Posted on

Configuring SendMail for Gmail relay

I had a bulky mail relay server that had been running for years. Around December 2015, it unexpectedly just died. Probably an auto update or something. I finally got around to building a new one this week using SendMail. This relay sits behind a United Threat Management Gateway so running it with no authentication is not a problem as the UTM handles incoming connections from trusted servers on the internet. On the intranet, anything can relay on it. On my WordPress sites, I am using “Easy SMTP Relay” plugin for, you’ve guessed it, easy SMTP relaying.

  • Pre-req: I am using Ubuntu 14.04 LTS (16.04 was giving me heartburn).
  • Pre-req: Google Gmail account. I am using Google Apps for Business with a dedicated mail relay account.

apt-get install sendmail mailutils sendmail-bin
nano /etc/mail/gmailauth

In the auth file that you just nano’d, include this info in the file:
AuthInfo: "U:root" "I:something@gmail.com" "P:password"

CTRL+O to write changes (save file) and CTRL+X to exit.

CD to /etc/mail, then;

makemap hash gmailauth < gmailauth
nano sendmail.mc

In the sendmail.mc file, CTRL+W to find “MAILER”. Press enter. Immediately above “MAILER_DEFINITIONS”, copy and paste the following:

define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/gmailauth.db')dnl

Then:
make -C /etc/mail
/etc/init.d/sendmail reload

Switch away from Linux for a minute, fire up your browser, and switch to your email relay account on Gmail.com. Once logged in, go to this URL: https://www.google.com/settings/security/lesssecureapps. You’ll need to enable less secure mode (or at least I had to in order for the relay to work with Google Apps for Business). Once enabled, switch back over to your Linux config.

Run the following and modify appropriately the email address you want to send to:
echo "SomeEmail@SomeDomain.com" | mail -s "This is just a test"

At this point, you should have an email in your inbox (if you sent it to yourself) from root@yourhost. If not, nano “/var/log/mail.log”. I nailed this my first attempt so feel free to send me your logs for troubleshooting.

Now, if you’re a person who likes to talk to themselves using the terminal of your Linux box, you can stop here. If you actually want to send mail from other hosts via this relay, there are more steps.

Let’s open up port 25 on our mail server. You should be in /etc/mail but if not, CD to that directory and (or just):
nano /etc/mail/sendmail.mc

You’re going to CTRL+W  for “DAEMON_OPTIONS”. You’ll want to modify your next two DNL and DAEMON_OPTIONS lines to look like this:
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea')dnl

What we are doing is effectively removing any IP restrictions from accessing the “PORT” (which is SMTP = 25). Again, I am behind a UTM so running this server in a less-than-ideal security setup is not a problem because of various VLAN and firewall rules upstream of this instance. Your mileage will vary.

CTRL+O and CTRL+X to exit.

Next, we need to configure what addresses will be able to relay on this server.
nano /etc/mail/access

CTRL+W “connect:” which should bring you down to an insane number of example configs. What we want to do is allow all internal (or external) IPs to relay on this server. Under “ClientConn:localhost”, you’ll start adding your servers. Mine looks like this:
Connect:localhost               RELAY
GreetPause:localhost    0
ClientRate:localhost    0
ClientConn:localhost    0
Connect:10      RELAY
Connect:172     RELAY
Connect:10.0.230.123   RELAY

Write out that file and run this command:
makemap hash /etc/mail/access.db < /etc/mail/access

Just for grins run:
/etc/init.d/sendmail reload

There are a few ways you can test this relay. You can use Telnet to test the mail relay functionality. You can find instructions for that using Microsoft Windows here: https://technet.microsoft.com/en-us/library/aa995718%28v=exchg.65%29.aspx

Or, if you are setting this up for WordPress, configure your “Easy WP SMTP” plugin to point to the IP of your mail relay. Save your changes then use the test mail function in the plugin.

You should, at this point, have a working SMTP relay.

2 thoughts on “Configuring SendMail for Gmail relay”

    1. SSMTP isn’t a full replacement for sendmail as it is strictly forwarding emails. Sendmail can receive, expand aliases, and manage queues. SSMTP does work well with Gmail and a good alternative for a single email relay.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.