Sendmail
Table of contents
MX list for confighell.com. points back to home.confighell.com
This happend to me on a host because my mail server (mail.relay.dk) is running inside a jail (confighell.com) on the same host (home.confighell.com).The jails can easily mail the mail jail, but the host install kept getting this error.
Mar 18 14:56:35 home sm-mta[55112]: n2IDuZFJ055110: SYSERR(root): MX list for confighell.com. points back to home.confighell.com Mar 18 14:56:35 home sm-mta[55112]: n2IDuZFJ055110: n2IDuZFJ055112: DSN: MX list for confighell.com. points back to home.confighell.com
The solution is fairly simple. Just edit the file /etc/mail/mailertable
confighell.com smtp:[10.1.2.3]
Where 10.1.2.3 is the IP of the mail jail.
Then run
make all install && /etc/rc.d/sendmail restart
Sendmail SMTP AUTH
Install from ports
cd /usr/ports/security/cyrus-sasl2 * Remember to check "PLAIN" (since we enable TLS soon, it's OK) make install cd /usr/ports/security/cyrus-sasl2-saslauthd make install cd /usr/ports/mail/sendmail-sasl * Remember to check "TLS" and "SASL2". make install
Generate self-signed SSL certificate
openssl req -new -x509 -nodes -out /etc/ssl/certs/sendmail.pem -keyout /etc/ssl/certs/sendmail-key.pem -days 1825
Insert lines in /etc/mail/hostname.mc"
dnl SASL TRUST_AUTH_MECH(`LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN GSSAPI EXTERNAL DIGEST-MD5 CRAM-MD5')dnl dnl SSL define(`confCACERT_PATH', `/etc/ssl/certs')dnl define(`confCACERT', `/etc/ssl/certs/sendmail.pem')dnl define(`confSERVER_CERT', `/etc/ssl/certs/sendmail.pem')dnl define(`confCLIENT_CERT', `/etc/ssl/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/ssl/certs/sendmail-key.pem')dnl define(`confCLIENT_KEY', `/etc/ssl/certs/sendmail-key.pem')dnl
Stop sendmail
/etc/rc.d/sendmail stop
Insert lines in /etc/rc.conf
sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" saslauthd_enable="YES"
Start AUTH daemon and new sendmail (from ports)
/usr/local/etc/rc.d/saslauthd start /usr/local/etc/rc.d/sendmail.sh start
Cyrus-SASL2
Get latest version from:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
(found at http://asg.web.cmu.edu/cyrus/download/)Install
# tar zxf cyrus-sasl-2.1.21.tar.gz # cd cyrus-sasl-2.1.21 # ./configure --with-dblib=gdbm --enable-krb4=no --enable-gssapi=no --enable-login --enable-plain # make # make install # ln -s /usr/local/lib/sasl2 /usr/lib/sasl2 # mkdir -p /var/state/saslauthd
Make file /usr/local/etc/rc.d/saslauthd.sh
#!/bin/sh /usr/local/sbin/saslauthd -a getpwent -n 20
Make file /var/lib/sasl2/Sendmail.conf
pwcheck_method: saslauthd
chmod it:
chmod 755 /usr/local/etc/rc.d/saslauthd.sh
run it:
/usr/local/etc/rc.d/saslauthd.sh
Time to patch devtools/Site/site.config.m4 (inside sendmail src root)
APPENDDEF(`confENVDEF', `-DSASL=2 -DHASURANDOMDEV') APPENDDEF(`conf_sendmail_LIBS', `-L/usr/local/lib -lcrypto -lsasl2') APPENDDEF(`confLIBDIRS', `-L/usr/local/lib/sasl2') APPENDDEF(`confINCDIRS', `-I/usr/local/include')
Patch sendmail.mc:
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 EXTERNAL CRAM-MD5')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
Recompile sendmail.mc (see file INSTALL in sendmail src)
Restart sendmail
killall -HUP sendmail
Hints
Encode/decode string to use for authentication (auth/sasl)
$ echo "A String" | mmencode QSBTdHJpbmcK $ echo "QSBTdHJpbmcK"|mmencode -u A String
Test
telnet localhost 25 ehlo you auth login 334 VXNlcm5hbWU6 <enter encoded username> 334 UGFzc3dvcmQ6 <enter encoded password> 235 2.0.0 OK Authenticated mail from:test@domain.tld rcpt to:test2@domain.tld data test . quit
Links
http://www.falkotimme.com/howtos/sendmail_smtp_auth_tls/
Error messages and handling
http://www.unix.org.ua/orelly/networking/sendmail/ch23_03.htm