[ydl-gen] Re: Setting up sendmail to send mail (via SMTP)
pstreibig
pstreibig at bcj.com
Thu Aug 17 08:53:03 MDT 2006
Eric Dunbar wrote:
> On 16/08/06, Eric Dunbar <eric.dunbar at gmail.com> wrote:
>> Hello all, I'm trying to make my server a little more user-friendly
>> for my
>> friends and for that to happen I need to add the ability for the
>> server to
>> SEND mail.
>>
>> My ISP (Bell Sympatico) blocks all attempts to deliver mail directly to
>> another mail server. The only way for me to get mail out is by
>> connecting to
>> my ISP's mail SMTP mail server using a username and password, over SSL.
>>
>> Does anyone have any idea how to set sendmail (or another MTA) up on
>> YDL to
>> send mail from the server (a Gallery installation, to be specific) to a
>> public internet address?
>>
>> I've searched far and wide for this but the language surrounding
>> sendmail is
>> quite technical (beyond my geek skills) [I don't know what question
>> to ask
>> of Google yet ;-P].
>
> Well, I managed to answer my own question by stumbling on the right
> web page at sendmail's site:
> <http://www.sendmail.org/~ca/email/auth.html> under the section 'Using
> sendmail as a client with AUTH'.
>
> On a hunch I changed an extra setting alongside the preferences
> settings. Using the Webmin sendmail interface I made the following
> additional change:
>
> Change #1 (not listed at page cited above):
> "Send outgoing mail via host" is now set to my ISP's mail server (in
> my case: smtphm.sympatico.ca
>
> ... although, it may actually be referenced in this paragraph on that
> page (just Webmin provides an easier way to get at it ;-):
>
> " Note: if FEATURE(`authinfo') is used, then the hostname in the map
> entry must match exactly the hostname of the ISP mailserver as
> explained in cf/README: Note: searches for domain parts or IP nets are
> only performed if the access map is used; if the authinfo feature is
> used then only up to three lookups are performed (two exact matches,
> one default)."
>
> Change #2:
> Modified in the file in the middle was
> dnl define(`SMART_HOST',`smtphm.sympatico.ca')
>
> Added to the file at the end was...
>
> 1. define(`SMART_HOST',`smtphm.sympatico.ca')dnl
> 2. define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
> LOGIN PLAIN')dnl
> 3. FEATURE(`authinfo',`hash /etc/mail/auth/client-info')dnl
>
> NOTE: lines 1 and 2 at the end are DUPLICATES of lines in the file
> (origina linel #2 is exactly the same as the default). Could this
> duplication cause problems (right now it seems to be working nicely)?
DANGER!
Be extra careful here with your sendmail settings once you implement
this. Unless you are locking down access to your sendmail (for your
friends) you could be creating an open relay. This could be considered
a breach of contact by your ISP, and cause other nastiness such as bots
relaying spam through your authenticated to ISP connection.
That being said, I believe sendmail reads it's configs the same way
postfix does (which i am familiar with using). If this is the case,
then having a duplicate entry should not matter. Grouping your changes
at the end of the config will make your life easier than having to
search throughout the entire config file. Just for your own sanity you
should note why you made the changes.
I'm curious though, when you say your ISP blocks all outbound mail. How
are they implementing this? I guess it's more academic curiosity, but
did you try changing the default port for sendmail? There are more
reasons for not doing this than for doing it though, not the least of
which being the pain of maintaining an up to date, fully patched secure
mail server, which ideally your ISP is doing for you already.
cheers,
:ps
More information about the yellowdog-general
mailing list