I've done the smtp auth following this tutorial found on the web.
Please note that the sendmail.cf file will be overwritten from the BQ
sometimes and your edit are lost.
----------------------------------------------------------
Sendmail as SMTP AUTH client for ISP mail server relay
Fri, 02/17/2006 - 22:23 --- charlie.collins
My ISP, Bellsouth, along with just about every other major ISP, blocks
port 25 outbound email from their dynamically assigned IP ranges (the IP
address all the DSL and dial up customers receive).
This means your home Linux machine cant just send outbound email. In
order to send outbound email you must first set your server to relay
outbound mail to your ISPs server (which can be done with SMART_HOST in
sendmail) and use SMTP_AUTH as a *CLIENT* to your ISPs mail server
(Bellsouth for example requires SMTP_AUTH to their mailhost
,"mail.bellsouth.net", with PLAIN mech for authentication - many major
ISPs do the same).
Many Linux distros use Sendmail as the default MTA (Fedora among them).
There are many tutorials on the web concerning using Sendmail as an
SMTP_AUTH server to accept incoming auth connections (such as JoreyBump
<http://www.joreybump.com/code/howto/smtpauth.html>, and a few years
back there was my high level awesome mail server
<http://www.screaming-penguin.com/main.php?storyid=2998> post :P).
However, there are fewer that concern setting up Sendmail to use
SMTP_AUTH as a client so that Sendmail itself can authenticate with
another mail server (there are some such as this one for SBC/Yahoo
<http://efflandt.freeshell.org/sbc-smtp-auth.html> - I just thought more
and more specific info might be helpful).
In the case of BellSouth DSL I got a Fedora Sendmail setup working as
follows (Core 4 with Sendmail 8.13.4 - Be advised, you should always
BACKUP your existing conf files before you muck with them):
*1.* Note that the default locations on Fedora (and many distros) for
Sendmail installed files is "/etc/mail". sendmail.cf, sendmail.mc,
access map, so on, are located at /etc/mail.
*2.* Check that your Sendmail binary has STARTTLS and SASL support:
|sendmail -d0.1 -bv|
Make sure STARTTLS and SASL are present in the output, this is the
default on Fedora and other distors now so they are likely alread there
- if you do not have these you need to backup and recompile sendmail to
include them - see the aforementioned server oriented tutorials on this
subject - Yes the client usage requires them.
*3.* Edit your sendmail.mc to include the "smart host" option.
|define(`SMART_HOST',`[mail.bellsouth.net]')|
*4.* Edit your sendmail.mc to setup a map for "authinfo".
|FEATURE(`authinfo',`hash /etc/mail/authinfo.db')|
*5.* Check the rest of your sendmail.mc to make sure that things are
sane and items relevant to STARTTLS and SASL are uncommented and valid.
For example check to ensure you have the certificate related entries
(and that these entries are valid - you may have to create the
sendmail.pem cert - from the cert dir "make sendmail.pem" assuming you
have the OpenSSL libraries available):
|define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')|
Make sure you also have the auth mechanisms defined/uncommented (I am
not sure this should be required just for the client - but I had to
enable to get things working):
|define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl|
Also you should turn up the logging temporarily in order to verify things:
|define(`confLOG_LEVEL', `20')dnl|
*6.* Create the "authinfo" file in (the file that tells the SMTP_AUTH
client what credentials to login with for what domain).
|AuthInfo:[mail.bellsouth.net] "U:root" "I:user (at mark) bellsouth.net
<javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Compose&To=user%40bellsouth.net&New=Yes','Compose',800,600,'yes');>"
"P:password" "M:LOGIN PLAIN"|
*7.* With the newly edited "sendmail.mc" file use m4 (the sendmail macro
burner) to create "sendmail.cf".
|m4 sendmail.cf < sendmail.mc|
*8.* With the newly created "authinfo" file make the authinfo.db which
sendmail will use.
|makemap hash /etc/mail/authinfo < /etc/mail/authinfo|
*9.* Restart sendmail (default /etc/init.d/sendmail restart) and check
the logs (default /etc/maillog) to make sure there are no
issues/errors/warnings. Errors such as unable to find STARTTLS
certificate need to be addressed before you proceed, really there should
be no errors or warnings, these have meanings. ;)
*10.* Run a map test to ensure that the "authinfo" db is being correctly
picked up by your new sendmail configuration.
|echo '/map authinfo AuthInfo:[mail.bellsouth.net]' | /usr/sbin/sendmail
-bt|
If this is found and there is an entry then proceed, otherwise something
is amiss with authinfo and that needs to be addressed.
*11.* Make an alias for the "root" user to go to an actual external
email account (if not already done). For example in /etc/aliases change
the line under "Person that should get root's email" to go to "root:
user (at mark) gmail.com
<javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Compose&To=user%40gmail.com&New=Yes','Compose',800,600,'yes');>"
where that is a valid external email account. Make sure
to run "newaliases" to invoke.
*12.* Send an email to root and watch the logs.
|mail root
Test
this is a test
.|
The logs should show all the SMTP level info (since it is using level
20) and should show a line that reads similar to:
|Feb 17 21:08:45 totsp sendmail[27587]: k1I28jTQ027587: MAIL From:
SIZE=29 AUTH=root (at mark) yourhostname.org
<javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Compose&To=root%40yourhostname.org&New=Yes','Compose',800,600,'yes');>|.
This shows that the AUTH was made. Then a little further down in the log
you should see that the message was accepted. (If it was not accepted
you will see that it was rejected and why (the response code).
------------------------------------------------
Dogsbody ha scritto:
>
>> I want to connect my BQ server another smart host to relay the mails
>> throufh
>> our ISP's Server
>>
>> We have the server address and SMTP username and password.
>>
>> Where I should configure the username and password in BQ for
>> authentication?
>
> The BQ GUI currently only allows you to set up an open (restricted by
> IP address to their customers) relay as a smarthost [1]. There is no
> where to put the username & password [2]. It is possible to set this
> up by directly editing the sendmail.cf files I believe but I have
> never done this.
>
> Dan
>
> [1] Just add your ISP mail server under Network Services, Email,
> Advanced, Smart Relay Server and your all done :-)
>
> [2] I have already added this to the SF BQ tracker as a feature request.
> http://sourceforge.net/tracker/index.php?func=detail&aid=1699062&group_id=193737&atid=946614
>
>
>
>