Sendmail - Gmail - SMTP setup will not send Mail

All I need is for my Ubuntu LAMP Server to be able to send a very few Emails a day.
I am trying to use smtp.gmail.com to do so.
I done my best to jump through all of Google's Hoops.

I have looked through pages and pages in the Linode Help regarding Sedndmail - Gmail - SMTP but not found the solution.

My Linode Server

DNS on my Linode Server is set up.
rDNS is set up
SPF, DKIM, DMARC all set up for my domain and server.domain

I have a LetsEncrypt Certificate for the website on apache to be https which works.

Linode

I have contacted Linode Support and asked for port 587 to be opened, which thay have done very quickly.

Google

Two Step Verification on My Google account is setup
App Password has been generated
Allow Less Secure Apps is ON

Sendmail

I looked at various posting and HowTos on the web to set this up, finally using this one
https://kifarunix.com/configure-sendmail-to-use-gmail-relay-on-ubuntu-18-04-debian-10-9/

Here are my Aliases hashed using newaliases command

mailer-daemon: postmaster
postmaster:    root
root: [email protected]
mylinodeusername: [email protected]

Here is my sendmail.mc file with all comments removed

divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-10 2018-01-13 23:43:05 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl        #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`greet_pause', `1000')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`wwoofdev.xyz')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(authinfo',hash -o /etc/mail/authinfo/gmail-smtp-auth.db')dnl
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

Here is my /etc/mail/authinfo/gmail-smtp-auth file which I have hashed infor a .db file

AuthInfo: "U:root" "I:[email protected]" "P:AppPassword"

Here is the command I use to test sendmail

echo "This is a test for sendmail gmail relay" | sendmail -vvv [email protected]

Here is the output of than command

[email protected] Connecting to [127.0.0.1] via relay...
220 mylinodedomain.org ESMTP Sendmail 8.15.2/8.15.2/Debian-10; Sat, 23 Nov 2019 15:43:03 GMT; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
>>> EHLO mylinodedomain.org
250-mylinodedomain.org Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<[email protected]> SIZE=40 [email protected]
250 2.1.0 <[email protected]>... Sender ok
>>> RCPT To:<[email protected]>
>>> DATA
250 2.1.5 <[email protected]>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <[email protected]>... Connecting to smtp.gmail.com. port 587 via relay...
050 220 smtp.gmail.com ESMTP b63sm2147658wmb.40 - gsmtp
050 >>> EHLO mylinodedomain.org
050 250-smtp.gmail.com at your service, [xxx.xxx.xxx.xxx]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-STARTTLS
050 250-ENHANCEDSTATUSCODES
050 250-PIPELINING
050 250-CHUNKING
050 250 SMTPUTF8
050 >>> STARTTLS
050 220 2.0.0 Ready to start TLS
050 >>> EHLO mylinodedomain.org
050 250-smtp.gmail.com at your service, [xxx.xxx.xxx.xxx]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
050 250-ENHANCEDSTATUSCODES
050 250-PIPELINING
050 250-CHUNKING
050 250 SMTPUTF8
050 >>> MAIL From:<[email protected]> SIZE=308
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 <[email protected]>... aliased to [email protected]
050 [email protected] Using cached ESMTP connection to smtp.gmail.com. via relay...
050 >>> RSET
050 250 2.1.5 Flushed b63sm2147658wmb.40 - gsmtp
050 >>> MAIL From:<>
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 MAILER-DAEMON... aliased to postmaster
050 postmaster... aliased to root
050 root... aliased to [email protected]
050 postmaster... aliased to root
050 root... aliased to [email protected]
050 [email protected] Using cached ESMTP connection to smtp.gmail.com. via relay...
050 >>> RSET
050 250 2.1.5 Flushed b63sm2147658wmb.40 - gsmtp
050 >>> MAIL From:<>
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 MAILER-DAEMON... aliased to postmaster
050 postmaster... aliased to root
050 root... aliased to [email protected]
050 MAILER-DAEMON... Saved message in /var/lib/sendmail/dead.letter
250 2.0.0 xANFh3uo014199 Message accepted for delivery
[email protected] Sent (xANFh3uo014199 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 mylinodedomain.org closing connection

And the output in /var/lib/sendmail/dead.letter

From MAILER-DAEMON Sat Nov 23 15:43:03 2019
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
    by mylinodedomain.org (8.15.2/8.15.2/Debian-10) id xANFh3up014199;
    Sat, 23 Nov 2019 15:43:03 GMT
Date: Sat, 23 Nov 2019 15:43:03 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <[email protected]>
To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="xANFh3up014199.1574523783/mylinodedomain.org"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--xANFh3up014199.1574523783/mylinodedomain.org

The original message was received at Sat, 23 Nov 2019 15:43:03 GMT
from localhost [127.0.0.1]

   ----- The following addresses had permanent fatal errors -----
<[email protected]>
    (reason: 530-5.5.1 Authentication Required. Learn more at)

   ----- Transcript of session follows -----
... while talking to smtp.gmail.com.:
>>> MAIL From:<[email protected]> SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
554 5.0.0 Service unavailable

--xANFh3up014199.1574523783/mylinodedomain.org
Content-Type: message/delivery-status

Reporting-MTA: dns; mylinodedomain.org
Received-From-MTA: DNS; localhost
Arrival-Date: Sat, 23 Nov 2019 15:43:03 GMT

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.5.1
Diagnostic-Code: SMTP; 530-5.5.1 Authentication Required. Learn more at
Last-Attempt-Date: Sat, 23 Nov 2019 15:43:03 GMT

--xANFh3up014199.1574523783/mylinodedomain.org
Content-Type: text/rfc822-headers

Return-Path: <[email protected]>
Received: from mylinodedomain.org (localhost [127.0.0.1])
    by mylinodedomain.org (8.15.2/8.15.2/Debian-10) with ESMTP id xANFh3uo014199
    for <[email protected]>; Sat, 23 Nov 2019 15:43:03 GMT
Received: (from [email protected])
    by mylinodedomain.org (8.15.2/8.15.2/Submit) id xANFh2Ku014198
    for [email protected]; Sat, 23 Nov 2019 15:43:02 GMT
Date: Sat, 23 Nov 2019 15:43:02 GMT
From: [email protected]
Message-Id: <[email protected]>

--xANFh3up014199.1574523783/mylinodedomain.org--

As far as I can see all is well with the -vvv output until the line

>>> MAIL From:<[email protected]> SIZE=308

Because the next two lines say:

530-5.5.1 Authentication Required. Learn more at
530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp

And Also in the dead.letter file I see this

   ----- Transcript of session follows -----
... while talking to smtp.gmail.com.:
>>> MAIL From:<[email protected]> SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1  https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
554 5.0.0 Service unavailable

I thought the credentials in the /etc/mail/authinfo/gmail-smtp-auth file is what Google is looking at for the connection, not he From: Email Address.

I have checked https://support.google.com/mail/?p=WantAuthError and as far as I can tell I have complied with everything.

I am not checking for mail, only sending occasional mail.
There has been a gap of 6 hours between one this morning and one just now. Not frequent!!

And the output from /var/log/mail.log

Nov 23 08:51:11 wwoof_dev sendmail[11662]: xAN8pB1s011662: [email protected], ctladdr=francis (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30040, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (xAN8pBgl011663 Message accepted for delivery)
Nov 23 09:07:56 wwoof_dev sm-mta[11705]: xAN97tAt011705: worker-02.sfj.corp.censys.io [198.108.66.32] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v4
Nov 23 15:31:46 wwoof_dev sm-mta[13860]: starting daemon (8.15.2): [email protected]:10:00
Nov 23 15:33:01 wwoof_dev sendmail[13895]: xANFX1LC013895: from=francis, size=40, class=0, nrcpts=1, msgid=<[email protected]>, [email protected]
Nov 23 15:33:01 wwoof_dev sm-mta[13896]: xANFX1lP013896: from=<[email protected]>, size=308, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: STARTTLS=client, relay=smtp.gmail.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lP013896: to=<[email protected]>, ctladdr=<[email protected]> (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30308, relay=smtp.gmail.com. [172.253.120.108], dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lP013896: xANFX1lQ013896: DSN: Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30000, relay=smtp.gmail.com., dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: xANFX1lR013896: return to sender: Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lR013896: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30000, relay=smtp.gmail.com., dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: Saved message in /var/lib/sendmail/dead.letter

This log output suggests there is a DNS problem, so here are some dig command outputs

# dig +noall +answer mylinodedomain.org
mylinodedomain.org.        0   IN  A   xxx.xxx.xxx.xxx

# dig +noall +answer www.mylinodedomain.org
www.mylinodedomain.org.    86400   IN  A   xxx.xxx.xxx.xxx

# dig +noall +answer -x xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx.in-addr.arpa. 0    IN  PTR mylinodedomain.org.
xxx.xxx.xxx.xxx.in-addr.arpa. 0    IN  PTR mylinodeserver.mylinodedomain.org.
xxx.xxx.xxx.xxx.in-addr.arpa. 0    IN  PTR mylinodeserver.

# host mylinodedomain.org
mylinodedomain.org has address xxx.xxx.xxx.xxx
mylinodedomain.org mail is handled by 10 mylinodeserver.mylinodedomain.org.

# host -t TXT mylinodedomain.org
mylinodedomain.org descriptive text "v=spf1 +a +mx -all"

# host -t TXT mylinodeserver.mylinodedomain.org
mylinodeserver.mylinodedomain.org descriptive text "v=spf1 +a +mx -all"

I can't see any problems there.

Well there you have it……

What hair I have left has now been pulled out.

I bet is is a simple thing, but for heaven's sake what?

2 Replies

Try creating a new/vanilla gmail account without 2-factor authentication, use this acc instead (less secure apps login not neccessary).

I'm having trouble sending emails via Nodemailer when running on a Debian server - SMTP port(s) probably need unblocking…

I would use postfix(1) for this. It's much easier to configure ;-) … and it uses, you know, words as configuration options…not cryptic macros with a zillion (undocumented) options. But, then again, I'm pretty biased (too many years of working with sendmail(1))…

Based on this:

MAIL From:mylinodeusername@mylinodedomain.org SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1 https://support.google.com/mail/?p=WantAuthError
b63sm2147658wmb.40 - gsmtp

It looks like Gmail's server is rejecting your mail because your server cannot authenticate itself to smtp.gmail.com properly. Look at the link: https://support.google.com/mail/?p=WantAuthError (although, it's Google so you have to be tolerant of their non-support support pages). FWIW, I would change the AUTH mechanism to PLAIN until you get this working…then move to LOGIN when you understand what is going on.

Also, you need to make sure that your mail server is not an open relay TO Gmail (that any ol' emailer can connect to your server and start spamming away at Gmail through it). The folks at Google don't take to that kind of stuff very kindly.

You mention that you have a LetsEncrypt cert for your web server but you don't say if sendmail(1) is using it as well (you have to tell the mail server to use it…and where it is…it can't figure that out for itself). I didn't see any mention of a cert in your sendmail(1) configuration.

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct