Sending email directly from the MTA (mail transfer agent) on one’s server is now considered to be faux pas. Unless you’ve got that machine configured within DNS (MX record, reverse lookup, etc), it’d likely fail most basic spam checks at the destination mail server. The complexity of the configuration increases if you’ve got the need to masquerade emails from multiple domains.Instead, the ideal approach is to relay through a central SMTP gateway for all of the outbound emails generated from your server(s).
The downside of using google for relay is that it automatically sets the “from” address to the account that was used for smtp authentication. This article hacks sendmail.cf to dynamically change the authentication used based on the original “from” address. This would be applicable if you have an application that’s sending emails on behalf of multiple user accounts / domains.
To sum it up. Here’s how to get sendmail working in 10 minutes :
1. Install sendmail
Open Terminal and
sudo apt-get install sendmail sasl2-bin service saslauthd start sudo cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.orig sudo vi /etc/mail/sendmail.mc
2. Setup client-info
In /etc/mail/auth/client-info: (if you do not have this file, create it)
AuthInfo:smtp.gmail.com “U:root” “I:firstname.lastname@example.org” “P:password” “M:PLAIN” AuthInfo:smtp.gmail.com:587 “U:root” “I:email@example.com” “P:password” “M:PLAIN”
Set <firstname.lastname@example.org> and <password> to the same account you use to authenticate w/ gmail.
Create the client-info.db:
makemap -r hash client-info.db < client-info chmod 700 /etc/mail/auth chmod 600 /etc/mail/auth/*
Both client-info & client-info.db should have permission of 600.
3. Create certificates used by sendmail
This generates the certificates and files needed to authenticate successfully with GMAIL SMTP:
mkdir /etc/mail/certs cd /etc/mail/certs openssl dsaparam 1024 -out dsa1024 -out dsa1024.pem openssl req -x509 -nodes -days 3650 -newkey dsa:dsa1024.pem -out /etc/mail/certs/mycert.pem -keyout /etc/mail/certs/mykey.pem ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem openssl req -x509 -new -days 3650 -key /etc/mail/certs/mykey.pem -out /etc/mail/certs/mycert.pem chmod 700 /etc/mail/certs chmod 600 /etc/mail/certs/*
4. Add settings to sendmail.mc
We need to enable STARTTLS for GMAIL SMTP support. Earlier we installed sals2-bin which provides this support. A single line entry in sendmail.mc enables this feature. However, be sure to start sasl on boot by editing /etc/default/saslauthd and set START=yes
Make sure sendmail.mc has:
include(`/etc/mail/tls/starttls.m4')dnl define(`SMART_HOST',`smtp.gmail.com')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587') define(`ESMTP_MAILER_ARGS', `TCP $h 587') FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs') define(`confCACERT_PATH', `CERT_DIR') define(`confCACERT', `CERT_DIR/CAcert.pem') define(`confSERVER_CERT', `CERT_DIR/mycert.pem') define(`confSERVER_KEY', `CERT_DIR/mykey.pem') define(`confCLIENT_CERT', `CERT_DIR/mycert.pem') define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')
NOTE: Be aware that smart-quotes used in the code examples will not be recognised if pasted into your files! Ensure replacing smart-quotes by regular quotes (see comments below for further detail).
5. Finish off
Finally, update sendmail.cf:
m4 sendmail.mc > sendmail.cf cd /etc/mail make /etc/init.d/sendmail reload
To be safe, i like to rerun the configuration and go through any errors that come up :