Setting up sendmail to use an SMTP server on Red Hat 9

I have a laptop, and I want, on that laptop, to be able to use mutt to send email from my laptop. These days, this is hard, because of the anti-spam restrictions used. So what I want is to have sendmail send all my mail to another SMTP server.

However, that requires a server that will relay my mail. The ones I have access to are the one I use to read my mail (via fetchmail), and the one that comes with my internet access at home. The authentication mechanism supported by the former requires sending my username and password in clear text. However, the second SMTP server supports encryption (using STARTTLS), so I can use that. (I also don't care much about that password, since I don't use the account.)

Security and SMTP

Take this section with a grain of salt—I'm not an expert on this, and if you really care about security you should check this for yourself. And if that doesn't make you suspicious, the fact that I wrote the whole section from memory after doing all the reading about it two weeks earlier should.

There are two useful security mechanisms that SMTP servers can support:

It looks (although I'm not sure) that if an SMTP server supports STARTTLS, then sendmail (acting as an SMTP client) on Red Hat 9 will use it. I know my configuration is using STARTTLS, since I checked with ethereal. I don't know how to set up sendmail to forward to an always-encrypted SMTP server on the alternative port, but it probably isn't too hard. Which authentication mechanisms sendmail (acting as an SMTP client) is willing to use depends on the "M" section of the AuthInfo line (see below).

To tell what the server supports, telnet to the SMTP server on port 25 (telnet smtp.server 25), enter the command EHLO my.host.name and then QUIT. The response to the EHLO will list certain features that the server supports. If the server returns a line saying 250-STARTTLS, then it supports STARTTLS, and the line that begins with 250-AUTH says what authentication mechanisms are supported.

After probing through configuration files and a lot of documentation, I found that this isn't that hard to set up (or wouldn't be, if it were documented). I just had to add three lines (already present, but commented out) to my /etc/mail/sendmail.mc:

Then I had to add the authentication information to /etc/mail/access (on which I changed the permissions so it wasn't world-readable):

AuthInfo:smtp.myisp.net "U:username@myisp.net" "I:username@myisp.net" "P:******" "M:LOGIN PLAIN"

(I'm not sure which of the "U" or "I" parts matters, but I'm not really too worried. The list of authentication mechanisms after the "M" gives the authentication mechanisms that the sendmail (acting as a client) will try when authenticating with the server. It must overlap with the mechanisms that the server supports.)

Once I did this, I ran make in /etc/mail (which requires having the sendmail-cf RPM installed) and restarted sendmail (/etc/rc.d/init.d/sendmail restart).

The documentation I had to dig through (after finding it, mostly through Google) to figure this out included:


Valid HTML 4.0!

(Back to Linux, David Baron)

LDB, dbaron@dbaron.org, 2003-07-31, 2003-08-13