Sendmail - Gmail - SMTP setup will not send Mail
All I need is for my Ubuntu LAMP Server to be able to send a very few Emails a day.
I am trying to use smtp.gmail.com to do so.
I done my best to jump through all of Google's Hoops.
I have looked through pages and pages in the Linode Help regarding Sedndmail - Gmail - SMTP but not found the solution.
My Linode Server
DNS on my Linode Server is set up.
rDNS is set up
SPF, DKIM, DMARC all set up for my domain and server.domain
I have a LetsEncrypt Certificate for the website on apache to be https which works.
Linode
I have contacted Linode Support and asked for port 587 to be opened, which thay have done very quickly.
Two Step Verification on My Google account is setup
App Password has been generated
Allow Less Secure Apps is ON
Sendmail
I looked at various posting and HowTos on the web to set this up, finally using this one
https://kifarunix.com/configure-sendmail-to-use-gmail-relay-on-ubuntu-18-04-debian-10-9/
Here are my Aliases hashed using newaliases command
mailer-daemon: postmaster
postmaster: root
root: gmailusername@gmail.com
mylinodeusername: gmailusername@gmail.com
Here is my sendmail.mc file with all comments removed
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-10 2018-01-13 23:43:05 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`greet_pause', `1000')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`wwoofdev.xyz')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(authinfo',hash -o /etc/mail/authinfo/gmail-smtp-auth.db')dnl
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
Here is my /etc/mail/authinfo/gmail-smtp-auth file which I have hashed infor a .db file
AuthInfo: "U:root" "I:gmailusername@gmail.com" "P:AppPassword"
Here is the command I use to test sendmail
echo "This is a test for sendmail gmail relay" | sendmail -vvv myname@somedomain.org
Here is the output of than command
myname@somedomain.org... Connecting to [127.0.0.1] via relay...
220 mylinodedomain.org ESMTP Sendmail 8.15.2/8.15.2/Debian-10; Sat, 23 Nov 2019 15:43:03 GMT; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1]
>>> EHLO mylinodedomain.org
250-mylinodedomain.org Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<mylinodeusername@mylinodedomain.org> SIZE=40 AUTH=mylinodeusername@mylinodedomain.org
250 2.1.0 <mylinodeusername@mylinodedomain.org>... Sender ok
>>> RCPT To:<myname@somedomain.org>
>>> DATA
250 2.1.5 <myname@somedomain.org>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <myname@somedomain.org>... Connecting to smtp.gmail.com. port 587 via relay...
050 220 smtp.gmail.com ESMTP b63sm2147658wmb.40 - gsmtp
050 >>> EHLO mylinodedomain.org
050 250-smtp.gmail.com at your service, [xxx.xxx.xxx.xxx]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-STARTTLS
050 250-ENHANCEDSTATUSCODES
050 250-PIPELINING
050 250-CHUNKING
050 250 SMTPUTF8
050 >>> STARTTLS
050 220 2.0.0 Ready to start TLS
050 >>> EHLO mylinodedomain.org
050 250-smtp.gmail.com at your service, [xxx.xxx.xxx.xxx]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
050 250-ENHANCEDSTATUSCODES
050 250-PIPELINING
050 250-CHUNKING
050 250 SMTPUTF8
050 >>> MAIL From:<mylinodeusername@mylinodedomain.org> SIZE=308
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 <mylinodeusername@mylinodedomain.org>... aliased to gmailusername@gmail.com
050 gmailusername@gmail.com... Using cached ESMTP connection to smtp.gmail.com. via relay...
050 >>> RSET
050 250 2.1.5 Flushed b63sm2147658wmb.40 - gsmtp
050 >>> MAIL From:<>
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 MAILER-DAEMON... aliased to postmaster
050 postmaster... aliased to root
050 root... aliased to gmailusername@gmail.com
050 postmaster... aliased to root
050 root... aliased to gmailusername@gmail.com
050 gmailusername@gmail.com... Using cached ESMTP connection to smtp.gmail.com. via relay...
050 >>> RSET
050 250 2.1.5 Flushed b63sm2147658wmb.40 - gsmtp
050 >>> MAIL From:<>
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
050 MAILER-DAEMON... aliased to postmaster
050 postmaster... aliased to root
050 root... aliased to gmailusername@gmail.com
050 MAILER-DAEMON... Saved message in /var/lib/sendmail/dead.letter
250 2.0.0 xANFh3uo014199 Message accepted for delivery
myname@somedomain.org... Sent (xANFh3uo014199 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 mylinodedomain.org closing connection
And the output in /var/lib/sendmail/dead.letter
From MAILER-DAEMON Sat Nov 23 15:43:03 2019
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
by mylinodedomain.org (8.15.2/8.15.2/Debian-10) id xANFh3up014199;
Sat, 23 Nov 2019 15:43:03 GMT
Date: Sat, 23 Nov 2019 15:43:03 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <201911231543.xANFh3up014199@mylinodedomain.org>
To: <mylinodeusername@mylinodedomain.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="xANFh3up014199.1574523783/mylinodedomain.org"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a MIME-encapsulated message
--xANFh3up014199.1574523783/mylinodedomain.org
The original message was received at Sat, 23 Nov 2019 15:43:03 GMT
from localhost [127.0.0.1]
----- The following addresses had permanent fatal errors -----
<myname@somedomain.org>
(reason: 530-5.5.1 Authentication Required. Learn more at)
----- Transcript of session follows -----
... while talking to smtp.gmail.com.:
>>> MAIL From:<mylinodeusername@mylinodedomain.org> SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
554 5.0.0 Service unavailable
--xANFh3up014199.1574523783/mylinodedomain.org
Content-Type: message/delivery-status
Reporting-MTA: dns; mylinodedomain.org
Received-From-MTA: DNS; localhost
Arrival-Date: Sat, 23 Nov 2019 15:43:03 GMT
Final-Recipient: RFC822; myname@somedomain.org
Action: failed
Status: 5.5.1
Diagnostic-Code: SMTP; 530-5.5.1 Authentication Required. Learn more at
Last-Attempt-Date: Sat, 23 Nov 2019 15:43:03 GMT
--xANFh3up014199.1574523783/mylinodedomain.org
Content-Type: text/rfc822-headers
Return-Path: <mylinodeusername@mylinodedomain.org>
Received: from mylinodedomain.org (localhost [127.0.0.1])
by mylinodedomain.org (8.15.2/8.15.2/Debian-10) with ESMTP id xANFh3uo014199
for <myname@somedomain.org>; Sat, 23 Nov 2019 15:43:03 GMT
Received: (from mylinodeusername@localhost)
by mylinodedomain.org (8.15.2/8.15.2/Submit) id xANFh2Ku014198
for myname@somedomain.org; Sat, 23 Nov 2019 15:43:02 GMT
Date: Sat, 23 Nov 2019 15:43:02 GMT
From: mylinodeusername@mylinodedomain.org
Message-Id: <201911231543.xANFh2Ku014198@mylinodedomain.org>
--xANFh3up014199.1574523783/mylinodedomain.org--
As far as I can see all is well with the -vvv output until the line
>>> MAIL From:<mylinodeusername@mylinodedomain.org> SIZE=308
Because the next two lines say:
530-5.5.1 Authentication Required. Learn more at
530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
And Also in the dead.letter file I see this
----- Transcript of session follows -----
... while talking to smtp.gmail.com.:
>>> MAIL From:<mylinodeusername@mylinodedomain.org> SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1 https://support.google.com/mail/?p=WantAuthError b63sm2147658wmb.40 - gsmtp
554 5.0.0 Service unavailable
I thought the credentials in the /etc/mail/authinfo/gmail-smtp-auth file is what Google is looking at for the connection, not he From: Email Address.
I have checked https://support.google.com/mail/?p=WantAuthError and as far as I can tell I have complied with everything.
I am not checking for mail, only sending occasional mail.
There has been a gap of 6 hours between one this morning and one just now. Not frequent!!
And the output from /var/log/mail.log
Nov 23 08:51:11 wwoof_dev sendmail[11662]: xAN8pB1s011662: to=francis@choughs.org, ctladdr=francis (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30040, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (xAN8pBgl011663 Message accepted for delivery)
Nov 23 09:07:56 wwoof_dev sm-mta[11705]: xAN97tAt011705: worker-02.sfj.corp.censys.io [198.108.66.32] did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v4
Nov 23 15:31:46 wwoof_dev sm-mta[13860]: starting daemon (8.15.2): SMTP+queueing@00:10:00
Nov 23 15:33:01 wwoof_dev sendmail[13895]: xANFX1LC013895: from=francis, size=40, class=0, nrcpts=1, msgid=<201911231533.xANFX1LC013895@wwoofdev.xyz>, relay=francis@localhost
Nov 23 15:33:01 wwoof_dev sm-mta[13896]: xANFX1lP013896: from=<francis@wwoofdev.xyz>, size=308, class=0, nrcpts=1, msgid=<201911231533.xANFX1LC013895@wwoofdev.xyz>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: STARTTLS=client, relay=smtp.gmail.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lP013896: to=<francis@choughs.org>, ctladdr=<francis@wwoofdev.xyz> (1000/1000), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30308, relay=smtp.gmail.com. [172.253.120.108], dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lP013896: xANFX1lQ013896: DSN: Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: to=themetman.fg@gmail.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30000, relay=smtp.gmail.com., dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: xANFX1lR013896: return to sender: Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lR013896: to=themetman.fg@gmail.com, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30000, relay=smtp.gmail.com., dsn=5.0.0, stat=Service unavailable
Nov 23 15:33:02 wwoof_dev sm-mta[13896]: xANFX1lQ013896: Saved message in /var/lib/sendmail/dead.letter
This log output suggests there is a DNS problem, so here are some dig command outputs
# dig +noall +answer mylinodedomain.org
mylinodedomain.org. 0 IN A xxx.xxx.xxx.xxx
# dig +noall +answer www.mylinodedomain.org
www.mylinodedomain.org. 86400 IN A xxx.xxx.xxx.xxx
# dig +noall +answer -x xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx.in-addr.arpa. 0 IN PTR mylinodedomain.org.
xxx.xxx.xxx.xxx.in-addr.arpa. 0 IN PTR mylinodeserver.mylinodedomain.org.
xxx.xxx.xxx.xxx.in-addr.arpa. 0 IN PTR mylinodeserver.
# host mylinodedomain.org
mylinodedomain.org has address xxx.xxx.xxx.xxx
mylinodedomain.org mail is handled by 10 mylinodeserver.mylinodedomain.org.
# host -t TXT mylinodedomain.org
mylinodedomain.org descriptive text "v=spf1 +a +mx -all"
# host -t TXT mylinodeserver.mylinodedomain.org
mylinodeserver.mylinodedomain.org descriptive text "v=spf1 +a +mx -all"
I can't see any problems there.
Well there you have it……
What hair I have left has now been pulled out.
I bet is is a simple thing, but for heaven's sake what?
2 Replies
Try creating a new/vanilla gmail account without 2-factor authentication, use this acc instead (less secure apps login not neccessary).
I'm having trouble sending emails via Nodemailer when running on a Debian server - SMTP port(s) probably need unblocking…
I would use postfix(1) for this. It's much easier to configure ;-) … and it uses, you know, words as configuration options…not cryptic macros with a zillion (undocumented) options. But, then again, I'm pretty biased (too many years of working with sendmail(1))…
Based on this:
MAIL From:mylinodeusername@mylinodedomain.org SIZE=308
<<< 530-5.5.1 Authentication Required. Learn more at
<<< 530 5.5.1 https://support.google.com/mail/?p=WantAuthError
b63sm2147658wmb.40 - gsmtp
It looks like Gmail's server is rejecting your mail because your server cannot authenticate itself to smtp.gmail.com properly. Look at the link: https://support.google.com/mail/?p=WantAuthError (although, it's Google so you have to be tolerant of their non-support support pages). FWIW, I would change the AUTH mechanism to PLAIN until you get this working…then move to LOGIN when you understand what is going on.
Also, you need to make sure that your mail server is not an open relay TO Gmail (that any ol' emailer can connect to your server and start spamming away at Gmail through it). The folks at Google don't take to that kind of stuff very kindly.
You mention that you have a LetsEncrypt cert for your web server but you don't say if sendmail(1) is using it as well (you have to tell the mail server to use it…and where it is…it can't figure that out for itself). I didn't see any mention of a cert in your sendmail(1) configuration.
-- sw