Configure Sendmail for SMTP Authentication

1. Wonder why you can’t send email from your linux server?

2. Is your mail server or 3rd party email hosting provider requires authentication for your outgoing server to send out emails successfully?

3. Are you using a default sendmail email client on your linux box and wonder why your getting maillog errors such as this:

——-sample sendmail maillog error from my nagios server—————
Oct  2 17:03:54 nms sendmail[25657]: n9293qiw025655: to=<nagios@freelinuxtutorials.com>,

ctladdr=<root@nms.freelinuxtutorials.com> (0/0), dela0928, relay=smtp.freelinuxtutorials.com.

[216.200.145.17], dsn=5.1.1, stat=User unknown
Oct  2 17:03:54 nms sendmail[25657]: n9293qiw025655: n9293siw025657: DSN: User unknown
Oct  2 17:03:54 nms sendmail[25657]: n9293siw025657: to=<root@nms.freelinuxtutorials.com>,

delay=00:00:00, xdelay=00:00:00, mailer=local
Oct  2 17:07:24 nms sendmail[25953]: n9297NHS025953: from=root, size=0,, nrcpts=0,

relay=root@localhost
Oct  2 17:08:22 nms sendmail[26153]: n9298Ml4026153: from=nagios, size=462,, nrcpts=1,

msgid=<200910020908.n9298Ml4026153@
Oct  2 17:08:22 nms sendmail[26154]: n9298Me6026154: from=<nagios@nms.freelinuxtutorials.com>, size=720,

class=0, nrcpts=1, msgid=<20091oto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] (may be forged)

——————————————

4. Is your Sendmail as your default MTA cannot send out emails to a mail server authenticated SMTP?

If you have these four(4) issues, then you need to set your Sendmail as SMTP AUTH client

Here’s how to do it:

1. On a RPM based distro such as Fedora, CentOS or RHEL, the default locations of sendmail configuration

files are in /etc/mail.

Important config files as follow:
a. sendmail.cf
b. sendmail.mc
c. access
d. authinfo
e. trusted users
f. mailertable
g. virtusertable

Issue the command :

[root@nms mail]# sendmail -d0.1 -bv
Version 8.14.3
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = nms
(canonical domain name) $j = nms.freelinuxtutorials.com
(subdomain name) $m = freelinuxtutorials.com
(node name) $k = nms.freelinuxtutorials.com
========================================================

Recipient names must be specified

As you can see above, your sendmail have SASL and STARTTLS, which are requirement for client usage

2. Add an MX record lookup on your sendmail.mc config for the smart host
Ex:

define(`SMART_HOST’, `smtp.freelinuxtutorials.com’)

This is to define specifically the SMTP server you want your server to communicate with

3. Configure sendmail.mc for “authinfo”.

FEATURE(`authinfo’,`hash /etc/mail/authinfo.db’)

4. Configure lines in the sendmail.mc if there’s certificate related entries (Optional). You can just
take out the  “dn1” prefix to uncomment

dnl define(`confCACERT_PATH’, `/etc/pki/tls/certs’)dnl
dnl define(`confCACERT’, `/etc/pki/tls/certs/ca-bundle.crt’)dnl
dnl define(`confSERVER_CERT’, `/etc/pki/tls/certs/sendmail.pem’)dnl
dnl define(`confSERVER_KEY’, `/etc/pki/tls/certs/sendmail.pem’)dnl

5. You can leave this as default if it is not required
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
dnl define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

6. Configure an “authinfo”, the credentials to login should be define here.
Let say you have an email address
darwin@freelinuxtutorials.com with password “iwashere”, then line should look like this

AuthInfo:smtp.freelinuxtutorials.com “U:nagios” “I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN

PLAIN”

7. Make the authinfo.db by invoking this command

makemap hash /etc/mail/authinfo < /etc/mail/authinfo

8. the command “m4” should be use to create sendmail.cf from a modified sendmail.mc config, such as this

m4 sendmail.mc > sendmail.cf

9. Restart sendmail service

service sendmail restart

or

/etc/init.d/sendmail restart

10. Check your logs (/etc/maillog) or (/var/log/maillog) to see for errors or warnings. You can use tail command to see the output

#tail -f /var/log/maillog

Testing:

1. Run a map test to verify that the authinfo db is correctly setup and being address to sendmail config

[root@nms mail]# echo ‘/map authinfo AuthInfo:smtp.freelinuxtutorials.com’ | /usr/sbin/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> map_lookup: authinfo (AuthInfo:smtp.freelinuxtutorials.com) returns “U:nagios”

“I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN PLAIN” (0) >

2. Send a test mail and check the logs.

A successful log as follows:

Oct  2 17:10:02 nms sendmail[26348]: n929A23w026348: to=nagios@freelinuxtutorials.com, ctladdr=nagios

(502/502), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30477, relay=[127.0.0.1] [127.0.0.1],

dsn=2.0.0, stat=Sent (n929A2BT026349 Message accepted for delivery)

Extra tip: You can set your SMTP log level to 20 for debugging purposes
in sendmail.mc:

define(`confLOG_LEVEL’, `20′)dnl

A sample log will give something like this:

11:17:21 totsp sendmail[27587]: n1338jTQ388214: MAIL From: SIZE=29 AUTH=root@nms.freelinuxtutorials.com

Just drop a comment if you have clarifications. Enjoy!

About the author

tux

View all posts

12 Comments

  • I have facing issue of dsn=5.6.0, stat=Data format error
    Apr 6 15:40:19 sendmail[15823]: q36AAH8l015821: q36AAJ8l015823: DSN: Data format error.

    Why such error come.

    Any pointers will be helpful.

    Thanks,
    Mahesh Shinde.

  • hi mahi,
    this error somehow tells that the source has an invalid domain name
    mostly that error is related to DNS…
    pls. check your /etc/hosts file or DNS 🙂

  • I’ve had authenticated mail working with my mail provider for a while.
    Recently, the mail provider has introduced SSL in conjunction with the existing authentication.
    Do you have any experience of configuring this? I’ve tried what seems like umpteen setups and still no joy. I’m currently getting a ‘dsn 5.1.1 – user unknown’.
    I’m running Fedora 16, and sendmail has SSL compiled in.

    Any thoughts on what the config should look like?

  • Hi,

    Is it possible to use authentication via client certificates only and not using username/password?

    Is it possible?

    regards

  • Why do we need the authinfo when we are using the certificates for authentication?

  • Please let me know if уou’re looking for a author fߋr your site.
    Yoᥙ һave some really great articles and I feel I woulԁ be a ɡood asset.
    If ʏou evwr want to take some of thе load off, I’d really lіke to write ѕome articlles fⲟr yоur blog in eexchange f᧐r a link bafk tо
    mine. Pⅼease shoot mе an e-mail if interested.
    Many thanks!

  • Excellent post. I was checking constantly this blog and I’m impressed! Very useful info specially the last part 🙂 I care for such information much. I was seeking this particular information for a long time. Thank you and good luck.

Leave a Reply