# Trying to configure sendmail to use relay host:587 with smtp auth and tls



## ProServ (Nov 2, 2022)

Hi,
Trying to get sendmail to auth with email address/pass to relay host using tls for outbound mail, no incoming mail. What is happening is it tries to auth as root instead of what was configured in authinfo on the remote relay host and it obviously fails. 

Did searches for something things like this and have tried some of the configs with host.internal.mc such as:

```
dnl define(`SMART_HOST', `domain.tld:587')
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
dnl define(`SMART_HOST', `domain.tld')

dnl SET OUTBOUND DOMAIN
MASQUERADE_AS(`domain.tld')
MASQUERADE_DOMAIN(domain.tld)
FEATURE(masquerade_envelope)
FEATURE(masquerade_entire_domain)
```
and further down in the .mc file it has:

```
dnl SMART HOST CONFIG
define(`SMART_HOST', `domain.tld')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/authinfo.db')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl Uncomment the first line to change the location of the default
```
Since this FreeBSD Server is behind firewall also have masquerade but it is not working .

Perhaps if someone can point out a good site to configure sendmail for FreeBSD for what I am trying to do, that would be very helpful.
Thanks.


----------



## covacat (Nov 2, 2022)

```
cat /etc/mail/auth/client-info
AuthInfo:smtp.host.com  "U:username@dom" "I:username@dom" "P:ou6BkUVmZE44aIgoS8KnCw" "M:LOGIN"
```
then makemap hash client-info < client-info


----------



## gpw928 (Nov 2, 2022)

Many years ago when I was setting up sendmail(8) to talk to Google's mail servers (which use TLS), I bookmarked this sendmail configuration guide posting by "granth".

I'm not sure if the current FreeBSD sendmail package is made with the "-DSASL" option (it used not to be), but you need it (`pkg install cyrus-sasl` and build/install the sendmail port with appropriate options).

If you are actually trying to connect to Gmail or GSuite, I have working instructions to get sendmail working.


----------



## ProServ (Nov 3, 2022)

Hi,
I tried this guide https://www.digitalocean.com/commun...al-smtp-service-with-sendmail-on-freebsd-10-1 but the smtp auth fails as it uses root@host.tld instead of the username/pass placed in authinfo. The relay host is one server used for hosting etc.

Not sure what is preventing sendmail seems to ignore /etc/mail/authinfo

*H=(gw.internal) [192.168.25.252]:33407 sender verify fail for <root@gw.internal>: The mail server does not recognize root@gw.internal as a valid sender.*
The masquerade section seems to be ignored also:

dnl SET OUTBOUND DOMAIN
MASQUERADE_AS(`domain.tld')
MASQUERADE_DOMAIN(domain.tld)
FEATURE(masquerade_envelope)
FEATURE(masquerade_entire_domain)

Have vpn between one office and data center. That's why the RFC1918 address.

Thanks.


----------



## covacat (Nov 3, 2022)

ProServ said:


> Hi,
> I tried this guide https://www.digitalocean.com/commun...al-smtp-service-with-sendmail-on-freebsd-10-1 but the smtp auth fails as it uses root@host.tld instead of the username/pass placed in authinfo. The relay host is one server used for hosting etc.
> 
> Not sure what is preventing sendmail seems to ignore /etc/mail/authinfo
> ...


don't use authinfo, use client-info as I posted above


----------



## ProServ (Nov 3, 2022)

Hi CovaCat, yeah I have auth/client-info and client-info.db  I will change the .mc auth section to use it ......
FEATURE(`authinfo',`hash /etc/mail/auth/client-info.db')dnl
.
.
Restarted sendmail after the change to client-info

 H=(gw.internal) [192.168.25.252]:30819 sender verify fail for <root@gw.internal>: The mail server does not recognize root@gw.internal as a valid sender.
2022-11-03 14:02:52 H=(gw.internal) [192.168.25.252]:30819 X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<root@gw.internal> rejected RCPT <some.user@some_domain.tld>: Sender verify failed

The auth-info contains an email address, which is not root@gw.internal, as the user and its passwd. Sendmail does not appear to be using it.

Thanks.


----------



## covacat (Nov 3, 2022)

AuthInfo:z.host.com  "U:HEREISTHESENDMAIL" "I:NEVERMINDTHEBOLLOCKS" "Pu6BkUVmZE44aIgoS8KnCw" "M:LOGIN"

```
Nov  3 20:34:28 z sm-mta[71852]: 2A3IYSYf071852: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, user=NEVERMINDTHEBOLLOCKS, relay=....
```
so the I: key is sent for this host
the first line is the content of client-info (dont forget to make map hash client-info  < client-info in /etc/mail/auth )
the log is from z.host.com


----------



## ProServ (Nov 4, 2022)

Hi,
The auth/client-info is set right. However sendmail is not using it because it tries to auth as root/hostname instead of the email address in client-info.


----------



## facedebouc (Nov 4, 2022)

For AUTH authentication I am using sendmail from ports/packages which is compiled with SASL.
Please see mail/sendmail for supplied options.


----------

