Relaying Sendmail via SSL
This howto will hopefully get sendmail relaying to an SMTP
SSL enabled server, but the same technique should also serve
for other purposes. Note that this article assumes that you
already know how to set up sendmail with a SMART_HOST.
A little background info:
My ISP was taken over by Virgin Media, and their SMTP server
uses SSL on port 465. Nothing wrong with that for most email
clients like Claws Mail, Thunderbird and the like that
handle sending themselves. With mutt and other clients that
need a separate MTA we need to get sendmail to relay to it,
and that's where the problem is, because sendmail doesn't
support SSL with SMART_HOST and will hang waiting for the
(Note that mutt now supports sending itself, and there are
alternative applications like msmtp that mutt can use.)
You may notice if you just try to telnet to
smtp.virginmedia.com port 465 you will get disconnected just
by issuing a EHLO. Trying the normal port (25) will just
To deal with this problem we need to create an SSL tunnel to
the server and have sendmail relay through it. The
application that I will use to do that is stunnel
which is installed by default in Slackware - it just needs
some setting up.
Note that the commands outlined here need to be run as root,
apart from any 'telnet' commands.
Stunnel has two modes - server and client. We will use it as
a client and create what is in effect a proxy to VM's SMTP
Create a simple config file for stunnel:
client = yes
accept = 2525
connect = smtp.virginmedia.com:465
relay-domain is going to be our stunnel hostname defined in
/etc/hosts. I'm just running it locally and I'm using
127.0.0.1 for the IP. It's not necessary to edit the hosts
file if you use 'localhost' instead of 'relay-domain' in the
following steps. You can also have it running on a different
box using its LAN IP (e.g. 192.168.1.2) so that it's
accessible from other machines on the LAN.
2525 will be the port that it runs on.
My hosts file looks like this:
.. snip ..
.. snip ..
Now run stunnel with some flags:
stunnel /etc/stunnel/virgin.conf -c -d relay-domain:2525
You should now be able to telnet in via stunnel and get the
proper SMTP response (the commands I type are in red):
telnet relay-domain 2525
Connected to relay-domain.
Escape character is '^]'.
220 know-smtprelay-11-imp cmsmtp ESMTP server ready
250-know-smtprelay-11-imp hello [(my IP address)], pleased to meet you
250-AUTH LOGIN PLAIN
221 2.0.0 know-smtprelay-11-imp cmsmtp closing connection
Connection closed by foreign host.
Note: When I first wrote this articicle smtp.virginmedia.com
rerouted to mx.google.com, but this no longer seems to be
BEFORE creating the new sendmail config files, *BACKUP*
sendmail.cf and submit.cf in /etc/mail
First we need to make an authinfo.db with our Virgin login
info for relay-domain.:
chmod 700 auth
Now make the file 'authinfo' if it doesn't already exist and
add some credentials:
AuthInfo:relay-domain.host "I: firstname.lastname@example.org" \
"U:root" "P:pass" "M:PLAIN"
AuthInfo:relay-domain.host:2525 "I: email@example.com" \
"U:root" "P:pass" "M:PLAIN"
(Put these on one line each)
Change 'firstname.lastname@example.org' and 'pass' to your SMTP login details.
Notice I have used the full hostname of the machine
hosting stunnel here (relay-domain.host.) This is the
domain that you set when you installed your distro, if you
were given the choice. It should be set in /etc/hosts and
can also be found by running the command 'hostname -d' on
makemap hash authinfo < authinfo
chmod 600 authinfo*
The 600 permissions will ensure that the login info isn't
Put yourself in /usr/share/sendmail/cf/cf and backup and
edit sendmail-slackware.mc and submit.mc. Substitute your
distro's default files for these if you aren't using
These are the settings we need to add:
FEATURE(`authinfo',`hash -o /etc/mail/auth/authinfo.db')
define(`RELAY_MAILER_ARGS', `TCP $h 2525')
define(`ESMTP_MAILER_ARGS', `TCP $h 2525')
You may need to play with the order and where these settings
are in the actual files. The Build script will whine if they
are in the wrong order.
cp sendmail-slackware.cf /etc/mail/sendmail.cf
cp submit.cf /etc/mail/submit.cf
echo "This is a test" | mailx -s "TEST" email@example.com
If all went well you should have recieved it without any
problems. Add the stunnel start command to
/etc/rc.d/rc.local to have it run at boot.