Sendmail Authentication for Local Mail Delivery

Posted on by

These days, service providers like British Telecom have tightened up their requirements on email delivery. Most ISPs now accept email only from servers that can authenticate through SMTP. Sendmail has authentication built in, allowing administrators to use an “authinfo” file, for example. The server then authenticates every time it sends mail out to the ISP.

That’s great for reducing spam. But it can have a side-effect of killing local mail on the server. Here is an recent example from Debian Squeeze. The authentication features that allowed this server to successfully send mail through the ISP were preventing local mail from working:


root@pluto:/etc/mail# sendmail -v root
test
root... Connecting to [127.0.0.1] via relay...
220 pluto.domain.org ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Sat, 2 Jun 2012 16:04:40 +0100; (No UCE/UBE) logging access from: localhost.localdomain(OK)-localhost.localdomain [127.0.0.1]
>>> EHLO pluto.domain.org
250-pluto.domain.org Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> QUIT
221 2.0.0 pluto.domain.org closing connection
root... Deferred: Temporary AUTH failure
Closing connection to [127.0.0.1]
root@pluto:/etc/mail# exit

Adding this line to /etc/mail/access fixed the problem:

SRV_Features:127.0.0.1 A

(followed by a cd /etc/mail ; make to rebuild access.db)

It tells sendmail not to authenticate mail connections from the local server. Authentication of mail going out to the ISP still works, and so now does local mail. Useful for receiving mail from cron jobs other system level diagnostics.

Background Information

For a server to send internet mail through an ISP or other mail host, sendmail must be configured with the correct authentication. Usually this is implemented in the submit.mc and authinfo files. Submit.mc is the configuration file used by sendmail when it runs in “MSP” mode, ie. when it is invoked to transmit a single email, as with the command line usage above. It is submit.mc that contains the configurations necessary for your server to talk to your ISP when it sends outgoing internet mail.

Often admins configure the ISPs “Smart host”, or internet mail server, into submit.mc

The sendmail.mc file governs the behaviour of Sendmail when it runs as a daemon, listening on port 25 for incoming mail connections. This is the sendmail that delivers mail to local mailboxes such as /var/mail/fred or /var/mail/root. If that is all you want to accomplish (often desirable on the average server), then sendmail.mc can be quite a bit simpler than submit.mc. You must have sendmail running as a daemon to deliver locally.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.