To Gain Knowledge and to become a one, who all wants to become

Dreams are not those which are seen during sleep ,but Dreams are those which do not let you sleep,so see the dreams
and work hard to make them true.

Friday, April 23, 2010

HOWTO Configure Linux `sendmail' Client with Comcast ISP and Authentication

This page describes how to configure sending and receiving mail with Comcast ISP provider. Note, that the same configuration still applies to any corporate network or other ISP providers as well.

* Configuring outgoing mail
* Configuring incoming mail
* Configuring Evolution client
* Useful links

It doesn't matter much if your machine uses dial-up PPP connection or has static address on internal network hidden behind firewall. The decisive factor is that in both cases, your ISP provider runs mail server for you. With these assumptions in mind, I have to do the following to make things work for me:
Configuring outgoing mail with sendmail

Configuring sendmail can be painfull.

1. Install sendmail configuration files

# yum -y install sendmail-cf

Configuration files are stored in /usr/share/sendmail-cf/cf.

2. Create sendmail database files

We are going to create or edit five database files:

* genericsdomain
* genericstable
* trusted-users
* local-host-names
* access

2.1 Find you host's Fully-Qualified Domain Name (FQDN)

For sendmail to work properly, you need to know your FQDN of your host:

# cd /etc/mail
# hostname -f

2.2 Create genericsdomain file

Now create /etc/mail/genericsdomain to hold your fully qualified host name.

# cd /etc/mail
# hostname -f > genericsdomain

# cat /etc/mail/genericsdomain

2.3 Create genericstable file

Now create /etc/mail/genericstable and add the following line to translate local e-mail address to the target ISP-assigned sender e-mail address:

2.4 Mark your account as trusted user

Add your account to /etc/mail/trusted-users file:

# trusted-users - users that can send mail as others without a warning
# apache, mailman, majordomo, uucp, are good candidates


2.5 List all aliases of your host

Edit /etc/mail/local-host-names file and add FQDN of your host.

# local-host-names - include all aliases for your machine here.


2.6 Create authentication database file

To fight the spam, comcast has blocked port 22 and, instead, requires mail client programs to connect to port 587 and authenticate themselves.

The first thing is to find out if you have the correct username and password that will work with comcast. That can be verified out rather easily:

* Go to encode.html. This JavaScript executes locally on your machine (you can examine the page source yourself) and you can use it to convert your username and password to base64.
* ... TBD ...

Find canonical name of the comcast SMTP service:

# nslookup


Non-authoritative answer: canonical name =

The canonical name happens to be

To find out if your version of sendmail has built in authentication protocol(s):

# /usr/sbin/sendmail.sendmail -d0.1 -bt < /dev/null

Version 8.14.2

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = dollar
(canonical domain name) $j =
(subdomain name) $m =
(node name) $k =

Clearly, SASLv2 protocol is built in

Now, edit /etc/mail/access file and add AuthInfo entries:

# By default we allow relaying from localhost...

Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect: RELAY "U:3rdshift[AT]" "I:3rdshift[AT]" "P:YourPasswordHere" "U:3rdshift[AT]" "I:3rdshift[AT]" "P:YourPasswordHere"

Both 'U' (user) and 'I' (id) should hold your e-mail address. Don't forget to replace "[AT]" with '@'. Read more about it AUTH related part of sendmail manual.

Make sure access file can be read only by a trusted user:

# chmod 600 /etc/mail/access

Now, we are ready to modify /etc/mail/ configuration file.
3. Edit file

To create your *.mc configuration file, use comcast sendmail template,, as a starting point.

$ su
# cd /etc/mail
# wget
# cp

Open in the editor and make following modifications:

define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl

FEATURE(`authinfo',`hash /etc/mail/access')dnl

FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl


FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl

3.1 Explanation


tells sendmail to relay all of the outgoing mail to my ISP's mail server.


tells sendmail to masquerade From: to domain sendmail will convert my initial address `vlg[AT]' to `vlg[AT]'.

The last pair of lines

FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl

completes the e-mail address translation. It will transform `vlg[AT]' into `3rdshift[AT]'.
4. Compile and install sendmail configuration file

To generate all database files and configuration file:

# cd /etc/mail
# make clean
# make

make utility will compile all ".db" files from their sources and convert into file.
5. Restart sendmail service

# /sbin/service sendmail restart

You should see no errors in /var/log/maillog. Try to send an e-mail out and verify its delivery. If authentication with Comcast should fail, sendmail will deliver denial reply from comcast to the 'root' user. Login as 'root' and examine the reply for further assistance.
Configuring incoming mail with fetchmail
1. Create configuration profile

For starters, fetchmailconf configuration tool will do most of the job. It is useful in autodetecting the protocol type your used by your ISP's mail server. The resultant configuration file ~/.fetchmailrc should have 0600 permissions and will look similar to this:

set logfile "/home/vlg/Mail/fetchmail.log"
#set syslog
set postmaster "vlg"
set bouncemail
set properties ""
set daemon 5

poll with proto POP3 and options no dns uidl
user 3rdshift there with password MyPassword is vlg
here options fetchall
antispam 571 550 501 554

Apparently, fetchall option is very important. Otherwise, not all messages will be delivered to your local machine with POP3 server. Also, it should come last in the line. Otherwise, default values for other options that follows might be assumed.

For PPP dial-up networks it might be wiser to start it when connection is established and bring it down when connection is torn apart. The commans for staring is:

fetchmail -d 180

This will run fetchmail as a daemon process, polling mail server every 3 minutes.
To stop fetchmail:

fetchmail -q

To run fetchmail from cron job, schedule the following command with crontab -e :

0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,54,57 0-23 * * * fetchmail
-d0 -s -t 30 -f /home/vlg/.fetchmailrc > /dev/null 2>&1

That is to say: Run fetchmail polling every 3 minutes around the clock, with [-t 30] connection timeout of 30 seconds to ISP's mail server, [-s] in silent mode, [-d0] not as a daemon, [-f fname] using my configuration file.

That's pretty much it. Enjoy reading your mail!
Configure Evolution

Configure Evolution for local delivery:

* Identitiy:

1. Email address: 3rdshfit-AT-comcast-dot-net
2. Make this my default account: Yes

* Receiving mail:

1. Server type: Local delivery
2. Configuration: /var/spool/mail/vlg

* Receiving options:

1. Checking for New Mail: Yes (every 10 minutes)

* Sending Mail:

1. Server Type: sendmail

* Timezone

1. Selection: America/New York

Usefull links

There are tons of those, but very few I found are down to the point:

* Comcast-specific sendmail setup
* Sendmail home page
* Fetchmail home page
* The Linux Electronic Mail Administrator HOWTO
* Official Mutt e-mail reader home page
* mutt-users mailing list archive
* Evolution mail client

No comments:

Post a Comment