. sachin

    on May 7 2013

    Why do we need the authinfo when we are using the certificates for authentication?

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

 

About FLT

This site is dedicated to everyone who likes to learn and explore the beautiful world of Linux. If you have comments and suggestions, please feel free to email at freelinuxtutorials@gmail.com. I am happy to serve and share things esp. that is free and enjoyable as Linux.