Thanks Claudio!
Best,
--
Arthur
> -----Original Message-----
> From: Claudio Condolf [mailto:condolf (at mark) gmail.com]
> Sent: Wednesday, April 18, 2007 8:42 AM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:09606] Re: SMTP relay
>
>
> I've done the smtp auth following this tutorial found on the web.
> Please note that the sendmail.cf file will be overwritten from the BQ
> sometimes and your edit are lost.
> ----------------------------------------------------------
> Sendmail as SMTP AUTH client for ISP mail server relay
>
> Fri, 02/17/2006 - 22:23 --- charlie.collins
>
> My ISP, Bellsouth, along with just about every other major ISP, blocks
> port 25 outbound email from their dynamically assigned IP
> ranges (the IP
> address all the DSL and dial up customers receive).
>
> This means your home Linux machine cant just send outbound email. In
> order to send outbound email you must first set your server to relay
> outbound mail to your ISPs server (which can be done with
> SMART_HOST in
> sendmail) and use SMTP_AUTH as a *CLIENT* to your ISPs mail server
> (Bellsouth for example requires SMTP_AUTH to their mailhost
> ,"mail.bellsouth.net", with PLAIN mech for authentication - many major
> ISPs do the same).
>
> Many Linux distros use Sendmail as the default MTA (Fedora
> among them).
> There are many tutorials on the web concerning using Sendmail as an
> SMTP_AUTH server to accept incoming auth connections (such as
> JoreyBump
> <http://www.joreybump.com/code/howto/smtpauth.html>, and a few years
> back there was my high level awesome mail server
> <http://www.screaming-penguin.com/main.php?storyid=2998> post :P).
> However, there are fewer that concern setting up Sendmail to use
> SMTP_AUTH as a client so that Sendmail itself can authenticate with
> another mail server (there are some such as this one for SBC/Yahoo
> <http://efflandt.freeshell.org/sbc-smtp-auth.html> - I just
> thought more
> and more specific info might be helpful).
>
> In the case of BellSouth DSL I got a Fedora Sendmail setup working as
> follows (Core 4 with Sendmail 8.13.4 - Be advised, you should always
> BACKUP your existing conf files before you muck with them):
>
> *1.* Note that the default locations on Fedora (and many distros) for
> Sendmail installed files is "/etc/mail". sendmail.cf, sendmail.mc,
> access map, so on, are located at /etc/mail.
>
> *2.* Check that your Sendmail binary has STARTTLS and SASL support:
>
> |sendmail -d0.1 -bv|
>
> Make sure STARTTLS and SASL are present in the output, this is the
> default on Fedora and other distors now so they are likely
> alread there
> - if you do not have these you need to backup and recompile
> sendmail to
> include them - see the aforementioned server oriented
> tutorials on this
> subject - Yes the client usage requires them.
>
> *3.* Edit your sendmail.mc to include the "smart host" option.
>
> |define(`SMART_HOST',`[mail.bellsouth.net]')|
>
> *4.* Edit your sendmail.mc to setup a map for "authinfo".
>
> |FEATURE(`authinfo',`hash /etc/mail/authinfo.db')|
>
> *5.* Check the rest of your sendmail.mc to make sure that things are
> sane and items relevant to STARTTLS and SASL are uncommented
> and valid.
> For example check to ensure you have the certificate related entries
> (and that these entries are valid - you may have to create the
> sendmail.pem cert - from the cert dir "make sendmail.pem" assuming you
> have the OpenSSL libraries available):
>
> |define(`confCACERT_PATH',`/usr/share/ssl/certs')
> define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
> define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
> define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')|
> Make sure you also have the auth mechanisms defined/uncommented (I am
> not sure this should be required just for the client - but I had to
> enable to get things working):
> |define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
> define(`confAUTH_OPTIONS', `A p y')dnl
> TRUST_AUTH_MECH(`LOGIN PLAIN')dnl|
>
> Also you should turn up the logging temporarily in order to
> verify things:
> |define(`confLOG_LEVEL', `20')dnl|
>
> *6.* Create the "authinfo" file in (the file that tells the SMTP_AUTH
> client what credentials to login with for what domain).
>
> |AuthInfo:[mail.bellsouth.net] "U:root" "I:user (at mark) bellsouth.net
> <javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Com
> pose&To=user%40bellsouth.net&New=Yes','Compose',800,600,'yes');>"
>
> "P:password" "M:LOGIN PLAIN"|
>
> *7.* With the newly edited "sendmail.mc" file use m4 (the
> sendmail macro
> burner) to create "sendmail.cf".
>
> |m4 sendmail.cf < sendmail.mc|
>
> *8.* With the newly created "authinfo" file make the authinfo.db which
> sendmail will use.
>
> |makemap hash /etc/mail/authinfo < /etc/mail/authinfo|
>
> *9.* Restart sendmail (default /etc/init.d/sendmail restart) and check
> the logs (default /etc/maillog) to make sure there are no
> issues/errors/warnings. Errors such as unable to find STARTTLS
> certificate need to be addressed before you proceed, really
> there should
> be no errors or warnings, these have meanings. ;)
>
> *10.* Run a map test to ensure that the "authinfo" db is
> being correctly
> picked up by your new sendmail configuration.
>
> |echo '/map authinfo AuthInfo:[mail.bellsouth.net]' |
> /usr/sbin/sendmail
> -bt|
>
> If this is found and there is an entry then proceed,
> otherwise something
> is amiss with authinfo and that needs to be addressed.
>
> *11.* Make an alias for the "root" user to go to an actual external
> email account (if not already done). For example in
> /etc/aliases change
> the line under "Person that should get root's email" to go to "root:
> user (at mark) gmail.com
> <javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Com
> pose&To=user%40gmail.com&New=Yes','Compose',800,600,'yes');>"
> where that is a valid external email account. Make sure
> to run "newaliases" to invoke.
>
> *12.* Send an email to root and watch the logs.
>
> |mail root
> Test
> this is a test
> .|
>
> The logs should show all the SMTP level info (since it is using level
> 20) and should show a line that reads similar to:
> |Feb 17 21:08:45 totsp sendmail[27587]: k1I28jTQ027587: MAIL From:
> SIZE=29 AUTH=root (at mark) yourhostname.org
> <javascript:openWin('/WorldClient.dll?Session=KFEOXFF&View=Com
> pose&To=root%40yourhostname.org&New=Yes','Compose',800,600,'yes');>|.
>
> This shows that the AUTH was made. Then a little further down
> in the log
> you should see that the message was accepted. (If it was not accepted
> you will see that it was rejected and why (the response code).
>
> ------------------------------------------------
>
>
>
>
>
> Dogsbody ha scritto:
> >
> >> I want to connect my BQ server another smart host to relay
> the mails
> >> throufh
> >> our ISP's Server
> >>
> >> We have the server address and SMTP username and password.
> >>
> >> Where I should configure the username and password in BQ for
> >> authentication?
> >
> > The BQ GUI currently only allows you to set up an open
> (restricted by
> > IP address to their customers) relay as a smarthost [1].
> There is no
> > where to put the username & password [2]. It is possible
> to set this
> > up by directly editing the sendmail.cf files I believe but I have
> > never done this.
> >
> > Dan
> >
> > [1] Just add your ISP mail server under Network Services, Email,
> > Advanced, Smart Relay Server and your all done :-)
> >
> > [2] I have already added this to the SF BQ tracker as a
> feature request.
> >
> http://sourceforge.net/tracker/index.php?func=detail&aid=16990
62&group_id=193737&atid=946614
>
>
>
>