sendmail (notifications) using GMAIL SMTP | Ubuntu 11.10

4 Jan

Sending email directly from the MTA (mail transfer agent) on one’s server is now considered to be faux pas. Unless you’ve got that machine configured within DNS (MX record, reverse lookup, etc), it’d likely fail most basic spam checks at the destination mail server. The complexity of the configuration increases if you’ve got the need to masquerade emails from multiple domains.Instead, the ideal approach is to relay through a central SMTP gateway for all of the outbound emails generated from your server(s).

The downside of using google for relay is that it automatically sets the “from” address to the account that was used for smtp authentication. This article hacks sendmail.cf to dynamically change the authentication used based on the original “from” address. This would be applicable if you have an application that’s sending emails on behalf of multiple user accounts / domains.

To sum it up. Here’s how to get sendmail working in 10 minutes :

1. Install sendmail

Open Terminal and

sudo apt-get install sendmail sasl2-bin
service saslauthd start
sudo cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig
sudo vi /etc/mail/sendmail.mc
2. Setup client-info

In /etc/mail/auth/client-info: (if you do not have this file, create it)

AuthInfo:smtp.gmail.com “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”
AuthInfo:smtp.gmail.com:587 “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”

Set <username@hostname.tld> and <password> to the same account you use to authenticate w/ gmail.

Create the client-info.db:

makemap -r hash client-info.db < client-info
chmod 700 /etc/mail/auth
chmod 600 /etc/mail/auth/*

Both client-info & client-info.db should have permission of 600.

3. Create certificates used by sendmail

This generates the certificates and files needed to authenticate successfully with GMAIL SMTP:

mkdir /etc/mail/certs
cd /etc/mail/certs
openssl dsaparam 1024 -out dsa1024 -out dsa1024.pem
openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out /etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem
ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem
openssl req -x509 -new -days 3650 -key /etc/mail/certs/mykey.pem -out /etc/mail/certs/mycert.pem
chmod 700 /etc/mail/certs
chmod 600 /etc/mail/certs/*
4. Add settings to sendmail.mc

We need to enable STARTTLS for GMAIL SMTP support. Earlier we installed sals2-bin which provides this support. A single line entry in sendmail.mc enables this feature. However, be sure to start sasl on boot by editing /etc/default/saslauthd and set START=yes

Make sure sendmail.mc has:

include(`/etc/mail/tls/starttls.m4')dnl
define(`SMART_HOST',`smtp.gmail.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/CAcert.pem')
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')

NOTE: Be aware that smart-quotes used in the code examples will not be recognised if pasted into your files! Ensure replacing smart-quotes by regular quotes (see comments below for further detail).

5. Finish off

Finally, update sendmail.cf:

m4 sendmail.mc > sendmail.cf
cd /etc/mail
make
/etc/init.d/sendmail reload

To be safe, i like to rerun the configuration and go through any errors that come up :

/etc/mail/sendmailconfig
Advertisements

12 Responses to “sendmail (notifications) using GMAIL SMTP | Ubuntu 11.10”

  1. Sam March 25, 2012 at 12:48 am #

    Hi there,

    I need a mail address with my domain name to send and receive emails from for my online-store.
    I had a look at several tutorials including this one: http://flurdy.com/docs/postfix/
    And its really all very complicated and confusing for me.
    You wrote:
    “Unless you’ve got that machine configured within DNS (MX record, reverse lookup, etc), it’d likely fail most basic spam checks at the destination mail server.”
    This worry’s me a lot so I’m wondering if you would recommend this gmail smtp solution in my situation or to go down a different road perhaps.

    Appreciate your feedback.

    Thanks.

    Sam

    • darrynvantonder March 25, 2012 at 7:26 pm #

      Hi Sam

      Sendmail is a simple program that is used to SEND email notifications. In my case, i use it to send myself emails, using my GMAIL account.

      The reason that i use my GMAIL account is that it is a well known SMTP Server, meaning, when my mail is received by personx@companyA.com, Company A’s anti spam rules usually exclude GMAIL accounts…

      From your requirement, I would rather look at POSTFIX. This is a fully functional Email Server which will achieve your requirements
      Go here : http://www.serverubuntu.it/postfix-dovecot-guide

      Lastly, you can use webmin () as a command interface for setting up POSTFIX. It’s pretty straight forward if you follow the guide above and use webmin.

      Cheers

  2. John Forward April 8, 2012 at 9:32 pm #

    i cannot start sendmail. What should I do?

    root@SERVER-5.local:/etc/mail/certs# /etc/init.d/sendmail start
    * Starting Mail Transport Agent (MTA) sendmail start-stop-daemon: Unable to start /usr/sbin/sendmail-mta: Permission denied (Permission denied)
    /etc/init.d/sendmail: line 296: /usr/sbin/sendmail-msp: is a directory

  3. ellmo September 19, 2012 at 7:26 am #

    Can’t get past this:

    $ makemap -r hash client-info.db < client-info
    -bash: client-info: No such file or directory

    where is client-info supposed to be? where am I supposed to be? in my home directory?

    • darrynvt September 19, 2012 at 12:52 pm #

      Hi ellmo

      You have to be in the /etc/mail/auth/ directory as this is where the client-info.db is created.

      Bare in mind that this is a restricted directory (root only) and that you may need to “sudo su” to root to perform these tasks.

      Good luck!

  4. Vinz October 20, 2012 at 7:26 pm #

    Hi, Any chance you could provide me with your sendmail.mc ? I’ve been trying unsuccessfully to do this ..? ryojunk@online.fr

    • darrynvt November 1, 2012 at 10:32 am #

      Hi Vinz

      Np. Apologies for the late reply, I have been away on holiday. Will send my sendmail file shortly.

      Cheers

  5. Vinz October 20, 2012 at 7:27 pm #

    I meant to say” thank you” but clicked Post by accident :)) thanks a lot for your help 😉

  6. eduard November 11, 2012 at 12:23 am #

    como testar?

  7. http://tegrujetdergwrit.exteen.com May 1, 2013 at 10:06 am #

    My brother recommended I may like this blog. He was once
    entirely right. This submit actually made my day. You can not
    believe simply how much time I had spent for this info!
    Thanks!

  8. stevez July 17, 2013 at 4:45 am #

    at running sendmailconfig i recive this error:
    /etc/mail/sendmail.cf: line 6: invalid argument to V line:
    “ERSIONID(Id: startt” /etc/mail/sendmail.cf: line 7: invalid
    argument to V line: “ERSIONID(Id: autoco” /etc/mail/sendmail.cf:
    line 10: fileclass: cannot open ‘ATURE(authinfo,hash’: No such file
    or directory

  9. stevez July 17, 2013 at 4:57 am #

    Well i have solved for the first problem. Now the second,
    the mails are not delivered by sendmail. I followed your tutorial
    step by step, and no error followed during set up, but the test of
    sendmail delivering fails. What can be occurred?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: