The motivation to configure sendmail as a client for Simple Mail Transfer Protocol with SSL (SMTPS) came about when I switched ISP's and the new service required authentication as well as the use of port 465 to submit an email for delivery. In my case the ISP was AT&T U-verse powered by Yahoo! Mail. The old ISP permitted the use of port 25 as long as your IP address was part of their network, whereas the new service blocks that port to outgoing traffic. Setting up SMTPS is fairly easy to do using a client like Evolution, however, it is not quite as straightforward to configure sendmail to do the job. The reason why I needed sendmail was to allow my home server to send email using the PHP mail function from a web page. One of the uses of this server is as a platform for website development and testing.
When researching this topic I found a number of helpful sources on the internet. One of the problems though is that they didn't have all the pieces or something was a little off. Two very helpful sources where:
- Qiao Yang's Blog - Sendmail + AUTH +SSL tunnel -> ATT Yahoo! and AT&T Yahoo Email Address Verification and Sendmail
- SMTP AUTH in sendmail 8.10-8.13
Install and configure stunnel
The initial step to setting up the SSL connection on port 465 is to configure and run
stunnel. Stunnel provides a socket wrapper for ordinary programs to use SSL. Begin by installing stunnel as root using yum.
su -c "yum install stunnel"
Once installed, the easiest way to configure stunnel is to change to the directory /etc/stunnel and edit the file stunnel.conf. This is the default configuration file for stunnel. The contents of my configuration file is as follows:
client = yes foreground = no [smtps] accept=127.0.0.1:10025 connect=smtp.att.yahoo.com:smtps
The first two lines tell it we are running as a client in the background. Line 4 begins the service name smtps. It will accept connections with the localhost on port 10025 and then connect to the ISP mail server smtp.att.yahoo.com on port 465. You can choose a port other than 10025 as long as it is an unused port and you use the same port when it comes time to configure the outgoing port in sendmail. Once installed and configured you can start stunnel by simply typing stunnel at the command line. Remember to run stunnel as root.
Left To Do
- Configure sendmail
- Dynamic DNS to allow for address verification
- Email address verification on ISP
- Double check security for any holes
- Look at the possibility of using submission Port 587