Sending email directly from the MTA (mail transfer agent) on one’s server is now considered to be faux pas. Unless you’ve got that machine configured within DNS (MX record, reverse lookup, etc), it’d likely fail most basic spam checks at the destination mail server. The complexity of the configuration increases if you’ve got the need to masquerade emails from multiple domains. Instead, the ideal approach is to relay through a central SMTP gateway for all of the outbound emails generated from your server(s).

I’ve been on Google mail hosting for a long time now and needed to configure my server to relay mail through it. Here’s a nice article that walks you through exactly what needs to be done to configure your sendmail MTA to relay through Gmail’s SMTP servers. Another similar post here.

The downside of using google for relay is that it automatically sets the “from” address to the account that was used for smtp authentication. This article hacks to dynamically change the authentication used based on the original “from” address. This would be applicable if you have an application that’s sending emails on behalf of multiple user accounts / domains.

It’s important that TLS/SSL is set up in order for Sendmail to upgrade the SMTP connection by issuing the STARTTLS command. Here’s a nice writeup.

To sum it up. The changes to sendmail are:

In /etc/mail/auth/client-info: “U:root” “” “P:password” “M:PLAIN” “U:root” “” “P:password” “M:PLAIN”

Set <username@hostname.tld> and <password> to the same account you use to authenticate w/ gmail.

Create the client-info.db:

$ makemap -r hash client-info.db < client-info

Both client-info & client-info.db should have permission of 600.

Make sure has:

FEATURE(`authinfo’,`hash /etc/mail/auth/client-info.db’)dnl
define(`RELAY_MAILER_ARGS’, `TCP $h 587′)
define(`ESMTP_MAILER_ARGS’, `TCP $h 587′)

define(`CERT_DIR’, `/etc/mail/certs’)
define(`confCACERT_PATH’, `CERT_DIR’)
define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)
define(`confCRL’, `CERT_DIR/ca-bundle.crt’)
define(`confSERVER_CERT’, `CERT_DIR/sendmail.pem’)
define(`confSERVER_KEY’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_CERT’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_KEY’, `CERT_DIR/sendmail.pem’)


The certificate files may reside elsewhere in your distro / install. You’ll want to verify that.

Finally, update

m4 >

Author: Catherine

Writing about entrepreneurship, mobile, tech, and wine.

Get Connected

    3 Responses

  1. Pingback: » Sendmail configuration using as authorized relay UNIX, OSX, Linux, Solaris and iPhone Café

  2. Pingback: Configuring Sendmail to relay through Gmail SMTP The AppGirl Blog | Last news of America

  3. j. says:

    Very helpful, not just for gmail but the same pattern (often a little simpler) can be used to make your various servers relay though your designated outbound mail server… like you mentioned, you might have done the work (rdns, spf, mx records) for the outbound mail server and not your 5 web servers.