I know from previous experience, that I should have STARTTLS
enabled, because sendmail does not allow passwords to go on plain
text TCP connections.
Please tell me if there is a better newsgroup that this for this topic.
I recently needed to reinstall my Linux workstation/server, which runs
behind a Frontier Fiber Business Service with one static IP, with my
own edge router behind it. So my mail server has both an internal
IP address (linux-local.example.com 192.168.1.2) and a
public IP address (linux.example.com w.x.y.z). There are also aliases
defined in DNS:
www.example.com. CNAME linux.example.com.
mail.example.com. CNAME linux.example.com.
Everything was working fine in my old setup, but after the new
install, I can receive mail from the outside relayed from f.x. Gmail
or my business email (which is hosted on Rackspace, but I cannot submit mail from the Windows machine on my LAN. My IMAP (dovecot) server runs fine.
I am puzzled.
Thunderbird on Windows reports that:
| Sending of the message failed.
| The sessage could not be sent because connecting to Outgoing server
| (SMTP) linux-local.example.com failed. The server may be unavailable
| or is refusing SMTP connections. Please verify that your Outgoing
| server (SMTP) settings are correct and try again.
| [OK]
I have tried many variations in my Thunderbird settings:
* Specify host by IP address, internal name or public name
* specify connection security None or STARTTLS
* Port 25 or 587
* Authentication None or Password, transmitted insecurely
... in every combination I can think of.
The failed connections do not show up in any of the logfiles
/var/log/messages
/var/log/maillog
/var/log/secure
I know from previous experience, that I should have STARTTLS
enabled, because sendmail does not allow passwords to go on
plain text TCP connections.
I think it must be a problem related to SSL, but sendmail.mc
does nbot seem to mention any SSL configuration, and the RedHat
sendmail deployment documention is very old and does not discuss
where to specify the .pem files.
Where should I look next?
On 2026-01-31 22:03, Lars Poulsen wrote:
I know from previous experience, that I should have STARTTLS
enabled, because sendmail does not allow passwords to go on
plain text TCP connections.
I think it must be a problem related to SSL, but sendmail.mc
does nbot seem to mention any SSL configuration, and the RedHat
sendmail deployment documention is very old and does not discuss
where to specify the .pem files.
Where should I look next?
use postfix. +1.
But while there is some learning curve required ... I need to look
closely at how Postfix and SSL mesh with each other ... I got it up
in less than an hour, and some of the configuration tables like
relay-hosts even carried over.
But it turned out that the worst of the problems was a firewall
configuration that had gotten broken on the Windows/Thunderbird side
where I was sending from. The TCP connection to port 25 or 587 never
got out of the PC, which was obvious when I loaded up Wireshark on
the PC side.
I have a lot of experience over many decades, but sometimes I
overlook really stupid things, because "I did not touch that part at
all, at least not recently".
On 2026-01-31 22:03, Lars Poulsen wrote:
I know from previous experience, that I should have STARTTLS
enabled, because sendmail does not allow passwords to go on
plain text TCP connections.
I think it must be a problem related to SSL, but sendmail.mc
does nbot seem to mention any SSL configuration, and the RedHat
sendmail deployment documention is very old and does not discuss
where to specify the .pem files.
Where should I look next?
On 2026-01-31, Carlos E.R. <robin_listas@es.invalid> wrote:
use postfix. +1.
I have used sendmail since the late 1980s, with sysadmin
responsibilities since about 1996, and at one time I really understood
the address rewriting rules. So I was reluctant to switch to Postfix,
when I know I had a bsasically working sendmail, but might have lost
some dependency in my upgrade/reinstallation.
But while there is some learning curve required ... I need to look
closely at how Postfix and SSL mesh with each other ... I got it up in
less than an hour, and some of the configuration tables like
relay-hosts even carried over.
But it turned out that the worst of the problems was a firewall
configuration that had gotten broken on the Windows/Thunderbird side
where I was sending from. The TCP connection to port 25 or 587 never
got out of the PC, which was obvious when I loaded up Wireshark on
the PC side.
I have a lot of experience over many decades, but sometimes I overlook
really stupid things, because "I did not touch that part at all, at least
not recently".
Please tell me if there is a better newsgroup that this for this
topic.
On Sat, 31 Jan 2026 21:22:20 -0000 (UTC), Lawrence D?Oliveiro wrote:
Maybe not what you want to hear, but perhaps this is a good time to give
up on Sendmail, and switch to a more rationally-designed MTA.
My memory of sendmail is it filled one of the thicker O'Reilly books all
by itself.
Maybe not what you want to hear, but perhaps this is a good time to give >>> up on Sendmail, and switch to a more rationally-designed MTA.
My memory of sendmail is it filled one of the thicker O'Reilly books all
by itself.
Indeed. And I owned it.
In the end it got so complicated that I rewrote sendmail.cf from scratch.
Got it down to about a page.
All configuration went in half a dozen text files.
That was before encryption and authentication, though.
And as sendmail.cf became entirely too unwieldy, they "solved" it my
adding a completely different "high-level" configuration language in
the form of M4 with option names that were similar to the ones in
sendmail itself, but spelled slightly differently. I never got the
hang of writing in sendmail.mc, preferring to hand edit sendmail.cf,
but only in areas where I needed to (which were very rarely needed
and confined to a single line at a time.
Postfix also has a lot of possible configuration, but it was
surprisingly easy to get a basic configuration up and running.
On Sat, 31 Jan 2026 21:22:20 -0000 (UTC), Lawrence D?Oliveiro wrote:
Maybe not what you want to hear, but perhaps this is a good time to give >>>> up on Sendmail, and switch to a more rationally-designed MTA.
On 01/02/2026 03:02, rbowman wrote:
My memory of sendmail is it filled one of the thicker O'Reilly books all >>> by itself.
On 2026-02-01, The Natural Philosopher <tnp@invalid.invalid> wrote:
Indeed. And I owned it.
In the end it got so complicated that I rewrote sendmail.cf from scratch.
Got it down to about a page.
All configuration went in half a dozen text files.
That was before encryption and authentication, though.
Indeed, the cruft was in the retention of support for long obsolete
features such as UUCP mail and address source-routing.
And as sendmail.cf became entirely too unwieldy, they "solved" it
my adding a completely different "high-level" configuration language
in the form of M4 with option names that were similar to the ones
in sendmail itself, but spelled slightly differently.
I never got the hang of writing in sendmail.mc, preferring to hand
edit sendmail.cf, but only in areas where I needed to (which
were very rarely needed and confined to a single line at a time.
So when I needed to look more closely, I now had to explore the M4
and rebuild the CF file.
Postfix also has a lot of possible configuration, but it was
surprisingly easy to get a basic configuration up and running.
At this point, I would suggest that anyone still running sendmail
on a workstation take the tie to bring up postfix at a time when things
are working well, so that the challenge of learning postfix is not
layered on to of time-critical debugging when something fails.
| Sysop: | Jacob Catayoc |
|---|---|
| Location: | Pasay City, Metro Manila, Philippines |
| Users: | 5 |
| Nodes: | 4 (0 / 4) |
| Uptime: | 20:50:48 |
| Calls: | 117 |
| Calls today: | 117 |
| Files: | 367 |
| D/L today: |
559 files (257M bytes) |
| Messages: | 70,875 |
| Posted today: | 26 |