1. Wonder why you can’t send email from your linux server?
2. Is your mail server or 3rd party email hosting provider requires authentication for your outgoing server to send out emails successfully?
3. Are you using a default sendmail email client on your linux box and wonder why your getting maillog errors such as this:
——-sample sendmail maillog error from my nagios server—————
Oct 2 17:03:54 nms sendmail[25657]: n9293qiw025655: to=<nagios@freelinuxtutorials.com>,
ctladdr=<root@nms.freelinuxtutorials.com> (0/0), dela0928, relay=smtp.freelinuxtutorials.com.
[216.200.145.17], dsn=5.1.1, stat=User unknown
Oct 2 17:03:54 nms sendmail[25657]: n9293qiw025655: n9293siw025657: DSN: User unknown
Oct 2 17:03:54 nms sendmail[25657]: n9293siw025657: to=<root@nms.freelinuxtutorials.com>,
delay=00:00:00, xdelay=00:00:00, mailer=local
Oct 2 17:07:24 nms sendmail[25953]: n9297NHS025953: from=root, size=0,, nrcpts=0,
relay=root@localhost
Oct 2 17:08:22 nms sendmail[26153]: n9298Ml4026153: from=nagios, size=462,, nrcpts=1,
msgid=<200910020908.n9298Ml4026153@
Oct 2 17:08:22 nms sendmail[26154]: n9298Me6026154: from=<nagios@nms.freelinuxtutorials.com>, size=720,
class=0, nrcpts=1, msgid=<20091oto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1] (may be forged)
——————————————
4. Is your Sendmail as your default MTA cannot send out emails to a mail server authenticated SMTP?
If you have these four(4) issues, then you need to set your Sendmail as SMTP AUTH client
Here’s how to do it:
1. On a RPM based distro such as Fedora, CentOS or RHEL, the default locations of sendmail configuration
files are in /etc/mail.
Important config files as follow:
a. sendmail.cf
b. sendmail.mc
c. access
d. authinfo
e. trusted users
f. mailertable
g. virtusertable
Issue the command :
[root@nms mail]# sendmail -d0.1 -bv
Version 8.14.3
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = nms
(canonical domain name) $j = nms.freelinuxtutorials.com
(subdomain name) $m = freelinuxtutorials.com
(node name) $k = nms.freelinuxtutorials.com
========================================================
Recipient names must be specified
As you can see above, your sendmail have SASL and STARTTLS, which are requirement for client usage
2. Add an MX record lookup on your sendmail.mc config for the smart host
Ex:
define(`SMART_HOST’, `smtp.freelinuxtutorials.com’)
This is to define specifically the SMTP server you want your server to communicate with
3. Configure sendmail.mc for “authinfo”.
FEATURE(`authinfo’,`hash /etc/mail/authinfo.db’)
4. Configure lines in the sendmail.mc if there’s certificate related entries (Optional). You can just
take out the “dn1” prefix to uncomment
dnl define(`confCACERT_PATH’, `/etc/pki/tls/certs’)dnl
dnl define(`confCACERT’, `/etc/pki/tls/certs/ca-bundle.crt’)dnl
dnl define(`confSERVER_CERT’, `/etc/pki/tls/certs/sendmail.pem’)dnl
dnl define(`confSERVER_KEY’, `/etc/pki/tls/certs/sendmail.pem’)dnl
5. You can leave this as default if it is not required
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
dnl define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
6. Configure an “authinfo”, the credentials to login should be define here.
Let say you have an email address
darwin@freelinuxtutorials.com with password “iwashere”, then line should look like this
AuthInfo:smtp.freelinuxtutorials.com “U:nagios” “I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN
PLAIN”
7. Make the authinfo.db by invoking this command
makemap hash /etc/mail/authinfo < /etc/mail/authinfo
8. the command “m4” should be use to create sendmail.cf from a modified sendmail.mc config, such as this
m4 sendmail.mc > sendmail.cf
9. Restart sendmail service
service sendmail restart
or
/etc/init.d/sendmail restart
10. Check your logs (/etc/maillog) or (/var/log/maillog) to see for errors or warnings. You can use tail command to see the output
#tail -f /var/log/maillog
Testing:
1. Run a map test to verify that the authinfo db is correctly setup and being address to sendmail config
[root@nms mail]# echo ‘/map authinfo AuthInfo:smtp.freelinuxtutorials.com’ | /usr/sbin/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> map_lookup: authinfo (AuthInfo:smtp.freelinuxtutorials.com) returns “U:nagios”
“I:darwin@freelinuxtutorials.com” “P:iwashere” “M:LOGIN PLAIN” (0) >
2. Send a test mail and check the logs.
A successful log as follows:
Oct 2 17:10:02 nms sendmail[26348]: n929A23w026348: to=nagios@freelinuxtutorials.com, ctladdr=nagios
(502/502), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30477, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (n929A2BT026349 Message accepted for delivery)
Extra tip: You can set your SMTP log level to 20 for debugging purposes
in sendmail.mc:
define(`confLOG_LEVEL’, `20′)dnl
A sample log will give something like this:
11:17:21 totsp sendmail[27587]: n1338jTQ388214: MAIL From: SIZE=29 AUTH=root@nms.freelinuxtutorials.com
Just drop a comment if you have clarifications. Enjoy!
I have facing issue of dsn=5.6.0, stat=Data format error
Apr 6 15:40:19 sendmail[15823]: q36AAH8l015821: q36AAJ8l015823: DSN: Data format error.
Why such error come.
Any pointers will be helpful.
Thanks,
Mahesh Shinde.
hi mahi,
this error somehow tells that the source has an invalid domain name
mostly that error is related to DNS…
pls. check your /etc/hosts file or DNS 🙂
I’ve had authenticated mail working with my mail provider for a while.
Recently, the mail provider has introduced SSL in conjunction with the existing authentication.
Do you have any experience of configuring this? I’ve tried what seems like umpteen setups and still no joy. I’m currently getting a ‘dsn 5.1.1 – user unknown’.
I’m running Fedora 16, and sendmail has SSL compiled in.
Any thoughts on what the config should look like?
Hi,
Is it possible to use authentication via client certificates only and not using username/password?
Is it possible?
regards
Why do we need the authinfo when we are using the certificates for authentication?
Hi great, i have used this help, its works, thanks
I ϲouldn’t resist commenting. Verʏ well written!
Please let me know if уou’re looking for a author fߋr your site.
Yoᥙ һave some really great articles and I feel I woulԁ be a ɡood asset.
If ʏou evwr want to take some of thе load off, I’d really lіke to write ѕome articlles fⲟr yоur blog in eexchange f᧐r a link bafk tо
mine. Pⅼease shoot mе an e-mail if interested.
Many thanks!
Definitely, what a fantastic blog and revealing posts, I will bookmark your site.All the Best!
Excellent post. I was checking constantly this blog and I’m impressed! Very useful info specially the last part 🙂 I care for such information much. I was seeking this particular information for a long time. Thank you and good luck.