Relaying Sendmail via SSL
This howto will hopefully get sendmail relaying to the new smtp.virginmedia.com SSL enabled server, but the same technique should work with other servers too.
A little info:
The new virginmedia SMTP server uses SSL on port 465. Nothing wrong with that for most email clients like Thunderbird and the like. With mutt though we need to get sendmail to relay to it, and that's where the problem is, because sendmail will hang waiting for the client greeting and the mail never gets sent.
You may notice if you just try to telnet to smtp.virginmedia.com port 465 you will get disconnected just by issuing a EHLO.
To bypass this problem we need to create an SSL tunnel to the server and have sendmail relay through it. The application that I will use to do that is stunnel which is installed by default in Slack - it just needs some setting up.
Stunnel has two modes - server and client. We will use it as a client and create what is in effect a proxy to VM's SMTP server. I am still quite new to using stunnel so there may well be better/other ways to do this. Drop me a mail if you have suggestions.
We will create a simple config file for stunnel:
david@Junius(~)% cat /etc/stunnel/stunnel.conf sslVersion = SSLv3 [ req ] client = yes accept = 2525 connect = smtp.virginmedia.com:465
relay-domain is going to be our stunnel hostname, defined in /etc/hosts. I'm just running it locally so I use 127.0.0.1 for the IP, but you can have it running on a different box. 2525 will be the port that it runs on. My hosts file now looks like this:
david@Junius(~)% cat /etc/hosts .. snip .. 127.0.0.1 localhost 127.0.0.1 relay-domain .. snip ..
I've read that relay-domain must come after localhost (I'm not sure how that works when it's running on a different box).
Now run stunnel with some flags:
stunnel /etc/stunnel/stunnel.conf -c -d relay-domain:2525
You should now be able to telnet in via stunnel and get the proper SMTP response:
david@Junius(~)% telnet relay-domain 2525 Trying 127.0.0.1... Connected to relay-domain. Escape character is '^]'. 220 mx.google.com ESMTP 15sm258258pxi.4 EHLO junius 250-mx.google.com at your service, [22.214.171.124] 250-SIZE 35651584 250-8BITMIME 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250 PIPELINING quit 221 2.0.0 closing connection 15sm258258pxi.4 Connection closed by foreign host.
You will notice that smtp.virginmedia.com actually reroutes to mx.google.com. I have tried connecting directly to google but it doesn't work. Google picks up that the connection was routed through VM, I guess.
Before playing with sendmail settings backup sendmail.cf and submit.cf in /etc/mail
First we need to make an authinfo.db with our Virgin login info for relay-domain:
cd /etc/mail mkdir auth chmod 700 auth cd auth
Now make a file 'authinfo' and edit it with some credentials. This is what mine looks like:
AuthInfo:relay-domain.thebigvoid.org "I:firstname.lastname@example.org" "U:root" "P:password" "M:PLAIN" AuthInfo:relay-domain.thebigvoid.org:2525 "I:email@example.com" "U:root" "P:password" "M:PLAIN"
Change 'password' to your SMTP login password. Notice I have used the full hostname.domain (relay-domain.thebigvoid.org) here. This is also set in my hosts file, so you need to set that to whatever you have set for domain name.
makemap hash authinfo < authinfo chmod 600 authinfo*
The permissions will ensure that the login info isn't world readable. Put yourself in /usr/share/sendmail/cf/cf and backup sendmail.mc and submit.mc. Edit submit.mc and sendmail.mc. These are the settings we need in both:
FEATURE(`authinfo',`hash -o /etc/mail/auth/authinfo.db') define(`SMART_HOST',`relay-domain') define(`RELAY_MAILER_ARGS', `TCP $h 2525') define(`ESMTP_MAILER_ARGS', `TCP $h 2525')
You may need to play with the order and where these settings are in the actual files. The Build script will moan if they are in the wrong order.
./Build sendmail.mc ./Build submit.mc cp sendmail.cf /etc/mail cp submit.cf /etc/mail /etc/rc.d/rc.sendmail restart
echo "This is a test" | mailx -s "TEST" firstname.lastname@example.org
If all went well you should have recieved it without any problems.
But, wait. Did you notice that the From: header is changed to your email@example.com? (Might be the same thing for ex-ntl users too).
I won't go into the arguments I had on the VM forum about this header changing nonsense :>