I've got a FreeBSD 14 host running sendmail from packages that works perfectly >otherwise but can't be persuaded to communicate with gmail:
(reason: 550-5.7.26 This mail has been blocked because the sender is unauthenticated.)
Is there a FreeBSD expert out there who can tell me what I've missed?
Is there a FreeBSD expert out there who can tell me what I've missed?
According to <bp@www.zefox.net>:
I've got a FreeBSD 14 host running sendmail from packages that works perfectly
otherwise but can't be persuaded to communicate with gmail:
(reason: 550-5.7.26 This mail has been blocked because the sender is unauthenticated.)
Yup, that's a problem.
Is there a FreeBSD expert out there who can tell me what I've missed?
Not until you tell us what the domain name is so we can tell you what
you're doing wrong. Most likely your sendmail setup is fine, but your
SPF and DKIM configations are missing or wrong.
John Levine <johnl@taugh.com> wrote:
According to <bp@www.zefox.net>:
I've got a FreeBSD 14 host running sendmail from packages that works perfectly
otherwise but can't be persuaded to communicate with gmail:
(reason: 550-5.7.26 This mail has been blocked because the sender is >unauthenticated.)
Yup, that's a problem.
Is there a FreeBSD expert out there who can tell me what I've missed?
Not until you tell us what the domain name is so we can tell you what
you're doing wrong. Most likely your sendmail setup is fine, but your
SPF and DKIM configations are missing or wrong.
This hostname is www.zefox.net, which makes the domain zefox.net IIUC. >Nameservice is provided by ns1.zefox.net and ns2.zefox.net, also FreeBSD >hosts running bind9.18 from packages.
I never did set up MX records for any of my domains (zefox.net, zefox.com
and zefox.org) but it hasn't caused trouble up to now.
Thanks for writing!
bob prohaska
I've got a FreeBSD 14 host running sendmail from packages that works perfectly otherwise but can't be persuaded to communicate with gmail:
(reason: 550-5.7.26 This mail has been blocked because the sender
is unauthenticated.)
I never did set up MX records for any of my domains (zefox.net, zefox.com >>and zefox.org) but it hasn't caused trouble up to now.
(reason: 550-5.7.26 This mail has been blocked because the sender is unauthenticated.)
I think I've got the typo in the MX record fixed, but clearly
there's a lot more to be learned. It seems like maybe getting
https working with apache24 might be an easier place to start.
On 15.04.2024 um 16:45 Uhr bp@www.zefox.net wrote:
(reason: 550-5.7.26 This mail has been blocked because the sender is
unauthenticated.)
As a low volume sender, you need at least SPF or DKIM (you can do both)
for your domain.
SPF is a simple DNS TXT record, DKIM also need a milter (e.g. opendkim)
that signs the message.
Setting that up is easy, ask if you have questions.
That's pretty easy if you use certbot. But of course now we're
a long way from sendmail.
That depends, are we talking about using certbot (et al.) to get a
TLS certificate to put into Sendmail? }:-)
The only thing is to trigger a sendmail reload. certbot provides such
a mechanism.
According to <bp@www.zefox.net>:
I think I've got the typo in the MX record fixed, but clearly
there's a lot more to be learned. It seems like maybe getting
https working with apache24 might be an easier place to start.
That's pretty easy if you use certbot. But of course now we're
a long way from sendmail.
Pulling the conversation back to sendmail, if I get apache24 to accept
and work with https connections have I laid a reasonable foundation
to let sendmail authenticate with gmail?
Thanks for writing!
On 4/17/24 20:39, bp@www.zefox.net wrote:
Pulling the conversation back to sendmail, if I get apache24 to accept
and work with https connections have I laid a reasonable foundation
to let sendmail authenticate with gmail?
While both Apache and Sendmail use the same underlying TLS libraries;
oft OpenSSL, sometimes an alternative, what they do with it and how they
make use of them are separate.
About the only thing that Apache will bring to the email party is infrastructure to host the policy file for MTA-STS.
You can use the same certificate file and key for both Apache and Sendmail.
"authenticate with gmail" means a couple of different things to me in 2924:
1) Requirements for senders to be /authenticated/; e.g. SPF and / or DKIM. 2) OAuth 2.0 authentication to send relay email to the world via Gmail.
Read: use Gmail as a smart host in Sendmail parlance.
Which of these are you asking about?
1.SPF is easy to do with TXT records in DNS.
1.DKIM is a bit more complicated and requires a milter to sign outgoing messages as well as various DNS records to support DKIM.
2 is another critter entirely. I am not aware of a recipe to make this
work. I feel certain that there is on and I'm just unaware of it. I
can see some plumbing to create a new mailer that does the OAuth w/
Gmail and sends messages. I know how to add mailers to Sendmail, but I
have no idea what such a mailer would look like.
I've heard about people using -- what I think -- are called application passwords with Gmail to make non-OAuth aware software work with Gmail.
Maybe this will work allow Sendmail to use Gmail as a smart host using authentication using the App Password.
I've read that app passwords are still a thing but require multi-factor
to be enabled to get access to them.
I could also be a decade behind the times when it comes to OAuth.
That suggests that getting apache working https will complete a
necessary, if not sufficient, step toward authentication using
sendmail. For my purposes that's a worthwhile step.
If the certificat can be the one already used for ssh, that's a bit
of gravy.
I simply want to reply, as an individual, to email received from a gmail account.
Hopefully SPF will be enough to get gmail to accept my replies
I fear you're giving me far more credit than I deserve! OAuth is
unknown to me.
Thanks for helping me find my bearings! I'm still kinda lost, but
am forming an inkling which way is up.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 307 |
Nodes: | 16 (2 / 14) |
Uptime: | 67:46:34 |
Calls: | 6,915 |
Files: | 12,379 |
Messages: | 5,431,814 |