Howto configure Centos 5 + sendmail as a simple SMTP relay for Gmail

[peterpallesen]

If you use your own domain with gmail some mail clients display your email address as "someone@yourdomain.com on behalf of someone@gmail.com". To avoid this Google allow you to use your own sendmail to relay outgoing mail. The longer explanation is here

I have a VPS server with plain Centos 5.5 - the basic install, including sendmail and saslauth that I'd like to use for this purpose.

There's a lot of howtos explaining howto setup a fully fledged mail system with dovecot or whatever, but I just need the most basic sendmail for this purpose.

I've set everything up and sendmail is now listening on the various optional ports:

Code:

# netstat -ptan | grep sendmail
tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN      12270/sendmail: acc
tcp        0      0 0.0.0.0:465                 0.0.0.0:*                   LISTEN      12270/sendmail: acc
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      12270/sendmail: acc

I'm pretty sure everything is setup right, including certificates (how can I verify they are ok?). I've created a standard Linux user (useradd) for authentication - that ought to work with PAM right? So why can't I authenticate with this user?

Code:

# grep -v ^dnl /etc/mail/sendmail.mc
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confLOG_LEVEL', `90')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

But when I add my server to Gmail they say: "We are having trouble authenticating with your other mail service. Please try a different port or connection option. If you continue to experience difficulties, please contact your other email provider for further instructions.", and when I look in the logfile I get following:

Code:

Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-vpsxxx.xxx.net Hello mail-vw0-f44.google.com [209.85.212.44], pleased to meet you
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-ENHANCEDSTATUSCODES
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-PIPELINING
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-8BITMIME
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-SIZE
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-DSN
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-AUTH EXTERNAL
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250-DELIVERBY
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 250 HELP
Jul 12 07:23:02 localhost sendmail[30074]: STARTTLS=read, info: fds=7/4, err=2
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: <-- QUIT
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: --- 221 2.0.0 vpsxxx.xxx.net closing connection
Jul 12 07:23:02 localhost sendmail[30074]: STARTTLS=server, SSL_shutdown not done
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: in background, pid=30074
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: mail-vw0-f44.google.com [209.85.212.44] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: dropenvelope, e_flags=0x4001, OpMode=d, pid=30074
Jul 12 07:23:02 localhost sendmail[30074]: p6C7N2qv030074: unlock
Jul 12 07:23:02 localhost sendmail[30074]: NOQUEUE: finis, pid=30074

Any idea what I'm doing wrong here?

I mean, obviously there's a problem with that STARTTLS thing, but what? It is certainly supported by the server:

Code:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 vpsxxx.xxx.net ESMTP Sendmail 8.13.8/8.13.8; Tue, 12 Jul 2011 09:57:12 GMT
ehlo there
250-vpsxxx.xxx.net Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP

[peterpallesen]

Oh well. At least I'm not the only one who don't know ...

[falko]

The problem is that you use Sendmail which is really hard to configure - you need to be a real expert to do this. It is years ago that I last worked with Sendmail (using Postfix instead).

[peterpallesen]

Hm, actually I'm quite comfortable with Sendmail (even if I hit a snag this time) but unfamiliar with Postfix. Any howto you can recommend with Postfix proving this solution? Any searches for Postfix and Gmail comes up with a stack of solutions for the opposite problem (using gmail's smtp servers to relay mail).

[peterpallesen]

Ok, so I removed sendmail and installed postfix, that was easy enough, but didn't bring me any further than before.

The thing is, as I explained in the first post, this is supposed to be an outgoing relay for Gmail only, in order to get rid of the "send on behalf of" annoyance in Gmail. Many howto's discuss how to setup postfix with dovecot or cyrus-imap, but as there will not be any incoming mail to this server I don't want to have this unnecessary software installed.

I have cyrus-sasl installed and it is (default) configured to use pam. This is fine with me as pam is supposed to be able to handle authentication through /etc/password (/etc/shadow) - but I can't find anywhere explaining how to configure this to work.

[falko]

Take a look here:
http://www.howtoforge.com/forums/sho...d.php?p=105989
http://ubuntu-tutorials.com/2008/11/...-smtpgmailcom/

[peterpallesen]

Thanks but that again address the opposite of what I need.

This explains how to relay your own mail through Google's smtp server.

I want to route Gmail through my own server as explained in my first post.

[peterpallesen]

I'm still trying to setup this mailserver to act as a mail relay for Gmail.

There must be at least 10,000 howto's on the internet explaining how to relay your outgoing mail through gmail. I can see how this could be handy for those with a Linux on a PC with dynamic IP where they need a "real" smtp server to relay the outgoing mail, but I have the opposite problem. I want to avoid Gmails "sent on behalf of" which frankly is lame, and relay my outgoing mail through my vps server.

I changed to postfix as recommended, as I was advised that sendmail was too complicated, but I frankly don't see postfix being any less complicated than sendmail.

I have both setup as simple mail servers, able to handle outgoing mail originating on the server (i.e. through web forms etc) and it is correctly blocking relaying of mail that shouldn't be relayed.

What I need is a simple howto explaining how to configure standard saslauth (using the standard cyrus saslauth as it comes with Centos) so that I can relay my gmail through my own smtp server.

There are bits and pieces everywhere but it's like trying to watch a large painting through a toilet paper roll.

[peterpallesen]

Here is one that seems to make an attempt.

It appears to be from 2004.

19 pages, with arrows, highlights, boxes, cross-references and written by a German (I don't have a problem with Germans but they tend to be a tad verbose and this one is certainly no exception)

The first 9 pages goes with small talk about why we want to do this, and how to compile sendmail and saslauth from scratch. Have these guys not heard of yum?

Finally on page 11 we start getting a little meat - http://postfix.state-of-mind.de/patr...iguration.html - but check it out, endless yatter with multicolored boxes adding to the confusion.

How about just explaining in simple text what you need to add to which files and then let that be it?

[peterpallesen]

Here's another, slightly better one: http://thomer.com/howtos/postfix_sasl.html. It's only from 2009 but alas, was made for Debian.

But, alas, it doesn't work either. For a start it doesn't even listen on port 587 (TLS).