Sendmail setup for outbound only (to

Setting up AsteriskNOW 1.7 was a breeze! The only thing left to do is configure sendmail to allow the system to email out Voicemail recordings, Module Update notices, Backup notices, … .

I have been trying for two weeks to get Sendmail to work. I want sendmail set up to ONLY send outbound ( do not want / need any inbound capability) and sendmail needs to use an eternal ISP’s (1and1) smtp-based mail server, so I am trying to set it up to use SMTP Auth for enabling the connection.

I have a dynamic IP address, using no-ip for dynamicDNS updates.

I created the sendmail.pem certificate but have a Question: What is the correct CommonName to use for the sendmail certificate? I currently use my DynamicDNS URL ( as the common name; is that correct?

I created an AUTHINFO file where my 1and1 UserID/Password is stored.

I have enclosed my file below, where I have done all the edits that are supposed to enable sendmail to mail out.

When I test the setup by sending an email from the CLI, the email gets submitted to sendmail, but then times out while attempting to connect to 1and1.

When I do an ehlo localhost command, the AUTH line does not show up.

Any ideas?

Please answer in layman’s terms since my Linux/Sendmail experience is limited

Thanks in advance,


Module Index
Sendmail M4 Configuration

This page lists the relevant entries from the Sendmail M4 configuration file /etc/mail/, from which the actual configuration file /etc/mail/ is built.

Entry type Line in configuration file Move
Other divert(-1)dnl
Other dnl #
Other dnl # This is the sendmail macro config file for m4. If you make changes to
Other dnl # /etc/mail/, you will need to regenerate the
Other dnl # /etc/mail/ file by confirming that the sendmail-cf package is
Other dnl # installed and then performing a
Other dnl #
Other dnl # make -C /etc/mail
Other dnl #
Other include(/usr/share/sendmail-cf/m4/cf.m4')dnl Other VERSIONID(setup for linux’)dnl
OS Type OSTYPE(linux')dnl Other dnl # Other dnl # Do not advertize sendmail version. Other dnl # Other dnl define(confSMTP_LOGIN_MSG’, $j Sendmail; $b')dnl Other dnl # Other dnl # default logging level is 9, you might want to set it higher to Other dnl # debug the configuration Other dnl # Other dnl define(confLOG_LEVEL’, 9')dnl Other dnl # Other dnl # Uncomment and edit the following line if your outgoing mail needs to Other dnl # be sent out through an external mail server: Other dnl # Define define(SMART_HOST’, []')dnl Other dnl # Define define(confDEF_USER_ID’, ``8:12’’)dnl
Other dnl define(confAUTO_REBUILD')dnl Define define(confTO_CONNECT’, 1m')dnl Define define(confTRY_NULL_MX_LIST’, True')dnl Define define(confDONT_PROBE_INTERFACES’, True')dnl Define define(PROCMAIL_MAILER_PATH’, /usr/bin/procmail')dnl Define define(ALIAS_FILE’, /etc/aliases')dnl Define define(STATUS_FILE’, /var/log/mail/statistics')dnl Define define(UUCP_MAILER_MAX’, 2000000')dnl Define define(confUSERDB_SPEC’, /etc/mail/userdb.db')dnl Define define(confPRIVACY_FLAGS’, authwarnings,novrfy,noexpn,restrictqrun')dnl Other dnl define(confAUTH_OPTIONS’, A')dnl Other dnl # Other dnl # The following allows relaying if the user authenticates, and disallows Other dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links Other dnl # Define define(confAUTH_OPTIONS’, A p')dnl Other dnl # Other dnl # PLAIN is the preferred plaintext authentication method and used by Other dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do Other dnl # use LOGIN. Other mechanisms should be used if the connection is not Other dnl # guaranteed secure. Other dnl # Please remember that saslauthd needs to be running for AUTH. Other dnl # Other TRUST_AUTH_MECH(EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl
Feature FEATURE(authinfo',hash /etc/mail/auth/client-info.db’)dnl
Other dnl #
Other dnl # Rudimentary information on creating certificates for sendmail TLS:
Other dnl # cd /etc/pki/tls/certs; make sendmail.pem
Other dnl # Complete usage:
Other dnl # make -C /etc/pki/tls/certs usage
Other dnl #
Define define(confCACERT_PATH',/etc/pki/tls/certs’)dnl
Define define(confCACERT',/etc/pki/tls/certs/ca-bundle.crt’)dnl
Define define(confSERVER_CERT',/etc/pki/tls/certs/sendmail.pem’)dnl
Define define(confSERVER_KEY',/etc/pki/tls/certs/sendmail.pem’)dnl
Other dnl #
Other dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP’s
Other dnl # slapd, which requires the file to be readble by group ldap
Other dnl #
Other dnl define(confDONT_BLAME_SENDMAIL',groupreadablekeyfile’)dnl
Other dnl #
Other dnl define(confTO_QUEUEWARN',4h’)dnl
Other dnl define(confTO_QUEUERETURN',5d’)dnl
Other dnl define(confQUEUE_LA',12’)dnl
Other dnl define(confREFUSE_LA',18’)dnl
Define define(confTO_IDENT',0’)dnl
Other dnl FEATURE(delay_checks)dnl
Feature FEATURE(no_default_msa',dnl’)dnl
Feature FEATURE(smrsh',/usr/sbin/smrsh’)dnl
Feature FEATURE(mailertable',hash -o /etc/mail/mailertable.db’)dnl
Feature FEATURE(virtusertable',hash -o /etc/mail/virtusertable.db’)dnl
Feature FEATURE(redirect)dnl
Feature FEATURE(always_add_domain)dnl
Feature FEATURE(use_cw_file)dnl
Feature FEATURE(use_ct_file)dnl
Other dnl #
Other dnl # The following limits the number of processes sendmail can fork to accept
Other dnl # incoming messages or process its message queues to 20.) sendmail refuses
Other dnl # to accept connections once it has reached its quota of child processes.
Other dnl #
Other dnl define(confMAX_DAEMON_CHILDREN',20’)dnl
Other dnl #
Other dnl # Limits the number of new connections per second. This caps the overhead
Other dnl # incurred due to forking new sendmail processes. May be useful against
Other dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
Other dnl # limit would be useful but is not available as an option at this writing.)
Other dnl #
Other dnl define(confCONNECTION_RATE_THROTTLE',3’)dnl
Other dnl #
Other dnl # The -t option will retry delivery if e.g. the user runs over his quota.
Other dnl #
Feature FEATURE(local_procmail, ',procmail -t -Y -a $h -d $u’)dnl
Feature FEATURE(access_db',hash -T -o /etc/mail/access.db’)dnl
Feature FEATURE(blacklist_recipients')dnl Other EXPOSED_USER(root’)dnl
Other dnl #
Other dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
Other dnl # the following 2 definitions and activate below in the MAILER section the
Other dnl # cyrusv2 mailer.
Other dnl #
Other dnl define(confLOCAL_MAILER',cyrusv2’)dnl
Other dnl define(CYRUSV2_MAILER_ARGS',FILE /var/lib/imap/socket/lmtp’)dnl
Other dnl #
Other dnl # The following causes sendmail to only listen on the IPv4 loopback address
Other dnl # and not on any other network devices. Remove the loopback
Other dnl # address restriction to accept email from the internet or intranet.
Other dnl #
Other DAEMON_OPTIONS(Port=smtp,Addr=, Name=MTA')dnl Other dnl # Other dnl # The following causes sendmail to additionally listen to port 587 for Other dnl # mail from MUAs that authenticate. Roaming users who can't reach their Other dnl # preferred sendmail daemon due to port 25 being blocked or redirected find Other dnl # this useful. Other dnl # Other DAEMON_OPTIONS(Port=submission, Name=MSA, M=Ea’)dnl
Other dnl #
Other dnl # The following causes sendmail to additionally listen to port 465, but
Other dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
Other dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can’t
Other dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
Other dnl # and doesn’t support the deprecated smtps; Evolution <1.1.1 uses smtps
Other dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
Other dnl #
Other dnl # For this to work your OpenSSL certificates must be configured.
Other dnl #
Other dnl DAEMON_OPTIONS(Port=smtps, Name=TLSMTA, M=s')dnl Other dnl # Other dnl # The following causes sendmail to additionally listen on the IPv6 loopback Other dnl # device. Remove the loopback address restriction listen to the network. Other dnl # Other dnl DAEMON_OPTIONS(port=smtp,Addr=::1, Name=MTA-v6, Family=inet6’)dnl
Other dnl #
Other dnl # enable both ipv6 and ipv4 in sendmail:
Other dnl #
Other dnl DAEMON_OPTIONS(Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') Other dnl # Other dnl # We strongly recommend not accepting unresolvable domains if you want to Other dnl # protect yourself from spam. However, the laptop and users on computers Other dnl # that do not have 24x7 DNS do need this. Other dnl # Other dnl FEATURE(accept_unresolvable_domains’)dnl
Other dnl #
Other dnl FEATURE(relay_based_on_MX')dnl Other dnl # Other dnl # Also accept email sent to "localhost.localdomain" as local email. Other dnl # Other LOCAL_DOMAIN(localhost.localdomain’)dnl
Other dnl #
Other dnl # The following example makes mail from this host and any additional
Other dnl # specified domains appear to be sent from
Other dnl #
Other MASQUERADE_AS(`’)dnl
Other dnl #
Other dnl # masquerade not just the headers, but the envelope as well
Other dnl #
Feature FEATURE(masquerade_envelope)dnl
Other dnl #
Other dnl # masquerade not just, but @* as well
Other dnl #
Feature FEATURE(masquerade_entire_domain)dnl
Other dnl #
Other MASQUERADE_DOMAIN(localhost)dnl
Other MASQUERADE_DOMAIN(localhost.localdomain)dnl
Other MASQUERADE_DOMAIN(mydomain.lan)dnl
Mailer MAILER(smtp)dnl
Mailer MAILER(procmail)dnl
Other dnl MAILER(cyrusv2)dnl

I would say this was more of an AsteriskNow question than an Asterisk one, however it may be even better to treat it as a sendmail one.