Mark Weaver
2017-Mar-08 15:41 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
Hello all, I've been googling my brains out since yesterday looking for up-to-date information on this matter, and have found information that is anywhere from 15 to 5 years old. I'd really like some information that much more up to date on the subject. Specifically configuring Sendmail SMTP authentication (_no smart host stuff_). I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed: - Cyrus-sasl - Dovecot - Openssl Essentially everything I need except the working knowledge for the process. If someone knows where I might locate this information it would be greatly appreciated. thanks Mark
Paul Heinlein
2017-Mar-08 16:00 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On Wed, 8 Mar 2017, Mark Weaver wrote:> Hello all, > > I've been googling my brains out since yesterday looking for up-to-date > information on this matter, and have found information that is anywhere from > 15 to 5 years old. I'd really like some information that much more up to date > on the subject. Specifically configuring Sendmail SMTP authentication (_no > smart host stuff_).I wrote this article years ago: https://www.madboa.com/geek/sendmail-auth/ The configuration outlined there is essentially unchanged today. I have it running on a CentOS 7 machine with sendmail 8.14. The only real change is the SOCKETDIR setting in /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than /var/run/saslauthd). And, of course, I use systemctl rather than chkconfig to control boot-time behavior. The trickier bit for me was stopping and restarting the whole SMTP toolchain, which includes spamassassin, clavav, and opendmarc. Below my .sig, I've included the shell script I use for that. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/ #!/bin/sh # # start/stop SMTP tool chain on mail.madboa.com # ===================================================================== LANG=C PATH="/usr/bin:/usr/sbin" function mail_start { sync && sync for S in \ "clamd at clayton" "clamav-milter" \ "opendmarc" \ "spamassassin" "spamass-milter" \ "sendmail" do echo -n "Starting $S :: " systemctl start ${S}.service if test $? -eq 0; then echo "ok"; else echo "failed"; fi done } function mail_status { for S in \ "clamd at clayton" "clamav-milter" \ "opendmarc" \ "spamassassin" "spamass-milter" \ "sendmail" do echo -n "$S :: " systemctl is-active ${S}.service done } function mail_stop { for S in \ "sendmail" \ "clamav-milter" "clamd at clayton" \ "opendmarc" \ "spamass-milter" "spamassassin" do echo -n "Stopping $S :: " systemctl stop ${S}.service if test $? -eq 0; then echo "ok"; else echo "failed"; fi done } case "$1" in start) mail_start ;; stop) mail_stop ;; restart) mail_stop mail_start ;; status) mail_status ;; *) echo "usage: $(basename $0) {start|stop|restart|status}" ;; esac # vim: set filetype=sh:
Robert Moskowitz
2017-Mar-08 16:40 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 10:41 AM, Mark Weaver wrote:> Hello all, > > I've been googling my brains out since yesterday looking for > up-to-date information on this matter, and have found information that > is anywhere from 15 to 5 years old. I'd really like some information > that much more up to date on the subject. Specifically configuring > Sendmail SMTP authentication (_no smart host stuff_). > > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed: > > - Cyrus-sasl > - Dovecot > - Openssl > > Essentially everything I need except the working knowledge for the > process. If someone knows where I might locate this information it > would be greatly appreciated.Do you need Cyrus-sasl anymore? Dovecot now comes with its own sasl. I am working up a C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto. So, sorry, I switched from Sendmail to Postfix some 6+ years ago. I am actually doing this on Centos7-amrv7hl, but it will work on all C7 arches. It will take me a couple more weeks to finish, but will share with anyone that wants it now or more wants to help.
Try this article, "Outbound authentication for Sendmail." http://www.databook.bz/?page_id=3097 I wrote this after setting it up on my own CentOS server. On 03/08/2017 10:41 AM, Mark Weaver wrote:> Hello all, > > I've been googling my brains out since yesterday looking for > up-to-date information on this matter, and have found information that > is anywhere from 15 to 5 years old. I'd really like some information > that much more up to date on the subject. Specifically configuring > Sendmail SMTP authentication (_no smart host stuff_). > > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed: > > - Cyrus-sasl > - Dovecot > - Openssl > > Essentially everything I need except the working knowledge for the > process. If someone knows where I might locate this information it > would be greatly appreciated. > > thanks > > Mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos-- ********************************************************* David P. Both ********************************************************* "I'd put my money on the sun and solar energy. What a source of power! I hope we don't have to wait until oil and coal run out before we tackle that." - Thomas Edison, in conversation with Henry Ford and Harvey Firestone, 1931 ********************************************************* -- ********************************************************* David P. Both, RHCE Millennium Technology Consulting LLC Raleigh, NC, USA 919-389-8678 dboth at millennium-technology.com www.millennium-technology.com www.databook.bz - Home of the DataBook for Linux DataBook is a Registered Trademark of David Both ********************************************************* This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.
Mark Weaver
2017-Mar-08 18:21 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 11:40 AM, Robert Moskowitz wrote:> > > On 03/08/2017 10:41 AM, Mark Weaver wrote: > > Hello all, > > > > I've been googling my brains out since yesterday looking for > > up-to-date information on this matter, and have found information that > > is anywhere from 15 to 5 years old. I'd really like some information > > that much more up to date on the subject. Specifically configuring > > Sendmail SMTP authentication (_no smart host stuff_). > > > > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed: > > > > - Cyrus-sasl > > - Dovecot > > - Openssl > > > > Essentially everything I need except the working knowledge for the > > process. If someone knows where I might locate this information it > > would be greatly appreciated. > > Do you need Cyrus-sasl anymore? Dovecot now comes with its own sasl. > > I am working up a > C7-Postfix/MYsql/Postfixadmin/Dovecot/Roundcube/Amavis-clamav howto. > > So, sorry, I switched from Sendmail to Postfix some 6+ years ago. > > I am actually doing this on Centos7-amrv7hl, but it will work on all C7 > arches. It will take me a couple more weeks to finish, but will share > with anyone that wants it now or more wants to help.I thought about Postfix for a few minutes and decided because of the amount of other stuff I've got on my plate since I'm already familiar with Sendmail I decided to stay with it. But thank you.
Mark Weaver
2017-Mar-08 18:22 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 12:34 PM, David Both wrote:> Try this article, "Outbound authentication for Sendmail." > > http://www.databook.bz/?page_id=3097 > > I wrote this after setting it up on my own CentOS server. >Will definitely be having a look at this. The information is much appreciated.> > On 03/08/2017 10:41 AM, Mark Weaver wrote: > > Hello all, > > > > I've been googling my brains out since yesterday looking for > > up-to-date information on this matter, and have found information that > > is anywhere from 15 to 5 years old. I'd really like some information > > that much more up to date on the subject. Specifically configuring > > Sendmail SMTP authentication (_no smart host stuff_). > > > > I've got Sendmail 8.14 installed on a CentOS 7.3 server. Also installed: > > > > - Cyrus-sasl > > - Dovecot > > - Openssl > > > > Essentially everything I need except the working knowledge for the > > process. If someone knows where I might locate this information it > > would be greatly appreciated. > > > > thanks > > > > Mark > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org <mailto:CentOS at centos.org> > > https://lists.centos.org/mailman/listinfo/centos > > -- > > ********************************************************* > David P. Both > ********************************************************* > "I'd put my money on the sun and solar energy. What a > source of power! I hope we don't have to wait until oil > and coal run out before we tackle that." > - Thomas Edison, in conversation with Henry Ford and > Harvey Firestone, 1931 > ********************************************************* > > > -- > > > ********************************************************* > David P. Both, RHCE > Millennium Technology Consulting LLC > Raleigh, NC, USA > 919-389-8678 > > dboth at millennium-technology.com <mailto:dboth at millennium-technology.com> > > www.millennium-technology.com > www.databook.bz - Home of the DataBook for Linux > DataBook is a Registered Trademark of David Both > ********************************************************* > This communication may be unlawfully collected and stored by the National > Security Agency (NSA) in secret. The parties to this email do not > consent to the > retrieving or storing of this communication and any related metadata, as > well as > printing, copying, re-transmitting, disseminating, or otherwise using > it. If you > believe you have received this communication in error, please delete it > immediately. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org <mailto:CentOS at centos.org> > https://lists.centos.org/mailman/listinfo/centos > ------------------------------------------------------------------------ > Total Control Panel Login > <https://antispam.avgcloud.net/login?domain=compinfosystems.com> > > To: mweaver at compinfosystems.com > <https://antispam.avgcloud.net/address-properties?aID=2556430&domain=compinfosystems.com> > > From: centos-bounces at centos.org > > > Remove > <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-address=1&hID=1854216242&domain=compinfosystems.com> > this sender from my allow list > > You received this message because the sender is on your allow list. >
Mark Weaver
2017-Mar-08 18:24 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 11:00 AM, Paul Heinlein wrote:> On Wed, 8 Mar 2017, Mark Weaver wrote: > > > Hello all, > > > > I've been googling my brains out since yesterday looking for up-to-date > > information on this matter, and have found information that is > anywhere from > > 15 to 5 years old. I'd really like some information that much more > up to date > > on the subject. Specifically configuring Sendmail SMTP > authentication (_no > > smart host stuff_). > > I wrote this article years ago: > > https://www.madboa.com/geek/sendmail-auth/ > > The configuration outlined there is essentially unchanged today. I > have it running on a CentOS 7 machine with sendmail 8.14. > > The only real change is the SOCKETDIR setting in > /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than > /var/run/saslauthd). And, of course, I use systemctl rather than > chkconfig to control boot-time behavior. > > The trickier bit for me was stopping and restarting the whole SMTP > toolchain, which includes spamassassin, clavav, and opendmarc. Below > my .sig, I've included the shell script I use for that. > > -- > Paul Heinlein <> heinlein at madboa.com <mailto:heinlein at madboa.com> <> > http://www.madboa.com/ >Hi Paul, I much appreciate the info and will be having a look at it. I'll post back as to how its gone. Migrating is both enjoyable, exciting and a real BIG pain in the ass; all at the same time.> #!/bin/sh > # > # start/stop SMTP tool chain on mail.madboa.com > # > =====================================================================> > LANG=C > PATH="/usr/bin:/usr/sbin" > > function mail_start { > sync && sync > for S in \ > "clamd at clayton <mailto:clamd at clayton>" "clamav-milter" \ > "opendmarc" \ > "spamassassin" "spamass-milter" \ > "sendmail" > do > echo -n "Starting $S :: " > systemctl start ${S}.service > if test $? -eq 0; then echo "ok"; else echo "failed"; fi > done > } > > function mail_status { > for S in \ > "clamd at clayton <mailto:clamd at clayton>" "clamav-milter" \ > "opendmarc" \ > "spamassassin" "spamass-milter" \ > "sendmail" > do > echo -n "$S :: " > systemctl is-active ${S}.service > done > } > > function mail_stop { > for S in \ > "sendmail" \ > "clamav-milter" "clamd at clayton <mailto:clamd at clayton>" \ > "opendmarc" \ > "spamass-milter" "spamassassin" > do > echo -n "Stopping $S :: " > systemctl stop ${S}.service > if test $? -eq 0; then echo "ok"; else echo "failed"; fi > done > } > > case "$1" in > start) > mail_start > ;; > stop) > mail_stop > ;; > restart) > mail_stop > mail_start > ;; > status) > mail_status > ;; > *) > echo "usage: $(basename $0) {start|stop|restart|status}" > ;; > esac > > # vim: set filetype=sh: > > _______________________________________________ > CentOS mailing list > CentOS at centos.org <mailto:CentOS at centos.org> > https://lists.centos.org/mailman/listinfo/centos > ------------------------------------------------------------------------ > Total Control Panel Login > <https://antispam.avgcloud.net/login?domain=compinfosystems.com> > > To: mweaver at compinfosystems.com > <https://antispam.avgcloud.net/address-properties?aID=2556430&domain=compinfosystems.com> > > From: centos-bounces at centos.org > > > Remove > <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-address=1&hID=1854031573&domain=compinfosystems.com> > this sender from my allow list > > You received this message because the sender is on your allow list. >
Mark Weaver
2017-Mar-08 21:57 UTC
[CentOS] Up to date guide/information Sendmail SMTP Auth
On 03/08/2017 11:00 AM, Paul Heinlein wrote:> On Wed, 8 Mar 2017, Mark Weaver wrote: > > > Hello all, > > > > I've been googling my brains out since yesterday looking for up-to-date > > information on this matter, and have found information that is > anywhere from > > 15 to 5 years old. I'd really like some information that much more > up to date > > on the subject. Specifically configuring Sendmail SMTP > authentication (_no > > smart host stuff_). > > I wrote this article years ago: > > https://www.madboa.com/geek/sendmail-auth/ > > The configuration outlined there is essentially unchanged today. I > have it running on a CentOS 7 machine with sendmail 8.14. > > The only real change is the SOCKETDIR setting in > /etc/sysconfig/saslauthd, which is now /run/saslauthd (rather than > /var/run/saslauthd). And, of course, I use systemctl rather > thachkconfig to control boot-time behavior. > > The trickier bit for me was stopping and restarting the whole SMTP > toolchain, which includes spamassassin, clavav, and opendmarc. Below > my .sig, I've included the shell script I use for that. > > -- > Paul Heinlein <> heinlein at madboa.com <mailto:heinlein at madboa.com> <> > http://www.madboa.com/Hi Paul, I followed your guide to the letter, however I think it seems I missed something. When I test with telnet to port 25 this is the result: > telnet merlin 25 Trying 10.10.3.6... Connected to merlin.ciss.local. Escape character is '^]'. 220 mdw1982.com ESMTP Sendmail 8.14.7/8.13.8; Wed, 8 Mar 2017 16:53:31 -0500 ehlo merlin 250-mdw1982.com Hello [10.10.3.102], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP > auth login 504 5.3.3 AUTH mechanism login not available thoughts?