Prev: implementing sender authentication--HOW to on SENDMAIL
Next: Stats comp.mail.sendmail (last 7 days)
From: as on 31 Jan 2010 11:05
Hello all,

I'm trying to setup sendmail to use smtp.gmail.com as a relay. I'm
sure this has been asked a thousand times and I'm aware that there are
a lot of HOWTOs out there that give an explanation on how to
accomplish this task. However, all the step-by-step instructions i've
found differ. Some include options others don't. By now, I'm too much
confused by all the possible ways it could be done to recognise what's
nesseccary and what's not. So my general question is

1. How to properly configure sendmail to use smtp.gmail.com as relay
using tls?

A few infos:

OS: GNU/Linux
SENDMAIL-VERSION: 8.14.3


So far I've configured fetchmail to retrieve emails from my
account. Additionally I'd like to use pine (to be exact: alpine) as
mail program. Is this of any interest to sendmail?

But first things first. All I need is changing the 'From:' part of my
message header, so that recipients are able to reply to my
mails. Should I try masquerading or is it safer or better in any way
to relay? If I set FEATURE(`masquerade_envelope') can I be sure that
my mail will not be discarded as spam?

Next, I was unable to clarify whether my sendmail copy is compiled to
use TLS or not. I know that one can verify this by telnet'ing to
localhost:25 and issuing 'ehlo sendmail'. Which I did and STARTTLS did
not show up. Yet

$ /usr/bin/sendmail -d0.1 -bv

lists STARTTLS as a compile flag. So I'm a bit confused at this
point. Does that mean that sendmail was compiled with TLS but does not
use it because it's somehow not turned on? Also, does the above mean
that SMTP is using port 25? How do I tell sendmail to use port 587?

If I opt for relay instead of masquerading my biggest problem so far
were certificates. The sendmail README states that I need to set the
follwoing variables:

define(`confCACERT_PATH', `/etc/mail/certs/')
define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
define(`confSERVER_CERT', `/etc/mail/certs/my.cert.pem')
define(`confSERVER_KEY', `/etc/mail/certs/my.key.pem')

I have to admit my knowledge about SSL, certificates and keys is
somewhat limited. What is CA.cert.pem? Is this Google's Internet
Authority certificate? How do I create my.cert.pem and why do I need
it? Do I not verify myself to the Google server through username and
password? And what's the key exactly for?

Masquerading would be totally sufficient for me but I don't know
whether my mails are encrypted or not, if this is handeled by sendmail
at all or if I have to use PGP. Since I cannot expect my recipients to
use PGP relaying would probably be better but, wouldn't it?

Suggestions and clarifications are highly appreciated.
From: ska on 2 Feb 2010 04:34
as wrote:
> Hello all,
>
> I'm trying to setup sendmail to use smtp.gmail.com as a relay. I'm
> sure this has been asked a thousand times and I'm aware that there are
> a lot of HOWTOs out there that give an explanation on how to
> accomplish this task. However, all the step-by-step instructions i've
> found differ. Some include options others don't. By now, I'm too much

Well, this also depends on the distro you are using, because esp.
sendmail is wrapped by more or less useful configuration helpers.

But this looks promising:
http://www.phinesolutions.com/sendmail-gmail-smtp-relay-howto.html

The key features for Gmail seem to be submission port (587), TLS and
AUTH; all of them are covered in this HOWTO.
I would never try the built Cyrus SASL that way, better switch the
distro ... .

> But first things first. All I need is changing the 'From:' part of my
> message header, so that recipients are able to reply to my

If you setup your MUA properly, there is no need for masquerading.

> Masquerading would be totally sufficient for me but I don't know
> whether my mails are encrypted or not, if this is handeled by sendmail
> at all or if I have to use PGP. Since I cannot expect my recipients to
> use PGP relaying would probably be better but, wouldn't it?

Er, "whether my mails are encrypted or not"?
http://en.wikipedia.org/wiki/E-mail_encryption
"While it [TLS/SSL] protects traffic from being sniffed during
transmission, it is technically not encryption of e-mails because the
content of messages is revealed to, and can be tampered with by,
involved email relays."
Google can read all your mails, unless you do something actively.
When the mail leaves the Gmail servers, you don't know either, whether
these SMTP sessions use TLS.

-ska
 | 
Pages: 1
Prev: implementing sender authentication--HOW to on SENDMAIL
Next: Stats comp.mail.sendmail (last 7 days)