I was trying to setup notifications on my home Nagios server. However I couldn't get sendmail to send an email because I don't have a static IP with my home internet connection. Every time I restart my modem, my external IP gets changed and it seems to be black listed and I couldn't send any emails to my iColud account.
The solution was simple. All I had to do is to configure sendmail to relay all my mail though Google's SMTP servers. However configuring this wasn't as smooth as I though. There were dependency requirements and after almost giving up, I got this to work! Here's how...
Installing Sendmail
Install sendmail with yum (sendmail-cf is needed for configation of sendmail)
yum install sendmail sendmail-cf
Then install sendmail-cf for configation of sendmail.
Additional Packages
Then Install cyrus-sasl-plain package.
yum install cyrus-sasl-plain.x86_64
If your SASL installation doesn’t have the “plain” and “login” lib you will have authentication problem with Gmail. You can see why when you get to the sendmail configuration in the later steps. The common error in the /var/log/maillog is this:
AUTH=client, available mechanisms do not fulfill requirements
This took me a really log time to debug, because this error message isn't very clear.
Creating Certificates
Then go to /etc/mail directory and create a directory called certs inside.
Generate cakey.pem private key and sendmail.pem certificate by running following two command.
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650
openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 3650
Enter the appropriate information when you're generating the certificates, such as your name, organization and email address.
I also copied /etc/pki/tls/certs/ca-bundle.crt to /ect/mail/certs and included it in the sendmail configuration file.
cp /etc/pki/tls/certs/ca-bundle.crt /etc/mail/certs
Other wise you’ll see some error like this:
unable to get local issuer certificate
The reason is that the ca bundle file has the Gmail certificate issuer. Although I read it somewhere that email still goes out with this error. Nonetheless, we don’t need to see this if we can fix it.
Configuration Gmail Authentication
Then I have the /etc/mail/auth/client-info looks like the following. This is to store the authentication details to my Gmail account. (Create a directory called auth inside /etc/mail to keep this file separate form other files)
AuthInfo:smtp.gmail.com “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”
AuthInfo:smtp.gmail.com:587 “U:root” “I:username@gmail.com” “P:password” “M:PLAIN”
If you use Gmail hosted email with your own domain name, you will have username@hostname.tld in there.
Make sure run:
makemap -r hash /etc/mail/auth/client-info.db < /etc/mail/auth/client-info
and chmod 600 on client info files
Sendmail Configuration
Now open /etc/mail/sendmail.mc file
Add the following lines after "dnl # be sent out through an external mail server:" line
FEATURE(`authinfo',`hash /etc/mail/authinfo/gmail-auth.db')dnl
define(`SMART_HOST',`smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR/ca-bundle.crt')
define(`confCRL', `CERT_DIR/ca-bundle.crt')
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
Build sendmail.cf from sendmail.mc. Use the following command,
m4 sendmail.mc > sendmail.cf
Now restart sendmail.
systemctl restart sendmail
Send an email using the following command
echo "Subject: test" | /usr/lib/sendmail -v youremail@yourdomain.com
For debugging data, please look at /var/log/maillog file.
Additional Information
To empty your mail queue run the following command,
rm -rf /var/spool/mqueue/*
To delete all mail for root, run the following command,
cat /dev/null > /var/spool/mail/root
When I was doing this configuration, I found this
article to be greatly helpful.