# Unable to send mail from freebsd box to SMTP gmail server using sendmail



## TheGuyGuy (Nov 1, 2009)

Okay, I know it's probably been asked a million times before, but I've been trying to get this to work for days. I've followed all kinds of how-to's available on google and this site, but still haven't been able to get this to work.

The basic problem is that I still continue to receive

530-5.5.1 Authentication Required. Learn more at
530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 23sm977753pxi.9

errors whenever I try sending outgoing mail (SMTP) to gmail from my FreeBSD box (7.2-RELEASE). I don't find the suggested help web page to be useful at all. I am able to download mail to my freebsd box just fine using fetchmail and pop.gmail.com.

Using just the basic "mail -s" program, I get the following pretty much no matter what I do:


```
(echo subject: test; echo) | sendmail -Am -v -flocalusername -- destination@address.com
destination@address.com... Connecting to gmail-smtp-msa.l.google.com. port 587 via relay...
220 mx.google.com ESMTP 23sm977753pxi.9
>>> EHLO localhost.localdomain
250-mx.google.com at your service, [71.20.155.193]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 PIPELINING
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO localhost.localdomain
250-mx.google.com at your service, [71.20.155.193]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING
>>> MAIL From:<localusername@localhost.localdomain> SIZE=15
[color="Red"]530-5.5.1 Authentication Required. Learn more at                              
530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 23sm977753pxi.9[/color]
localusername... Connecting to local...
localusername... Sent
Closing connection to gmail-smtp-msa.l.google.com.
>>> QUIT
221 2.0.0 closing connection 23sm977753pxi.9
```

The corresponding output for the mail logfile is:


```
Nov  1 13:30:23 localhost sendmail[23348]: nA1LUNda023348: from=localusername, size=15, class=0, nrcpts=1, msgid=
<200911012130.nA1LUNda023348@localhost.localdomain>, relay=root@localhost
Nov  1 13:30:23 localhost sendmail[23348]: STARTTLS=client, relay=gmail-smtp-msa.l.google.com., version=TLSv1/SSLv3, 
[color="Red"]verify=FAIL[/color], cipher=RC4-MD5, bits=128/128
Nov  1 13:30:24 localhost sendmail[23348]: nA1LUNda023348: to=destination@address.com, ctladdr=localusername (1001/1001), delay=00:00:01, 
xdelay=00:00:01, mailer=relay, pri=30015, relay=gmail-smtp-msa.l.google.com. [74.125.155.109], dsn=5.0.0, stat=Service unavailable
Nov  1 13:30:24 localhost sendmail[23348]: nA1LUNda023348: nA1LUNdb023348: DSN: Service unavailable
Nov  1 13:30:24 localhost sendmail[23348]: nA1LUNdb023348: to=localusername, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31039, 
dsn=2.0.0, stat=Sent
```

Note the "verify=FAIL" above which corresponds the failed authentication (or that is just my guess). I've not yet seen a "verify=SUCCEED" or something instead.

I've turned my head around on this problem, trying to re-create my SSL certificates in a million different ways. Among others, I've tried following this recipe:

http://www.puresimplicity.net/~hemi/freebsd/sendmail.html

as well as this one:

http://james-lloyd.com/getting-sendmail-use-gmail-as-a-relay-2/

but none have worked. I've re-installed SASL2 and sendmail several times, but doesn't seem to make any difference. Here are my relevant installed packages:


```
cyrus-sasl-2.1.23   RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.23 SASL authentication server for cyrus-sasl2
sendmail+tls+sasl2-8.14.3 Reliable, highly configurable mail transfer agent with util
```

Output from '/usr/sbin/sendmail -d0.1 -bv root':


```
Version 8.14.3
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF 
STARTTLS TCPWRAPPERS USERDB XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = localhost
  (canonical domain name) $j = localhost.localdomain
         (subdomain name) $m = localdomain
              (node name) $k = localhost.localdomain
========================================================

localusername... deliverable: mailer local, user localusername
```

Contents of auth/client-info. I've also tried fully-qualified e-mail address, but no change:


```
AuthInfo:smtp.gmail.com "U:root" "I:gmail.account" "P:mypassword" "M:PLAIN"
AuthInfo:smtp.gmail.com:465 "U:root" "I:gmail.account" "P:mypassword" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:root" "I:gmail.account" "P:mypassword" "M:PLAIN"
```

Contents of genericstable (probably not related):


```
localusername    gmail.account@gmail.com
```

To be honest, at this point, I'd just assume be able to send mail to gmail without either SSL or AUTH at all -- just to get it working. But, I'm pretty sure gmail SMTP requires both now.

Here is my current .mc file. As you can see I've been commenting out things and re-trying different things over and over. Tried different ports, different protocols, different certs, different addresses, different domain/usernames, but no change.


```
divert(-1)
dnl  The best documentation for this .mc file is:
dnl  /usr/share/sendmail/cf/README or
dnl  /usr/src/contrib/sendmail/cf/README
divert(0)

VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.11 2001/07/14 18:07:27 gshapiro Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)

define(`SMART_HOST', `[smtp.gmail.com]')
dnl define(`ESMTP_MAILER_ARGS', `TCP $h 465')
dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
define(`confMAX_MIME_HEADER_LENGTH', `256/128')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')

dnl FEATURE(access_db, `hash -T<TMPF> /etc/mail/access')
dnl FEATURE(blacklist_recipients)
dnl FEATURE(local_lmtp)
dnl FEATURE(mailertable, `hash -o /etc/mail/mailertable')
dnl FEATURE(relay_based_on_MX)
dnl FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl FEATURE(`genericstable', `hash -o /etc/mail/genericstable')
dnl Need the following to avoid being unable to d/l e-mails from
dnl pop.gmail.com with fetchmail who come from domains which
dnl do not have reverse DNS lookups (nslookups)
FEATURE(`accept_unresolvable_domains')dnl

dnl MASQUERADE_AS(`gmail.com')
dnl FEATURE(masquerade_envelope)

dnl GENERICS_DOMAIN(`localhost.localdomain')
dnl GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')
FEATURE(local_procmail)

dnl higher number is more verbose (68 is fairly verbose, 9 is default)
dnl define(`confLOG_LEVEL', `68')dnl

define(`CERT_DIR', `/usr/local/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl

dnl define(`CERT_DIR', `/usr/local/certs')dnl
dnl define(`confCACERT_PATH', `CERT_DIR')dnl
dnl define(`confCACERT', `CERT_DIR/cacert.pem')dnl
dnl define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl

define(`confAUTH_OPTIONS', `A')dnl
define(`confAUTH_MECHANISMS', `GSSAPI EXTERNAL DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')
dnl
define(`confDEF_AUTH_INFO', `/etc/mail/auth/client-info')dnl
TRUST_AUTH_MECH(`GSSAPI EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info')dnl
dnl FEATURE(`authinfo',`hash /etc/mail/auth/client-info.db')dnl

DAEMON_OPTIONS(`Family=inet, Port=587, Name=MTA-SSL, M=s')dnl
dnl DAEMON_OPTIONS(`Family=inet, Port=465, Name=TLSMTA-SSL, M=s')dnl
dnl DAEMON_OPTIONS(`Family=inet, Port=25, Name=MTA')dnl
dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

MAILER(local)
MAILER(smtp)
MAILER(procmail)

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
```

After I make each change, I do the following in /etc/mail (just so we're clear -- I know a few steps are probably overkill):


```
cd auth
makemap -r hash client-info.db < client-info
cd ..
makemap -r hash genericstable.db < genericstable
make
cp localhost.localdomain.cf sendmail.cf
cp localhost.localdomain.submit.cf submit.cf
make
killall -HUP sendmail
```

Any suggestions would be appreciated. It seems that I'm not doing something yet which gmail expects in order for it to work. Let me know if I've left out some useful information. Thanks,

TheGuyGuy


----------



## crsd (Nov 1, 2009)

"Using sendmail as a client with AUTH" in http://www.sendmail.org/~ca/email/auth.html (linked from http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html) always helped me to set it up. Try following it, as I can see some differences with your setup.
And instead of makemap' and cp'ing in /etc/mail, you could just use:

```
make all install restart
```


----------



## TheGuyGuy (Nov 1, 2009)

crsd said:
			
		

> "Using sendmail as a client with AUTH" in http://www.sendmail.org/~ca/email/auth.html (linked from http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html) always helped me to set it up. Try following it, as I can see some differences with your setup.
> And instead of makemap' and cp'ing in /etc/mail, you could just use:
> 
> ```
> ...



Hmm... I don't have these directories. They don't exist on my machine.


```
/usr/src/lib/libsmutil
/usr/src/lib/libsm
/usr/src/usr.sbin/sendmail
```

?


----------



## TheGuyGuy (Nov 1, 2009)

crsd said:
			
		

> "Using sendmail as a client with AUTH" in http://www.sendmail.org/~ca/email/auth.html (linked from http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html) always helped me to set it up. Try following it, as I can see some differences with your setup.
> And instead of makemap' and cp'ing in /etc/mail, you could just use:
> 
> ```
> ...



I went through the recipe on the first URL with the same results. (I had tried this recipe once before actually.)

As for the missing directories, I found these libraries in the /usr/ports/mail/sendmail-sasl/work/sendmail-8.14.3 ports install directory, but I can't tell where they are installed during "make install".


----------



## aragon (Nov 2, 2009)

Are you particularly attached to using sendmail?

If not and you just want to get mail off your system, take a look at mail/ssmtp.  100000000x easier and liter.


----------



## TheGuyGuy (Nov 3, 2009)

*Ah yes*



			
				aragon said:
			
		

> Are you particularly attached to using sendmail?
> 
> If not and you just want to get mail off your system, take a look at mail/ssmtp.  100000000x easier and liter.



Took your advice and installed ssmtp with procmail and fetchmail. All work like a charm with gmail. Deleted sendmail. Thanks! :e

TheGuyGuy


----------

