Problem with Sendmail SMTP-AUTH and Mailman
I had Mailman working fine with Sendmail up until I enabled SMTP-AUTH in Sendmail. The messages get to Mailman but are not delivered to the list members anymore because Mailman does not authenticate. Disabling SMTP-AUTH is not an option as we are an ISP and have users that require email on the road and such, and we do not wish to be blacklisted as an open relay.
There aren't any messages in the archive that deal with this specifically, so my question is what EXACTLY do I have to do to get it to work with SMTP-AUTH. I have included my sendmail.mc file for review. I am running Fedora Core 1 with the latest stable versions of Sendmail and Mailman. Mailman is set to deliver to SMTPdirect if that is any help.
SENDMAIL.MC
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes
to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf
package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(
setup for Red Hat Linux')dnl
OSTYPE(linux')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(
SMART_HOST',smtp.your.provider') dnl # define(
confDEF_USER_ID',``8:12'')dnl
dnl define(confAUTO_REBUILD')dnl define(
confTO_CONNECT', 1m')dnl define(
confTRY_NULL_MX_LIST',true)dnl
define(confDONT_PROBE_INTERFACES',true)dnl define(
PROCMAIL_MAILER_PATH',/usr/bin/procmail')dnl define(
ALIAS_FILE', /etc/aliases')dnl dnl define(
STATUS_FILE', /etc/mail/statistics')dnl define(
UUCP_MAILER_MAX', 2000000')dnl define(
confUSERDB_SPEC', /etc/mail/userdb.db')dnl define(
confPRIVACY_FLAGS',
authwarnings,novrfy,noexpn,restrictqrun')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # define(
confAUTH_OPTIONS',A') TRUST_AUTH_MECH(
DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(confAUTH_MECHANISMS',
DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(confCACERT_PATH',
/usr/share/ssl/certs')dnl
define(confCACERT',
/usr/share/ssl/certs/ca-bundle.crt')dnl
define('confSERVER_CERT',/usr/share/ssl/certs/sendmail.pem')dnl define(
confSERVER_KEY',/usr/share/ssl/certs/sendmail.pem')dnl FEATURE(delay_checks)dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # dnl TRUST_AUTH_MECH(
EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(confAUTH_MECHANISMS',
EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(confCACERT_PATH',
/usr/share/ssl/certs')
dnl define(confCACERT',
/usr/share/ssl/certs/ca-bundle.crt')
dnl define(confSERVER_CERT',
/usr/share/ssl/certs/sendmail.pem')
dnl define(confSERVER_KEY',
/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with
OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(confDONT_BLAME_SENDMAIL',
groupreadablekeyfile')dnl
dnl #
dnl define(confTO_QUEUEWARN',
4h')dnl
dnl define(confTO_QUEUERETURN',
5d')dnl
dnl define(confQUEUE_LA',
12')dnl
dnl define(confREFUSE_LA',
18')dnl
define(confTO_IDENT',
0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(no_default_msa',
dnl')dnl
FEATURE(smrsh',
/usr/sbin/smrsh')dnl
FEATURE(mailertable',
hash -o /etc/mail/mailertable.db')dnl
FEATURE(virtusertable',
hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his
quota.
dnl #
FEATURE(local_procmail,',
procmail -t -Y -a $h -d $u')dnl
FEATURE(access_db',
hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(blacklist_recipients')dnl EXPOSED_USER(
root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback
address
dnl # 127.0.0.1 and not on any other network devices. Remove the
loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(Port=smtp, Addr=127.0.0.1, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # DAEMON_OPTIONS(
Port=submission, Name=MSA, M=Ea')dnl
DAEMON_OPTIONS(Port=smtp, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(
Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6
loopback
dnl # device. Remove the loopback address restriction listen to the
network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # dnl FEATURE(
accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(
localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com
as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
-- Christopher Tyler Operations Manager
Nexlink Communications, Inc. http://www.nexlinkinc.net (417) 520-0670
Christopher Tyler wrote:
I had Mailman working fine with Sendmail up until I enabled SMTP-AUTH in Sendmail. The messages get to Mailman but are not delivered to the list members anymore because Mailman does not authenticate. Disabling SMTP-AUTH is not an option as we are an ISP and have users that require email on the road and such, and we do not wish to be blacklisted as an open relay.
That is exactly the problem I had. The answer is in Jim Tittsler's message "Re: No footer" posted to this list on June 26th 2004. Thought I'd post a pointer, since the subject does not reveal what treasure is inside :) Yours, Stefan Jim Tittsler wrote:
[...] Ah! Python's smtplib module grew support for SMTP auth in version 2.2. If you need only a single user/password, you could embed it in SMTPdirect:
--- /usr/local/src/mailman-2.1.5/Mailman/Handlers/SMTPDirect.py 2004-01-23 08:02:07.000000000 +0900 +++ SMTPDirect.py 2004-06-24 11:55:29.420208168 +0900 @@ -61,6 +61,7 @@ def __connect(self): self.__conn = smtplib.SMTP() self.__conn.connect(mm_cfg.SMTPHOST, mm_cfg.SMTPPORT) + self.__conn.login('user', 'password') self.__numsessions = mm_cfg.SMTP_MAX_SESSIONS_PER_CONNECTION
def sendmail(self, envsender, recips, msgtext):
--- /usr/local/src/mailman-2.1.5/Mailman/Handlers/SMTPDirect.py
Cleaner alternatives might be to: - if the user/passord are the same for all the lists, put them in your mm_cfg.py and reference them here - add them to the affected list's MailList object (using bin/withlist) and reference them here (guarded by an 'if' to make sure they exist)
participants (2)
-
Christopher Tyler
-
Stefan Waidele jun.