Sendmail to external email address

Zack

Member


Messages: 37

Code:
FreeBSD punkweb 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37
UTC 2015  root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
I am trying to send email using sendmail to my external email address. Noted this server is NOT setup as an email server.
I have changed the entry in /etc/mail/aliases to root: redacted@server.com.
This is my sendmail configuration file. (I'm not sure if this is a problem, but I have server *.mc and *.cf files in /etc/mail/
Code:
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
#   The Regents of the University of California.  All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#  notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#  notice, this list of conditions and the following disclaimer in the
#  documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#  must display the following acknowledgement:
#   This product includes software developed by the University of
#   California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its contributors
#  may be used to endorse or promote products derived from this software
#  without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#

#
#  This is a generic configuration file for FreeBSD 6.X and later systems.
#  If you want to customize it, copy it to a name appropriate for your
#  environment and do the modifications there.
#
#  The best documentation for this .mc file is:
#  /usr/share/sendmail/cf/README or
#  /usr/src/contrib/sendmail/cf/README
#
#  NOTE: If you enable RunAsUser, make sure that you adjust the permissions
#  and owner of the SSL certificates and keys in /etc/mail/certs to be usable
#  by that user.
#

divert(0)
VERSIONID(`$FreeBSD: releng/10.2/etc/sendmail/freebsd.mc 285304 2015-07-09 05:25:47Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Enable STARTTLS for receiving email.
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl
define(`confSERVER_KEY', `CERT_DIR/host.key')dnl
define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl
define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl

dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl  your permission.
dnl FEATURE(relay_based_on_MX)

dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For more information, visit
dnl http://en.wikipedia.org/wiki/DNSBL

dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected"'')

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
define(`SMART_HOST',`[mail.server.email]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo/email-auth.db')dnl
MAILER(local)
MAILER(smtp)
I have created a file in /etc/mail/authinfo, that contains the information for connecting to the email server.
Here is the output of /var/log/maillog when I try and send an email.
Code:
Dec 14 15:22:08 punkweb sendmail[1021]: tBEKM8vR001021: from=web, size=86, class=0, nrcpts=1, msgid=<201512142022.tBEKM8vR001021@punkweb.co>, relay=root@localhost
Dec 14 15:22:08 punkweb sendmail[1021]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Dec 14 15:22:08 punkweb sm-mta[1022]: STARTTLS=server, relay=punkweb [127.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Dec 14 15:22:08 punkweb sm-mta[1022]: tBEKM8wf001022: from=<web@punkweb.co>, size=377, class=0, nrcpts=1, msgid=<201512142022.tBEKM8vR001021@punkweb.co>, proto=ESMTPS, daemon=IPv4, relay=punkweb [127.0.0.1]
Dec 14 15:22:08 punkweb sendmail[1021]: tBEKM8vR001021: to=email@server.com, ctladdr=web (1002/1002), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30086, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (tBEKM8wf001022 Message accepted for delivery)
Dec 14 15:22:09 punkweb sm-mta[1024]: STARTTLS=client, relay=mx1.server.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
Dec 14 15:22:10 punkweb sm-mta[1024]: tBEKM8wf001022: to=<email@server.com>, ctladdr=<web@punkweb.co> (1002/1002), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=30377, relay=mx1.server.com. [176.9.0.140], dsn=5.7.1, stat=Service unavailable
Dec 14 15:22:10 punkweb sm-mta[1024]: tBEKM8wf001022: tBEKMAwe001024: DSN: Service unavailable
Dec 14 15:22:10 punkweb sm-mta[1024]: tBEKMAwe001024: to=email@server, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31401, relay=mx1.server.com. [176.9.0.140], dsn=5.7.1, stat=Service unavailable
Dec 14 15:22:11 punkweb sm-mta[1024]: tBEKMAwe001024: tBEKMAwf001024: return to sender: Service unavailable
Dec 14 15:22:11 punkweb sm-mta[1024]: tBEKMAwf001024: to=email@server.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=32425, relay=mx1.server.com. [176.9.0.140], dsn=5.7.1, stat=Service unavailable
Dec 14 15:22:11 punkweb sm-mta[1024]: tBEKMAwe001024: Losing ./qftBEKMAwe001024: savemail panic
Dec 14 15:22:11 punkweb sm-mta[1024]: tBEKMAwe001024: SYSERR(root): savemail: cannot save rejected email anywhere
Here is /etc/rc.conf
Code:
sendmail_enable="YES"
sendmail_submit_enable="YES"
sendmail_outbound_enable="YEs"
sendmail_msp_queue_enable="YES"

If you need any more information please let me know, I'm not sure what else I should include.

P.S:
If it's needed here is what /etc/mail contains.
Code:
Makefile  
aliases  
certs  
freebsd.submit.cf  
mailer.conf  
punkweb.mc  
sendmail.cf
README  
aliases.db  
freebsd.cf  
freebsd.submit.mc  
mailertable.sample  
punkweb.submit.cf  
submit.cf
access.sample  
authinfo  
freebsd.mc  
helpfile  
punkweb.cf  
punkweb.submit.mc  
virtusertable.sample
 

drhowarddrfine

Son of Beastie

Reaction score: 2,341
Messages: 4,308

I believe you don't have your domain name server set up for email. It's been a year since I've dealt with this so that's the first question I have. Did you set that up with your host?
 
OP
Zack

Zack

Member


Messages: 37

I believe you don't have your domain name server set up for email. It's been a year since I've dealt with this so that's the first question I have. Did you set that up with your host?
No I did not. Also this is a server I have in my home.
I just need a way to send emails to myself with my personal email address to my personal email address for when scripts are done running. From what I understand sendmail is the way to go.

EDIT: Seems to me like its the email provider I am using.
I tried the same using ssmtp and a gmail account and the gmail account works fine, however the other provider can't authenticate.
 

Oko

Daemon

Reaction score: 796
Messages: 1,620

You need to have static IP, valid authoritative MX record and correctly set reverse DNS. Still I would likely reject you e-mail but you have better chances than with dynamic IP, no authoritative DNS.
 

tingo

Son of Beastie

Reaction score: 638
Messages: 2,543

FWIW, I found Postfix much easier to set up than sendmail. YMMV.

Also, most (all?) external mail service providers (Google, etc.) nowadays require what Oko said. And getting all that on a small home setup can be hard (or expensive).
However, your ISP might let you send mail - if you authenticate first. So that requires using the submit port (587) and the required setup for that.
 

trev

Daemon

Reaction score: 297
Messages: 1,019

Does your ISP have a mail server? If so, use it as a smart host.
 
OP
Zack

Zack

Member


Messages: 37

I think you're misunderstanding what I was trying to do.
I'm trying to send an email to myself, from say gmail, with gmail, using sendmail. Or ssmtp. In this case I used ssmtp, so I can alert myself via email when scripts are done running. I'm not trying to setup my own mail server, been there and my ISP blocks it. As well as being on a DBL, so that's a no go.
 

usdmatt

Daemon

Reaction score: 602
Messages: 1,543

I'm confused. Your first message seems to show you trying to deliver emails directly from your system to a recipients MX server. This is what people are suggesting against.

Unless you want to jump through hoops you need to find an existing, working SMTP server (usually the upstream ISP) that you can use as a smartmailer (i.e. The emails go from your server, to the smartmailer, then to the recipient)

Also does the domain you are using in the sender email address exist and have either A or MX records. A lot of email servers don't like emails from addresses that they know they can't reply to.

Edit: I've just seen a SMART_HOST setting in your config, but the log seems to show emails going via a different server? Also you should only need the square brackets around the smart host if it's an IP address.

Edit 2: if you've run make in /etc/mail you should have a file called hostname.mc. You should edit that then run 'make install restart' to compile the cf file and install it as sendmail.cf
 

shepper

Aspiring Daemon

Reaction score: 324
Messages: 874

Although it is reported doable, sendmail's huge, monolithic structure makes this a challenge. This guide looks simple and to the point.
 

tobik@

Daemon
Developer

Reaction score: 1,420
Messages: 1,909

I think you're misunderstanding what I was trying to do.
I'm trying to send an email to myself, from say gmail, with gmail, using sendmail. Or ssmtp. In this case I used ssmtp, so I can alert myself via email when scripts are done running. I'm not trying to setup my own mail server, been there and my ISP blocks it. As well as being on a DBL, so that's a no go.
I've had success with mail/msmtp and GMail. You can setup mailer.conf(5) so that the system uses it to send emails. Should work with mail/ssmtp too.
 
OP
Zack

Zack

Member


Messages: 37

I was successful with mail/ssmtp. I found I had to use a gmail account to send the email to the email address I wanted to recieve it. I wasn't able to use the recieving email address as the sender as well, something to do with SSL and the provider.
 

drhowarddrfine

Son of Beastie

Reaction score: 2,341
Messages: 4,308

shepper I'm not going to say sendmail is easy but I would not discourage anyone from using it. It's far more flexible and "doable" as anything else and I'm betting used more than anything else, too.
 

Oko

Daemon

Reaction score: 796
Messages: 1,620

shepper I'm not going to say sendmail is easy but I would not discourage anyone from using it. It's far more flexible and "doable" as anything else and I'm betting used more than anything else, too.
If you have 15-20 years under you belt using Sendmail like some of my colleagues by all means you should keep using it. If you are just starting to manage mail servers my vote would go for Postfix or possibly to OpenSMTPD (if you need fewer features).
 

jasonvp

Active Member

Reaction score: 14
Messages: 110

If you have 15-20 years under you belt using Sendmail like some of my colleagues by all means you should keep using it. If you are just starting to manage mail servers my vote would go for Postfix or possibly to OpenSMTPD (if you need fewer features).

And I'd counter that with your signature line.

There's a reason that sendmail has withstood the test of time, even after several other MTAs have come along. The reason: it works. Insanely well. And is infinitely configurable to do all sorts of things. With that flexibility comes a learning curve. I'd argue that any UNIX-based OS has a similar style of learning curve when compared to other OSs. Right?
 

wblock@

Beastie Himself
Developer

Reaction score: 3,731
Messages: 13,851

For simple usage, Sendmail is not that hard to learn. FreeBSD's setup with the Makefile is easier than it is on other systems.
 

usdmatt

Daemon

Reaction score: 602
Messages: 1,543

I've been using Sendmail for over 10 years and I'm generally happy with it but I think it's had its day. It does work well, but not really any better than the alternatives. I've used Postfix a few times recently for newer projects and found it really nice.

From what I've seen Sendmail usage is starting to dwindle. I had a problem with a customer recently and we were the first ISP they'd had with the problem with. My Sendmail servers were following a CNAME on their domain and rewriting the envelope recipient address on emails (which surprised me to be honest). Testing with Postfix didn't have the same issue. Fortunately I managed to convince them that having a CNAME on their root domain was not really correct but obviously their argument was that it seemed to work fine with everyone other than us.

In a lot of cases it makes sense to just use Sendmail as it's built in, and I probably will continue to if I just need basic email functionality on a system, but I'm all for the devs removing it and pulling in a simple SMTP client, similar to what they did with unbound. I'd probably never bother using it again if they did that.
 

jasonvp

Active Member

Reaction score: 14
Messages: 110

I've been using Sendmail for over 10 years and I'm generally happy with it but I think it's had its day.

That's been said about sendmail for... um... ever? Kinda like another well-used daemon that people in the FreeBSD community seem hell-bent on replacing (psst: it won't happen).

My Sendmail servers were following a CNAME on their domain and rewriting the envelope recipient address on emails (which surprised me to be honest). Testing with Postfix didn't have the same issue. Fortunately I managed to convince them that having a CNAME on their root domain was not really correct but obviously their argument was that it seemed to work fine with everyone other than us.

When the RFC for CNAMEs allows it to be part of an MX record, sendmail will change. Just because there are MTAs out there not following spec doesn't make them right. Per RFC2181, 10.3 MX and NS records:
It can also have other RRs, but never a CNAME RR

That "never" part is sorta important. :)
 
Top