So. I have sendmail working on that same bloody Fedora Core 4 server as before.
It works just fine.
It sends mail to the internet on port 25, just fine.
That would be, in fact, the problem, from a certain point of view.
After an incident with a user, a "test" installation of XAMPP and Mercury Mail Server, and 3-day stint on Spamhaus.org's blocklist because SMTP servers that helo "localhost" are not appreciated, I'm going to lock port 25 down completely, and open port 587 only to the proper outgoing mail server. This is fine. Before I do that, however, I want my server to still be able to send all the mail it's supposed to send when things go wrong with the RAID, or when the backups throw up on themselves, or when it's supposed to give me the daily "I'm alive, nothing is wrong, we have plenty of disk space, the heavily armed monkeys guarding the servers report no issues" messages.
So, I want to set Sendmail on the server to Smarthost everything, to the regular mail server, on port 587, using user authentication, just like it was a normal mail client. This is my problem.
... which appears, from the documentation, to be what I need, and then some. I've also tried with "U:USERID" in all three locations. Yes, this is a correct and working username and password, and the server does not require TLS or any other secure connection.
I then run makemap hash clientinfo < clientinfo, go to /etc/mail and run make, then restart sendmail with /sbin/service sendmail restart. It says it's shutting down correctly, then starting up correctly, with no problems or errors.
And from then on, all the entries in /var/log/maillog look like this:
Mar 9 17:05:17 FEDORASERVER sendmail[31097]: l26L0kkW001172: to=, ctladdr= (516/6), delay=3+01:04:31, xdelay=00:00:00, mailer=relay, pri=7380945, relay=in.MAILSERVERNAME., dsn=4.0.0, stat=Deferred: Connection refused by in.MAILSERVERNAME.
Any suggestions for why Sendmail isn't acting like a good little MTA, just like Thunderbird and Outlook and all the others on the network?
(Suggestions of "Try Exim or Postfix" are truly tempting, don't get me wrong, but if you suggest those, please also include a link to a good, reliable FC4 how-to on setting it up for acting like an SMTP client that needs authentication and uses port 587.)
Indeed I can. It lets me in and lets me try to send mail. I'm not sure how to actually authenticate properly through SMTP - I didn't have time to look it up before I left work - but I can get into auth plain without a problem.
...and following those instructions, the motherfucker just delivered *half* of my test messages. The ones to account@mailserver went through, the ones to gmail and vmobile.ca were rejected as user unknown.
Not sure if this will help, but try connecting to 587 on localhost, and then 587 on the "real" IP address, in case sendmail is listening on one but not the other.
To clarify my situation: There are two mail servers involved, here. Sendmail-server is my box, and it listens only on port 25, and only to localhost. Currently, when it receives mail, it looks up the MX for the target domain, contacts that MX on port 25, and delivers the mail directly. It is not listening on port 587 at all, nor should it be.
ISP-mail-server is *not* my box. It listens on port 587, to the entire internet, and demands a username and password before anyone can relay through it. Currently, every mail client in the company works through this, by setting "send through ISP-mail-server, port 587, my SMTP server requires authentication, here is my username and password". I can telnet to it on port 587 from sendmail-server and begin the auth process, no problem.
I *want* sendmail-server to, instead of looking up MXes and delivering mail to the internet on port 25, call up ISP-mail-server on port 587, give a username and password, and pass all email off to ISP-mail-server, and let ISP-mail-server worry about looking up MXes and delivering mail across the internet.
As soon as that's working, I can block outgoing port 25 on the firewall entirely, and outgoing port 587 to everywhere but ISP-mail-server, so that another user can't get creative, run an insecure and misconfigured mail server app on his personal desktop machine, and get us blacklisted again so that my automated mails from the server start getting dropped before making it to my mailbox or my cellphone.
The problem is that sendmail-server, when it's configured to use port 587 and log in with a good username and password, connects to ISP-mail-server, doesn't log in, and doesn't deliver the mail.
Since ISP-mail-server is definitely working, on port 587, with that specific username and password, and sendmail-server can connect on port 587 to the server, that means the problem must be somewhere in Sendmail's configuration.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselking
(no subject)
Date: 2007-03-10 01:21 am (UTC)Can you telnet to the target on port 587 from the source server?
(no subject)
Date: 2007-03-10 01:30 am (UTC)(no subject)
Date: 2007-03-10 01:33 am (UTC)(no subject)
Date: 2007-03-10 01:43 am (UTC)http://www.sendmail.org/~ca/email/auth.html
(no subject)
Date: 2007-03-10 02:16 am (UTC)#2: Yes, SASLv2 is installed on the server.
(However, it's got the instructions again down below, slightly different.)
(no subject)
Date: 2007-03-10 02:23 am (UTC)So it's a start!
(no subject)
Date: 2007-03-10 02:25 am (UTC)(no subject)
Date: 2007-03-10 03:21 am (UTC)(no subject)
Date: 2007-03-10 04:53 am (UTC)To clarify my situation:
There are two mail servers involved, here.
Sendmail-server is my box, and it listens only on port 25, and only to localhost. Currently, when it receives mail, it looks up the MX for the target domain, contacts that MX on port 25, and delivers the mail directly. It is not listening on port 587 at all, nor should it be.
ISP-mail-server is *not* my box. It listens on port 587, to the entire internet, and demands a username and password before anyone can relay through it. Currently, every mail client in the company works through this, by setting "send through ISP-mail-server, port 587, my SMTP server requires authentication, here is my username and password". I can telnet to it on port 587 from sendmail-server and begin the auth process, no problem.
I *want* sendmail-server to, instead of looking up MXes and delivering mail to the internet on port 25, call up ISP-mail-server on port 587, give a username and password, and pass all email off to ISP-mail-server, and let ISP-mail-server worry about looking up MXes and delivering mail across the internet.
As soon as that's working, I can block outgoing port 25 on the firewall entirely, and outgoing port 587 to everywhere but ISP-mail-server, so that another user can't get creative, run an insecure and misconfigured mail server app on his personal desktop machine, and get us blacklisted again so that my automated mails from the server start getting dropped before making it to my mailbox or my cellphone.
The problem is that sendmail-server, when it's configured to use port 587 and log in with a good username and password, connects to ISP-mail-server, doesn't log in, and doesn't deliver the mail.
Since ISP-mail-server is definitely working, on port 587, with that specific username and password, and sendmail-server can connect on port 587 to the server, that means the problem must be somewhere in Sendmail's configuration.