Postings
Configuring Sendmail to relay through Gmail SMTP
Sending email directly from the MTA (mail transfer agent) on one’s server is now considered to be faux pas. Unless you’ve got that machine configured within DNS (MX record, reverse lookup, etc), it’d likely fail most basic spam checks at the destination mail server. The complexity of the configuration increases if you’ve got the need to masquerade emails from multiple domains. Instead, the ideal approach is to relay through a central SMTP gateway for all of the outbound emails generated from your server(s).
I’ve been on Google mail hosting for a long time now and needed to configure my server to relay mail through it. Here’s a nice article that walks you through exactly what needs to be done to configure your sendmail MTA to relay through Gmail’s SMTP servers. Another similar post here.
The downside of using google for relay is that it automatically sets the “from” address to the account that was used for smtp authentication. This article hacks sendmail.cf to dynamically change the authentication used based on the original “from” address. This would be applicable if you have an application that’s sending emails on behalf of multiple user accounts / domains.
It’s important that TLS/SSL is set up in order for Sendmail to upgrade the SMTP connection by issuing the STARTTLS command. Here’s a nice writeup.
To sum it up. The changes to sendmail are:
In /etc/mail/auth/client-info:
AuthInfo:smtp.gmail.com “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”
AuthInfo:smtp.gmail.com:587 “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”
Set <username@hostname.tld> and <password> to the same account you use to authenticate w/ gmail.
Create the client-info.db:
$ makemap -r hash client-info.db < client-info
Both client-info & client-info.db should have permission of 600.
Make sure sendmail.mc has:
FEATURE(`authinfo’,`hash /etc/mail/auth/client-info.db’)dnl
define(`SMART_HOST’,`smtp.gmail.com’)dnl
define(`RELAY_MAILER_ARGS’, `TCP $h 587′)
define(`ESMTP_MAILER_ARGS’, `TCP $h 587′)define(`CERT_DIR’, `/etc/mail/certs’)
define(`confCACERT_PATH’, `CERT_DIR’)
define(`confCACERT’, `CERT_DIR/ca-bundle.crt’)
define(`confCRL’, `CERT_DIR/ca-bundle.crt’)
define(`confSERVER_CERT’, `CERT_DIR/sendmail.pem’)
define(`confSERVER_KEY’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_CERT’, `CERT_DIR/sendmail.pem’)
define(`confCLIENT_KEY’, `CERT_DIR/sendmail.pem’)define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)
The certificate files may reside elsewhere in your distro / install. You’ll want to verify that.
Finally, update sendmail.cf:
Filed under: cli-fu — Tags: email, google, hosting, masquerade, smtp — appgirl @ 12:41 pmm4 sendmail.mc > sendmail.cf
Comments (2)
2 Comments »
RSS feed for comments on this post. TrackBack URL
Leave a comment
About
My name is Catherine Liao and welcome to my blog. Under news you'll find the latest postings of various blogs I follow. The topics tend to center around WAN Optimization, Cloud Computing, Data Center, Virtualization, Servers, Web Technologies and 24x7 Operations.
These are topics that I'm interested in as I've spent a large chunk of my professional career building, deploying, and maintaining 24x7 application delivery environments. I use the knowledge I've garnered daily in my role as a Business Development Manager for Cisco. I should note that this site is my personal site and does not reflect the views of Cisco.
I'm also very passionate about wine and have created a mobile platform for wine lovers to remember and share the wines they are having. How often have you asked yourself "What was that great bottle of wine I had last night"? Corkbin solves that problem by being your pocket wine memory. The app records the label, notes, & gps location of a wine so that you can look it up the next time you're in a restaurant or wine shop.
Feel free to drop me a note if you find this site useful or if you'd like for me to check out your blog. I can be reached at catherine.liao@gmail.com. You can also connect with me via LinkedIn or Twitter.
Looking for less "geeky" content? Check out my travel blog 1-Day Itinerary.
[...] Catherine Liao. Very nice article! Also missing an important ingredient! [...]
Pingback by » Sendmail configuration using gmail.com as authorized relay UNIX, OSX, Linux, Solaris and iPhone Café — September 21, 2010 @ 7:18 pm
[...] what needs to be done to configure your sendmail MTA to relay through Gmail's SMTP servers. Full news story This entry was posted in HOT News and tagged g mail, gmail, gmail login, gmail.hu, mail, yahoo [...]
Pingback by Configuring Sendmail to relay through Gmail SMTP The AppGirl Blog | Last news of America — March 28, 2011 @ 12:50 am