E-mail, graphical and otherwise

Nicolas Galler beanie at gryphonmud.com
Sat May 10 21:25:02 PDT 2003 

On Sat, May 10, 2003 at 08:02:39PM -0400, Ernest H. Rice wrote:
> Folks:
> First, kudos on a great UNIX!
> Having wokred with many UNiXs over they years I must admit I like FreeBSD the 
> best!
> 
> Coming from the old school of System V, I am accustomed to using command line 
> email for many things. Of course, in this day and age I have moved on to 
> GUIs, and the mailers they provide. They surely are far more practical than 
> the original /bin/mail and mailx I worked with in the old days.
> 
> But things aren't always well suited for GUI email. When you are scripting 
> something, and want to generate an email message, one still needs a command 
> line mailer. I find myself in this situation often.
> 
> For quite some time I have been able to configure sendmail to use a smart host 
> for relaying of my email to the outside world. I would ljust point sendmail 
> at my ISP's mail system, and away my email woudl go to its intended 
> recipient.
> 
> As spammers have appeared, my ISp has tightened the security on the system 
> they allow to relay through them. They now require authentication.
> 
> With the graphical mailers, this is not a problem. I select Authenticated SMTP 
> for outgoing and POP for incoming and everything works well.
> 
> The command line is another story. When I configure sendmail to do the smart 
> host, and I generate email from the command line there is no authentication 
> being performed, AND to make matters worse, my ISP's machine insists on being 
> able to perform a reverse lookup of my IP address to let me relay. Like most 
> people, I have broadband at the home-office, and with that I have a dynamic 
> IP. The dynamic IP makes the reverse lookup fail. That coupled with the lack 
> of authentication has been causing me great pain for some time now.
> 
> I have tried anubis, but that does not work for me sa I still fail on the 
> reverse lookup. I have talked with various people and none have been able to 
> recommend an elegant solution.
> 
> So I approach the 'gurus'...
> 
> What I am searching for is a comand line environment for email, which will 
> offer me the same options - and hopefully the same ease of configuration - as 
> the graphical mailers. A command line solution which will not be caught up in 
> the reverse lookup problem, and also be able to perform the necessary 
> authentication. Masquerading would also be nice, since I want to have all my 
> email 'appear' as if it originated from my domain, which is hosted by my ISP 
> (as opposed to being obvious that it originated from my basement).
> 
> For your perusal I am including the output from a sendmail session which shows 
> the rejection of my email through my ISP. 
> 
> I have worked on this problem for months now, and am at the end of my rope 
> (otherwise I would not bother you folks with this). If I have this problem, I 
> am sure others do also.
> 
> PLEASE, think about this and let me know if you have any ideas.
> 
> Thanks in advance...
> 
> Ernie Rice
> 
> 220-occp4.ocservers.net ESMTP Exim 3.36 #1 Sat, 10 May 2003 16:55:43 -0700
> 220-We do not authorize the use of this system to transport unsolicited,
> 220 and/or bulk e-mail.
> >>> EHLO fred.ehr3.net
> 250-occp4.ocservers.net Hello pool-151-198-132-161.mad.east.verizon.net 
> [151.198.132.161]
> 250-SIZE
> 250-PIPELINING
> 250-AUTH PLAIN LOGIN
> 250-STARTTLS
> 250 HELP
> >>> MAIL From:<ehr3 at fred.ehr3.net> SIZE=5
> 250 reject all recipients: 3 times bad sender <ehr3 at fred.ehr3.net>
> >>> RCPT To:<ehr3 at ehr3.com>
> >>> DATA
> 550 cannot route to sender address <ehr3 at fred.ehr3.net>
> 503 Valid RCPT TO <recipient> must precede DATA
> >>> RSET
> 250 Reset OK
> ehr3... Connecting to [127.0.0.1] via relay...
> ehr3... Deferred: Connection refused by [127.0.0.1]
> Closing connection to mail.ehr3.com.
> >>> QUIT
> 221 occp4.ocservers.net closing connection
> 
> 

It seems your isp does not want to route e-mail with a domain different from
theirs. You can configure your sendmail to convince them it's ok, something
like
MASQUERADE_AS(`your-isp-domain.com')
FEATURE(masquerade_envelope)

in the .mc file did the trick for me (might want to review the sendmail doc
for additional options). No idea how to have sendmail authenticate itself with
the ISP smtp, if masquerading isn't enough.

I don't quite understand the purpose of this measure (for the ISP) but I am no
email security expert :)

Nicolas Galler

More information about the freebsd-questions mailing list