rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| setting up Sendmail using new auth requirementsI thought I would share the results of my experimentation in getting Sendmail to work with outgoing.verizon.net. Specifically, the configuration I have established will work for Sendmail 8.12.8; it may work with others too, but this is the one that comes with Red Hat Linux 9. I would also be interested if anyone has any ideas for additions or corrections. If it passes review here after a while, I guess I'll suggest that it be added to the Verizon FAQ.
As you know, in an attempt to reduce spam, Verizon began requiring all outbound customer email to issue a MAIL FROM: during the SMTP session with a local (e.g., @verizon.net) address. Subsequently, they also required that you authenticate using your Verizon user ID and password as well. Many other broadband providers have blocked all outbound connections on the default SMTP TCP port except for their relays, and it may be only a matter of time before Verizon does this too.
For most users (who use something like Mozilla, Internet Explorer, Eudora, etc.), this is not a problem because those MUAs (mail user agents) have configuration dialogs and fancy stuff like that which already "know" how to interact with ESMTP servers that require authentication. Sendmail's documentation does explain it, but it is very general and doesn't cover how exactly to set up this for the simple case of the Verizon server.
The first thing that's required is to tell Sendmail that it should use a "smart host." A smart host is a mail server that takes all one's outbound mail and delivers it to the final recipients on behalf of one's copy of Sendmail. While it is advantageous to send mail autonomously (without a smart host), Verizon may administer their networks sometime in the future to make this impossible. One does this by adding the following to one's sendmail.mc file and rebuilding the configuration with M4:
define(`SMART_HOST', `outgoing.verizon.net')
Those of you who have worked with M4 before know that string literals are expressed differently than in most compiler or interpreter programs. Whereas most programs use the same open and close marks (such as quote or apostrophe), M4 strings start with a backquote and end with apostrophe, so be careful when editing. Alternately, if you don't like to use M4 or you don't have all of Sendmail's M4 support files on your computer, and you'd like to edit sendmail.cf directly, the macro definition ("D") for the smart host is "S". So typically there is a line with just "DS" on it; you can change this to "DSoutgoing.verizon.net". This is what the above define() should produce after processing sendmail.mc with M4.
The next part is harder if you don't use M4 and you don't use the access.db file already (because I don't know what is generated in sendmail.cf for the access map. You need to add the following macro call to your sendmail.mc:
FEATURE(`access_db')
This sets up Sendmail to use a hash table file called /etc/mail/access.db. It is built using makemap, typically from /etc/mail/access. Red Hat for example makes this a bit easier by providing a Makefile, so all one has to do is change one's working directory to /etc/mail and type in make as the superuser (root). Since this feature is so heavily used, even if your sendmail.cf was built with M4 by somebody else (such as Red Hat), chances are they included this feature already.
Next, you must edit that file named access to add an "AuthInfo:" key. These hash file input files are simple text files, with one entry per line, the lookup key on the left, some whitespace, and the key's value on the right. So you need to add a line like the following:
AuthInfo:outgoing.verizon.net "U:youruserid@verizon.net" "I:youruserid@verizon.net" "P:yourmailpassword" "M:PLAIN"
The quote marks are required. Having both "U" and "I" subkeys seems to be a Sendmail requirement (says so right in the README.cf file), although they worked for me when they were the same. I'm not sure if the domain (@verizon.net) part is required, but again, it worked for me like this. The M subkey is the authentication mechanism, and so far, Verizon is using just plain text. Remember: at least your password, and probably your username too, is case sensitive. If your password happens to have some strange characters (e.g. Ctrl chars), instead of using "P:" you can use "P=" and insert the base64 encoding of your password.
Now all you have to do is make sure your sendmail.cf corresponds to your sendmail.mc (Red Hat 9 users can just make -C /etc/mail to automatically invoke M4), make sure your access.db corresponds to your access, and restart Sendmail (Red Hat et. al., service sendmail restart).
If you don't have a Makefile, the commands go some thing like this as the superuser:
cd /etc/mail
m4 sendmail.mc >sendmail.cf
makemap hash access.db <access
You can check your result with a Telnet client like this (assuming your Sendmail is on the local host and you have access to email somewhere else):
telnet localhost smtp
mail from:<youruserid@verizon.net>
rcpt to:<yourid@yahoo.com>
data
To: yourid@yahoo.com
Subject: test of Sendmail smart host
testing...
.
quit
Only bare addresses (no names or anything else) with "<" before and ">" after are acceptable here. The "." on a line by itself (no spaces around it either) is important. This tells Verizon's MTA (mail transport agent) that the message is done. Similarly, the totally blank line between "Subject: ..." and "testing" is necessary; it ends the mail headers and begins the mail body. Usually, right after Sendmail is through collecting the "message" from you, it should make a connection to "outgoing.verizon.net". In a little while, this little test message should show up in the inbox of whatever address you typed in after "rcpt to:".
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here |
