CentOS - Mar 2017 - Up to date guide/information Sendmail SMTP Auth

Hello all,

I've been googling my brains out since yesterday looking for up-to-date 
information on this matter, and have found information that is anywhere 
from 15 to 5 years old. I'd really like some information that much more 
up to date on the subject. Specifically configuring Sendmail SMTP 
authentication (_no smart host stuff_).

I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed:

- Cyrus-sasl
- Dovecot
- Openssl

Essentially everything I need except the working knowledge for the 
process. If someone knows where I might locate this information it would 
be greatly appreciated.

thanks

Mark

On Wed, 8 Mar 2017, Mark Weaver wrote:
> Hello all,
>
> I've been googling my brains out since yesterday looking for up-to-date
> information on this matter, and have found information that is anywhere
from
> 15 to 5 years old. I'd really like some information that much more up
to date
> on the subject. Specifically configuring Sendmail SMTP authentication (_no 
> smart host stuff_).
I wrote this article years ago:

   https://www.madboa.com/geek/sendmail-auth/

The configuration outlined there is essentially unchanged today. I 
have it running on a CentOS 7 machine with sendmail 8.14.

The only real change is the SOCKETDIR setting in 
/etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than 
/var/run/saslauthd). And, of course, I use systemctl rather than 
chkconfig to control boot-time behavior.

The trickier bit for me was stopping and restarting the whole SMTP 
toolchain, which includes spamassassin, clavav, and opendmarc. Below 
my .sig, I've included the shell script I use for that.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/


#!/bin/sh
#
# start/stop SMTP tool chain on mail.madboa.com
#
=====================================================================
LANG=C
PATH="/usr/bin:/usr/sbin"

function mail_start {
   sync && sync
   for S in \
     "clamd at clayton" "clamav-milter" \
     "opendmarc" \
     "spamassassin" "spamass-milter" \
     "sendmail"
   do
     echo -n "Starting $S :: "
     systemctl start ${S}.service
     if test $? -eq 0; then echo "ok"; else echo "failed";
fi
   done
}

function mail_status {
   for S in \
     "clamd at clayton" "clamav-milter" \
     "opendmarc" \
     "spamassassin" "spamass-milter" \
     "sendmail"
   do
     echo -n "$S :: "
     systemctl is-active ${S}.service
   done
}

function mail_stop {
   for S in \
     "sendmail" \
     "clamav-milter" "clamd at clayton" \
     "opendmarc" \
     "spamass-milter" "spamassassin"
   do
     echo -n "Stopping $S :: "
     systemctl stop ${S}.service
     if test $? -eq 0; then echo "ok"; else echo "failed";
fi
   done
}

case "$1" in
   start)
     mail_start
     ;;
   stop)
     mail_stop
     ;;
   restart)
     mail_stop
     mail_start
     ;;
   status)
     mail_status
     ;;
   *)
     echo "usage: $(basename $0) {start|stop|restart|status}"
     ;;
esac

# vim: set filetype=sh:

On 03/08/2017 10:41 AM, Mark Weaver wrote:
> Hello all,
>
> I've been googling my brains out since yesterday looking for 
> up-to-date information on this matter, and have found information that 
> is anywhere from 15 to 5 years old. I'd really like some information 
> that much more up to date on the subject. Specifically configuring 
> Sendmail SMTP authentication (_no smart host stuff_).
>
> I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also
installed:
>
> - Cyrus-sasl
> - Dovecot
> - Openssl
>
> Essentially everything I need except the working knowledge for the 
> process. If someone knows where I might locate this information it 
> would be greatly appreciated.
Do you need Cyrus-sasl anymore?  Dovecot now comes with its own sasl.

I am working up a 
C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto.

So, sorry, I switched from Sendmail to Postfix some 6+ years ago.

I am actually doing this on Centos7-amrv7hl, but it will work on all C7 
arches.  It will take me a couple more weeks to finish, but will share 
with anyone that wants it now or more wants to help.

Try this article, "Outbound authentication for Sendmail."

http://www.databook.bz/?page_id=3097

I wrote this after setting it up on my own CentOS server.


On 03/08/2017 10:41 AM, Mark Weaver wrote:
> Hello all,
>
> I've been googling my brains out since yesterday looking for
> up-to-date information on this matter, and have found information that
> is anywhere from 15 to 5 years old. I'd really like some information
> that much more up to date on the subject. Specifically configuring
> Sendmail SMTP authentication (_no smart host stuff_).
>
> I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also
installed:
>
> - Cyrus-sasl
> - Dovecot
> - Openssl
>
> Essentially everything I need except the working knowledge for the
> process. If someone knows where I might locate this information it
> would be greatly appreciated.
>
> thanks
>
> Mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
-- 

*********************************************************
David P. Both
*********************************************************
"I'd put my money on the sun and solar energy. What a
source of power! I hope we don't have to wait until oil
and coal run out before we tackle that."
  - Thomas Edison, in conversation with Henry Ford and
    Harvey Firestone, 1931
*********************************************************


-- 


*********************************************************
David P. Both, RHCE
Millennium Technology Consulting LLC
Raleigh, NC, USA
919-389-8678

dboth at millennium-technology.com

www.millennium-technology.com
www.databook.bz - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*********************************************************
This communication may be unlawfully collected and stored by the National
Security Agency (NSA) in secret. The parties to this email do not 
consent to the
retrieving or storing of this communication and any related metadata, as 
well as
printing, copying, re-transmitting, disseminating, or otherwise using 
it. If you
believe you have received this communication in error, please delete it
immediately.

On 03/08/2017 11:40 AM, Robert Moskowitz wrote:
>
>
> On 03/08/2017 10:41 AM, Mark Weaver wrote:
> > Hello all,
> >
> > I've been googling my brains out since yesterday looking for
> > up-to-date information on this matter, and have found information that
> > is anywhere from 15 to 5 years old. I'd really like some
information
> > that much more up to date on the subject. Specifically configuring
> > Sendmail SMTP authentication (_no smart host stuff_).
> >
> > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also
installed:
> >
> > - Cyrus-sasl
> > - Dovecot
> > - Openssl
> >
> > Essentially everything I need except the working knowledge for the
> > process. If someone knows where I might locate this information it
> > would be greatly appreciated.
>
> Do you need Cyrus-sasl anymore? Dovecot now comes with its own sasl.
>
> I am working up a
> C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto.
>
> So, sorry, I switched from Sendmail to Postfix some 6+ years ago.
>
> I am actually doing this on Centos7-amrv7hl, but it will work on all C7
> arches. It will take me a couple more weeks to finish, but will share
> with anyone that wants it now or more wants to help.
I thought about Postfix for a few minutes and decided because of the 
amount of other stuff I've got on my plate since I'm already familiar 
with Sendmail I decided to stay with it. But thank you.

On 03/08/2017 12:34 PM, David Both wrote:
> Try this article, "Outbound authentication for Sendmail."
>
> http://www.databook.bz/?page_id=3097
>
> I wrote this after setting it up on my own CentOS server.
>
Will definitely be having a look at this. The information is much 
appreciated.
>
> On 03/08/2017 10:41 AM, Mark Weaver wrote:
> > Hello all,
> >
> > I've been googling my brains out since yesterday looking for
> > up-to-date information on this matter, and have found information that
> > is anywhere from 15 to 5 years old. I'd really like some
information
> > that much more up to date on the subject. Specifically configuring
> > Sendmail SMTP authentication (_no smart host stuff_).
> >
> > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also
installed:
> >
> > - Cyrus-sasl
> > - Dovecot
> > - Openssl
> >
> > Essentially everything I need except the working knowledge for the
> > process. If someone knows where I might locate this information it
> > would be greatly appreciated.
> >
> > thanks
> >
> > Mark
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org <mailto:CentOS at centos.org>
> > https://lists.centos.org/mailman/listinfo/centos
>
> -- 
>
> *********************************************************
> David P. Both
> *********************************************************
> "I'd put my money on the sun and solar energy. What a
> source of power! I hope we don't have to wait until oil
> and coal run out before we tackle that."
> - Thomas Edison, in conversation with Henry Ford and
> Harvey Firestone, 1931
> *********************************************************
>
>
> -- 
>
>
> *********************************************************
> David P. Both, RHCE
> Millennium Technology Consulting LLC
> Raleigh, NC, USA
> 919-389-8678
>
> dboth at millennium-technology.com <mailto:dboth at
millennium-technology.com>
>
> www.millennium-technology.com
> www.databook.bz - Home of the DataBook for Linux
> DataBook is a Registered Trademark of David Both
> *********************************************************
> This communication may be unlawfully collected and stored by the National
> Security Agency (NSA) in secret. The parties to this email do not
> consent to the
> retrieving or storing of this communication and any related metadata, as
> well as
> printing, copying, re-transmitting, disseminating, or otherwise using
> it. If you
> believe you have received this communication in error, please delete it
> immediately.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org <mailto:CentOS at centos.org>
> https://lists.centos.org/mailman/listinfo/centos
> ------------------------------------------------------------------------
> Total Control Panel 	Login 
> <https://antispam.avgcloud.net/login?domain=compinfosystems.com>
>
> To: mweaver at compinfosystems.com 
>
<https://antispam.avgcloud.net/address-properties?aID=2556430&domain=compinfosystems.com>
>
> From: centos-bounces at centos.org
>
> 	
> Remove 
>
<https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-address=1&hID=1854216242&domain=compinfosystems.com>
> this sender from my allow list
>
> You received this message because the sender is on your allow list.
>

On 03/08/2017 11:00 AM, Paul Heinlein wrote:
> On Wed, 8 Mar 2017, Mark Weaver wrote:
>
> > Hello all,
> >
> > I've been googling my brains out since yesterday looking for
up-to-date
> > information on this matter, and have found information that is 
> anywhere from
> > 15 to 5 years old. I'd really like some information that much more
> up to date
> > on the subject. Specifically configuring Sendmail SMTP 
> authentication (_no
> > smart host stuff_).
>
> I wrote this article years ago:
>
> https://www.madboa.com/geek/sendmail-auth/
>
> The configuration outlined there is essentially unchanged today. I
> have it running on a CentOS 7 machine with sendmail 8.14.
>
> The only real change is the SOCKETDIR setting in
> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
> /var/run/saslauthd). And, of course, I use systemctl rather than
> chkconfig to control boot-time behavior.
>
> The trickier bit for me was stopping and restarting the whole SMTP
> toolchain, which includes spamassassin, clavav, and opendmarc. Below
> my .sig, I've included the shell script I use for that.
>
> -- 
> Paul Heinlein <> heinlein at madboa.com <mailto:heinlein at
madboa.com> <>
> http://www.madboa.com/
>
Hi Paul,

I much appreciate the info and will be having a look at it. I'll post 
back as to how its gone. Migrating is both enjoyable, exciting and a 
real BIG pain in the ass; all at the same time.
> #!/bin/sh
> #
> # start/stop SMTP tool chain on mail.madboa.com
> #
> =====================================================================>
> LANG=C
> PATH="/usr/bin:/usr/sbin"
>
> function mail_start {
> sync && sync
> for S in \
> "clamd at clayton <mailto:clamd at clayton>"
"clamav-milter" \
> "opendmarc" \
> "spamassassin" "spamass-milter" \
> "sendmail"
> do
> echo -n "Starting $S :: "
> systemctl start ${S}.service
> if test $? -eq 0; then echo "ok"; else echo "failed";
fi
> done
> }
>
> function mail_status {
> for S in \
> "clamd at clayton <mailto:clamd at clayton>"
"clamav-milter" \
> "opendmarc" \
> "spamassassin" "spamass-milter" \
> "sendmail"
> do
> echo -n "$S :: "
> systemctl is-active ${S}.service
> done
> }
>
> function mail_stop {
> for S in \
> "sendmail" \
> "clamav-milter" "clamd at clayton <mailto:clamd at
clayton>" \
> "opendmarc" \
> "spamass-milter" "spamassassin"
> do
> echo -n "Stopping $S :: "
> systemctl stop ${S}.service
> if test $? -eq 0; then echo "ok"; else echo "failed";
fi
> done
> }
>
> case "$1" in
> start)
> mail_start
> ;;
> stop)
> mail_stop
> ;;
> restart)
> mail_stop
> mail_start
> ;;
> status)
> mail_status
> ;;
> *)
> echo "usage: $(basename $0) {start|stop|restart|status}"
> ;;
> esac
>
> # vim: set filetype=sh:
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org <mailto:CentOS at centos.org>
> https://lists.centos.org/mailman/listinfo/centos
> ------------------------------------------------------------------------
> Total Control Panel 	Login 
> <https://antispam.avgcloud.net/login?domain=compinfosystems.com>
>
> To: mweaver at compinfosystems.com 
>
<https://antispam.avgcloud.net/address-properties?aID=2556430&domain=compinfosystems.com>
>
> From: centos-bounces at centos.org
>
> 	
> Remove 
>
<https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-address=1&hID=1854031573&domain=compinfosystems.com>
> this sender from my allow list
>
> You received this message because the sender is on your allow list.
>

On 03/08/2017 11:00 AM, Paul Heinlein wrote:
> On Wed, 8 Mar 2017, Mark Weaver wrote:
>
> > Hello all,
> >
> > I've been googling my brains out since yesterday looking for
up-to-date
> > information on this matter, and have found information that is 
> anywhere from
> > 15 to 5 years old. I'd really like some information that much more
> up to date
> > on the subject. Specifically configuring Sendmail SMTP 
> authentication (_no
> > smart host stuff_).
>
> I wrote this article years ago:
>
> https://www.madboa.com/geek/sendmail-auth/
>
> The configuration outlined there is essentially unchanged today. I
> have it running on a CentOS 7 machine with sendmail 8.14.
>
> The only real change is the SOCKETDIR setting in
> /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than
> /var/run/saslauthd). And, of course, I use systemctl rather 
> thachkconfig to control boot-time behavior.
>
> The trickier bit for me was stopping and restarting the whole SMTP
> toolchain, which includes spamassassin, clavav, and opendmarc. Below
> my .sig, I've included the shell script I use for that.
>
> -- 
> Paul Heinlein <> heinlein at madboa.com <mailto:heinlein at
madboa.com> <>
> http://www.madboa.com/
Hi Paul,

I followed your guide to the letter, however I think it seems I missed 
something. When I test with telnet to port 25 this is the result:

 > telnet merlin 25
Trying 10.10.3.6...
Connected to merlin.ciss.local.
Escape character is '^]'.
220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500
ehlo merlin
250-mdw1982.com Hello [10.10.3.102], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
 > auth login
504 5.3.3 AUTH mechanism login not available

thoughts?