Old programmers never die. They just branch to a new address.
Relaying Sendmail via SSL
This howto will hopefully get sendmail relaying to an SMTP SSL enabled server, but the same technique should also serve for other purposes. Note that this article assumes that you already know how to set up sendmail with a SMART_HOST.
A little background info:
My ISP was taken over by Virgin Media, and their SMTP server uses SSL on port 465. Nothing wrong with that for most email clients like Claws Mail, Thunderbird and the like that handle sending themselves. With mutt and other clients that need a separate MTA we need to get sendmail to relay to it, and that's where the problem is, because sendmail doesn't support SSL with SMART_HOST and will hang waiting for the client greeting.
(Note that mutt now supports sending itself, and there are alternative applications like msmtp that mutt can use.)
You may notice if you just try to telnet to smtp.virginmedia.com port 465 you will get disconnected just by issuing a EHLO. Trying the normal port (25) will just hang indefinitely.
To deal with this problem we need to create an SSL tunnel to the server and have sendmail relay through it. The application that I will use to do that is stunnel which is installed by default in Slackware - it just needs some setting up.
Note that the commands outlined here need to be run as root, apart from any 'telnet' commands.
Stunnel has two modes - server and client. We will use it as a client and create what is in effect a proxy to VM's SMTP server.
Create a simple config file for stunnel:
cat /etc/stunnel/virgin.conf [virgin] client = yes accept = 2525 connect = smtp.virginmedia.com:465
relay-domain is going to be our stunnel hostname defined in /etc/hosts. I'm just running it locally and I'm using 127.0.0.1 for the IP. It's not necessary to edit the hosts file if you use 'localhost' instead of 'relay-domain' in the following steps. You can also have it running on a different box using its LAN IP (e.g. 192.168.1.2) so that it's accessible from other machines on the LAN.
2525 will be the port that it runs on.
My hosts file looks like this:
cat /etc/hosts .. snip .. 127.0.0.1 localhost 127.0.0.1 relay-domain .. snip ..
Now run stunnel with some flags:
stunnel /etc/stunnel/virgin.conf -c -d relay-domain:2525
You should now be able to telnet in via stunnel and get the proper SMTP response (the commands I type are in red):
telnet relay-domain 2525 Trying 127.0.0.1... Connected to relay-domain. Escape character is '^]'. 220 know-smtprelay-11-imp cmsmtp ESMTP server ready EHLO junius 250-know-smtprelay-11-imp hello [(my IP address)], pleased to meet you 250-HELP 250-AUTH LOGIN PLAIN 250-SIZE 52000000 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250 OK quit 221 2.0.0 know-smtprelay-11-imp cmsmtp closing connection Connection closed by foreign host.
Note: When I first wrote this articicle smtp.virginmedia.com rerouted to mx.google.com, but this no longer seems to be the case.
BEFORE creating the new sendmail config files, *BACKUP* sendmail.cf and submit.cf in /etc/mail
First we need to make an authinfo.db with our Virgin login info for relay-domain.:
cd /etc/mail mkdir auth chmod 700 auth cd auth
Now make the file 'authinfo' if it doesn't already exist and add some credentials:
AuthInfo:relay-domain.hostname "I: email@example.com" "U:root" "P:password" "M:PLAIN" AuthInfo:relay-domain.hostname:2525 "I: firstname.lastname@example.org" "U:root" "P:password" "M:PLAIN"
Change 'email@example.com' and 'password' to your SMTP login details.
Notice I have used the full hostname of the machine hosting stunnel here (relay-domain.hostname.) This is the domain that you set when you installed your distro, if you were given the choice. It should be set in /etc/hosts and can also be found by running the command 'hostname -d' on the machine.
makemap hash authinfo < authinfo chmod 600 authinfo*
The 600 permissions will ensure that the login info isn't world readable.
Put yourself in /usr/share/sendmail/cf/cf and backup sendmail-slackware.mc and submit.mc. Edit sendmail-slackware.mc and submit.mc. Substitute your distro's default files for these if you aren't using Slackware.
These are the settings we need to add:
FEATURE(`authinfo',`hash -o /etc/mail/auth/authinfo.db') define(`SMART_HOST',`relay-domain') define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525')
You may need to play with the order and where these settings are in the actual files. The Build script will whine if they are in the wrong order.
./Build sendmail-slackware.mc ./Build submit.mc cp sendmail-slackware.cf /etc/mail/sendmail.cf cp submit.cf /etc/mail/submit.cf /etc/rc.d/rc.sendmail restart
echo "This is a test" | mailx -s "TEST" firstname.lastname@example.org
If all went well you should have recieved it without any problems. Add the stunnel start command to /etc/rc.d/rc.local to have it run at boot.