jpstaub
New Member
- Joined
- Apr 8, 2016
- Messages
- 9
- Reaction score
- 4
Background: This is a follow-on to a tutorial about using SparkPost as an SMTP relay for SendMail. While STARTTLS was not required to use SparkPost as an SMTP relay, SparkPost does advertise STARTTLS encryption. It's not clear to me whether or not SparkPost and SendMail communicate under STARTTLS after the feature is incorporated in Incredible PBX. But adding STARTTLS didn't hurt anything.
Click here for STARTTLS instructions.
1. Establish an SSH connection to Incredible PBX with user root.
2. After STEP 5 goto the bottom of the instruction page and follow instructions for altering the "sendmail.mc" file. It's easiest to do so with Webmin.
Inside Webmin the path to modify "sendmail.mc" is: Servers>>Sendmail Mail Server>>Sendmail M4 Configuration. After modification "sendmail.mc" should look like the snippet included below:
After rebuilding the sendmail configuration (use the button at the bottom of the Webmin Sendmail M4 Configuration page) and starting the Sendmail server (use the button at the bottom of the Sendmail Mail Server page) STARTTLS should be incorporated.
To check on STARTTLS status:
1. Install telnet:
2. Type: telnet localhost 587
3. Type: EHLO localhost
4. Type: quit. Quit ends the telnet session.
5. See below for the progression of events. Note that STARTTLS is listed.
Notice in the above code that LOGIN and PLAIN are missing from the AUTH types even though they are specified in "sendmail.mc". Sendmail hides those options because a security layer is not active.
If you're interested, you can use telnet to check out how other mail servers are set up. Here's what SparkPost looks like:
Ha! SparkPost is uses Amazon Web Services to get the job done.
Click here for STARTTLS instructions.
1. Establish an SSH connection to Incredible PBX with user root.
2. After STEP 5 goto the bottom of the instruction page and follow instructions for altering the "sendmail.mc" file. It's easiest to do so with Webmin.
Inside Webmin the path to modify "sendmail.mc" is: Servers>>Sendmail Mail Server>>Sendmail M4 Configuration. After modification "sendmail.mc" should look like the snippet included below:
Code:
...
dnl # TLS setup
define(`confCACERT_PATH', `/etc/mail/cert')dnl
define(`confCACERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl
define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
define(`SMART_HOST',`[smtp.sparkpostmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo/sparkpost-auth.db')dnl
MAILER(`local')dnl
MAILER(`smtp')dnlAfter rebuilding the sendmail configuration (use the button at the bottom of the Webmin Sendmail M4 Configuration page) and starting the Sendmail server (use the button at the bottom of the Sendmail Mail Server page) STARTTLS should be incorporated.
To check on STARTTLS status:
1. Install telnet:
Code:
apt-get install telnet3. Type: EHLO localhost
4. Type: quit. Quit ends the telnet session.
5. See below for the progression of events. Note that STARTTLS is listed.
Code:
$ telnet localhost 587
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 noreply.incrediblepbx.com ESMTP Sendmail 8.14.4/8.14.4/Debian-8; Fri, 22 Apr 2016 17:49:03 -0400; (No UCE/UBE) logging access from: pbx.local(OK)-pbx.local [127.0.0.1]
EHLO localhost
250-noreply.incrediblepbx.com Hello pbx.local [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
quitNotice in the above code that LOGIN and PLAIN are missing from the AUTH types even though they are specified in "sendmail.mc". Sendmail hides those options because a security layer is not active.
If you're interested, you can use telnet to check out how other mail servers are set up. Here's what SparkPost looks like:
Code:
$ telnet smtp.sparkpostmail.com 587
Trying 52.89.250.80...
Connected to smtp.sparkpostmail.com.
Escape character is '^]'.
220 2.0.0 smtp.sparkpostmail.com ESMTP ecelerity 4.2.17.54380 r(Core:4.2.17.4) Fri, 22 Apr 2016 22:41:25 +0000
EHLO localhost
250-momentum5.platform1.us-west-2.aws.cl.messagesystems.com says EHLO to 70.16.193.130:59667
250-STARTTLS
250-8BITMIME
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250-PIPELINING
250 ENHANCEDSTATUSCODESHa! SparkPost is uses Amazon Web Services to get the job done.
Phone System 