Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
I need to send email using smtp on port 587 on a Red Hat Linux ES 3 system.
I have a customer that I inherited running Red Hat Linux ES 3 that wants to send email from the Linux side.
I need to be able to send email using port 587.
cat /etc/redhat-release
Red Hat Enterprise Linux ES release 3 (Taroon)
The Windows support person says smtp must use port 587.
SMTP: smtp.emailarray.com Port: 587
Login: info@computerohio.com
/etc/services
smtp 25/tcp mail
smtp 25/udp mail
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
Since 587 is used by submission can smtp also be changed to 587 in the /etc/services file?
netstat -tanp | grep send | grep LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 483/sendmail: acce
The Windows support person also says the following:
The Windows server is running DNS, so you may want to change the DNS servers to:
10.10.10.176
8.8.8.8
It should resolve "smtp.emailarray.com" to 69.28.212.198.
cat /etc/resolv.conf
nameserver 10.10.10.1
nameserver 68.10.16.25
nameserver 10.10.10.176
nameserver 8.8.8.8
search appemc
cat /etc/sysconfig/networking/
# Intel Corp.|82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
BROADCAST=10.10.10.255
HWADDR=00:c0:9f:27:7b:8f
IPADDR=10.10.10.100
NETMASK=255.255.255.0
NETWORK=10.10.10.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
GATEWAY=10.10.10.1
cat /etc/sysconfig/networking/
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost appemc
10.10.10.100 emc2
10.10.10.175 emcws
10.10.10.176 emcws2
10.10.10.93 upspc
10.10.11.2 dhk61353
#65.39.216.39 smtp.emailarray.com
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=appemc
cat /etc/sysconfig/networking/
HOSTNAME=appemc
grep DS /etc/mail/sendmail.cf
DS
# Return-Receipt-To: header implies DSN request
# DHParameters (only required if DSA/DH is used)
grep SMART sendmail.mc
dnl define(`SMART_HOST',`smtp.
grep DAEMON sendmail.mc
DAEMON_OPTIONS(`Port=smtp,
dnl DAEMON_OPTIONS(`Port=submi
dnl DAEMON_OPTIONS(`Port=smtps
dnl DAEMON_OPTIONS(`port=smtp,
Below is an entry from /var/log/maillog:
Nov 8 22:17:11 localhost sendmail[18475]: vA93GY7L018471: to=<dkaibjr@verizon.n
et>, ctladdr=<root@localhost.lo
, mailer=esmtp, pri=33202, relay=mailin-01.mx.aol.com
, stat=Service unavailable
I did not install the Red Hat Linux on this system and not local to the equipment.
I do not have access to the console so everything I do needs to be from the command line.
One issue found from the original install was that the hostname was set as
HOSTNAME=localhost.localdo
Thank you for any help you can provide.
Dan
I need to be able to send email using port 587.
cat /etc/redhat-release
Red Hat Enterprise Linux ES release 3 (Taroon)
The Windows support person says smtp must use port 587.
SMTP: smtp.emailarray.com Port: 587
Login: info@computerohio.com
/etc/services
smtp 25/tcp mail
smtp 25/udp mail
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
Since 587 is used by submission can smtp also be changed to 587 in the /etc/services file?
netstat -tanp | grep send | grep LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 483/sendmail: acce
The Windows support person also says the following:
The Windows server is running DNS, so you may want to change the DNS servers to:
10.10.10.176
8.8.8.8
It should resolve "smtp.emailarray.com" to 69.28.212.198.
cat /etc/resolv.conf
nameserver 10.10.10.1
nameserver 68.10.16.25
nameserver 10.10.10.176
nameserver 8.8.8.8
search appemc
cat /etc/sysconfig/networking/
# Intel Corp.|82540EM Gigabit Ethernet Controller
DEVICE=eth0
BOOTPROTO=none
BROADCAST=10.10.10.255
HWADDR=00:c0:9f:27:7b:8f
IPADDR=10.10.10.100
NETMASK=255.255.255.0
NETWORK=10.10.10.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
GATEWAY=10.10.10.1
cat /etc/sysconfig/networking/
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost appemc
10.10.10.100 emc2
10.10.10.175 emcws
10.10.10.176 emcws2
10.10.10.93 upspc
10.10.11.2 dhk61353
#65.39.216.39 smtp.emailarray.com
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=appemc
cat /etc/sysconfig/networking/
HOSTNAME=appemc
grep DS /etc/mail/sendmail.cf
DS
# Return-Receipt-To: header implies DSN request
# DHParameters (only required if DSA/DH is used)
grep SMART sendmail.mc
dnl define(`SMART_HOST',`smtp.
grep DAEMON sendmail.mc
DAEMON_OPTIONS(`Port=smtp,
dnl DAEMON_OPTIONS(`Port=submi
dnl DAEMON_OPTIONS(`Port=smtps
dnl DAEMON_OPTIONS(`port=smtp,
Below is an entry from /var/log/maillog:
Nov 8 22:17:11 localhost sendmail[18475]: vA93GY7L018471: to=<dkaibjr@verizon.n
et>, ctladdr=<root@localhost.lo
, mailer=esmtp, pri=33202, relay=mailin-01.mx.aol.com
, stat=Service unavailable
I did not install the Red Hat Linux on this system and not local to the equipment.
I do not have access to the console so everything I do needs to be from the command line.
One issue found from the original install was that the hostname was set as
HOSTNAME=localhost.localdo
Thank you for any help you can provide.
Dan
Asked:
5-
4
1 Solution
Hi David,
Thank you for the quick reply.
They use the software package BackupEDGE to backup the Linux system.
BackupEDGE can email the results to an email address.
The mail system is not used on the Linux system.
I need to use SMTP to smtp.emailarray.com on Port 587
Below is the test of the SMTP Service:
[root@appemc root]# telnet smtp.emailarray.com 587
Trying 69.28.212.198...
Connected to smtp.emailarray.com (69.28.212.198).
Escape character is '^]'.
220 smtp2.emailarray.com ESMTP
helo
250 smtp2.emailarray.com
mail from: accounting@etched-metal.co
250 ok
rcpt to: mike@etched-metal.com
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
Not sure if that answers your question.
Thank you for the quick reply.
They use the software package BackupEDGE to backup the Linux system.
BackupEDGE can email the results to an email address.
The mail system is not used on the Linux system.
I need to use SMTP to smtp.emailarray.com on Port 587
Below is the test of the SMTP Service:
[root@appemc root]# telnet smtp.emailarray.com 587
Trying 69.28.212.198...
Connected to smtp.emailarray.com (69.28.212.198).
Escape character is '^]'.
220 smtp2.emailarray.com ESMTP
helo
250 smtp2.emailarray.com
mail from: accounting@etched-metal.co
250 ok
rcpt to: mike@etched-metal.com
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
Not sure if that answers your question.
Looks like you have two problems.
1) The server smtp2.emailarray.com seems misconfigured to allow plain text connections, so anyone can scrape the user/pass for authentications. This is incorrect. Port 25 is reserved for non-authenticated mail submission + port 587 is reserved for authenticated mail submission.
2) The server smtp2.emailarray.com should have prompted for a user/pass to start a session.
3) The server smtp2.emailarray.com must be configured to accept email for the appemc machine or for mike@etched-metal.com to accept email for relaying or delivery.
I'd suggest you switch to using MailGun (free for first 10K email each month), so you can avoid fixing the smtp2.emailarray.com server config.
1) The server smtp2.emailarray.com seems misconfigured to allow plain text connections, so anyone can scrape the user/pass for authentications. This is incorrect. Port 25 is reserved for non-authenticated mail submission + port 587 is reserved for authenticated mail submission.
2) The server smtp2.emailarray.com should have prompted for a user/pass to start a session.
3) The server smtp2.emailarray.com must be configured to accept email for the appemc machine or for mike@etched-metal.com to accept email for relaying or delivery.
I'd suggest you switch to using MailGun (free for first 10K email each month), so you can avoid fixing the smtp2.emailarray.com server config.
smtp.emailarray.com is already handling the users Windows email side without any problem.
Is there a way to send the authentication via the Linux sendmail?
I have no involvement with the Windows side of this installation.
I can only deal with the Linux application side of installation.
smtp.emailarray.com does not allow port 25 to be used.
The Linux services file shows smtp on port 25 and submission on port 587 below:
/etc/services
smtp 25/tcp mail
smtp 25/udp mail
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
Can both smtp and submission use port 587 in the /etc/services file?
Thanks for your help,
Dan
Is there a way to send the authentication via the Linux sendmail?
I have no involvement with the Windows side of this installation.
I can only deal with the Linux application side of installation.
smtp.emailarray.com does not allow port 25 to be used.
The Linux services file shows smtp on port 25 and submission on port 587 below:
/etc/services
smtp 25/tcp mail
smtp 25/udp mail
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission
Can both smtp and submission use port 587 in the /etc/services file?
Thanks for your help,
Dan
Per your previous update, the server smtp2.emailarray.com is misconfigured for how port 587 is meant to be used.
Port 25 - unauthenticated email submission.
Port 587 - authenticated (user/pass) email submission, usually behind TLS/SSL or it's pointless to run port 587 submission.
Answers to your questions.
1) Is there a way to send the authentication via the Linux sendmail?
Yes + you will have to configure sendmail to do this... which will likely have you pulling your hair out.
Before you start down this track, use http://www.jetmore.org/joh
Can't tell you how many times I've found bugs in receiving email systems, using swaks.
If you can't send a test message with swaks, you can't configure sendmail to send either.
Also, you'll be far better off using exim or postfix or if you're using a CMS like WordPress, use a plugin... rather than wrestling with sendmail.
2) I have no involvement with the Windows side of this installation.
You still have to verify this system is configured correctly. If you're sending unauthenticated email, use port 25. Even if their port 587 works now, this is a misconfiguration which might be fixed at any point.
3) I can only deal with the Linux application side of installation.
Start with swaks, then move onto configure either a CMS plugin or your MTA.
4) Can both smtp and submission use port 587 in the /etc/services file?
You misunderstand the purpose of /etc/services which only documents how ports are normally used.
This file is really a NOP (no operation, meaningless) file. You can run Apache or LDAP on port 25, if you'd like.
The /etc/services file is used for services like netstat to produce human readable translations for ports + has very little to do with reality.
Also /etc/services only relates to local machines + has no bearing on remote machines.
Port 25 - unauthenticated email submission.
Port 587 - authenticated (user/pass) email submission, usually behind TLS/SSL or it's pointless to run port 587 submission.
Answers to your questions.
1) Is there a way to send the authentication via the Linux sendmail?
Yes + you will have to configure sendmail to do this... which will likely have you pulling your hair out.
Before you start down this track, use http://www.jetmore.org/joh
Can't tell you how many times I've found bugs in receiving email systems, using swaks.
If you can't send a test message with swaks, you can't configure sendmail to send either.
Also, you'll be far better off using exim or postfix or if you're using a CMS like WordPress, use a plugin... rather than wrestling with sendmail.
2) I have no involvement with the Windows side of this installation.
You still have to verify this system is configured correctly. If you're sending unauthenticated email, use port 25. Even if their port 587 works now, this is a misconfiguration which might be fixed at any point.
3) I can only deal with the Linux application side of installation.
Start with swaks, then move onto configure either a CMS plugin or your MTA.
4) Can both smtp and submission use port 587 in the /etc/services file?
You misunderstand the purpose of /etc/services which only documents how ports are normally used.
This file is really a NOP (no operation, meaningless) file. You can run Apache or LDAP on port 25, if you'd like.
The /etc/services file is used for services like netstat to produce human readable translations for ports + has very little to do with reality.
Also /etc/services only relates to local machines + has no bearing on remote machines.
Hi David,
Thank you for you help. Sorry it took so long to get back to you.
It tried swaks on port 25 and attempted to run it on port 587.
Below are the results:
The port 25 test starts here:
alias vrfy='/usr/dhk/swaks-20170
vrfy smtp.emailarray.com
=== Trying smtp.emailarray.com:25...
=== Connected to smtp.emailarray.com.
<- 220 smtp2.emailarray.com ESMTP
-> EHLO localhost.localdomain
<- 250-smtp2.emailarray.com
<- 250-STARTTLS
<- 250-AUTH LOGIN CRAM-MD5 PLAIN
<- 250-AUTH=LOGIN CRAM-MD5 PLAIN
<- 250-PIPELINING
<- 250 8BITMIME
-> MAIL FROM:<root@localhost.local
<- 250 ok
-> RCPT TO:<smtp.emailarray.com>
<** 550 sorry, no mailbox here by that name
-> QUIT
<- 221 smtp2.emailarray.com
=== Connection closed with remote host.
The port 587 test starts here:
alias vrfy='/usr/dhk/swaks-20170
vrfy smtp.emailarray.com
To: mike@etched-metal.com
=== Trying mx1.emailsrvr.com:587...
*** Error connecting to mx1.emailsrvr.com:587:
*** IO::Socket::INET: connect: timeout
swaks looks similar to the smtp telnet test that I run that produced the following error:
rcpt to: accounting@etched-metal.co
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
I emailed this error to the person that does the support for email and Windows.
What I hoped would be a quick fix is anything but that.
I am waiting to hear from the Windows support person to see if he know how to resolve the error.
Thanks,
Dan
Thank you for you help. Sorry it took so long to get back to you.
It tried swaks on port 25 and attempted to run it on port 587.
Below are the results:
The port 25 test starts here:
alias vrfy='/usr/dhk/swaks-20170
vrfy smtp.emailarray.com
=== Trying smtp.emailarray.com:25...
=== Connected to smtp.emailarray.com.
<- 220 smtp2.emailarray.com ESMTP
-> EHLO localhost.localdomain
<- 250-smtp2.emailarray.com
<- 250-STARTTLS
<- 250-AUTH LOGIN CRAM-MD5 PLAIN
<- 250-AUTH=LOGIN CRAM-MD5 PLAIN
<- 250-PIPELINING
<- 250 8BITMIME
-> MAIL FROM:<root@localhost.local
<- 250 ok
-> RCPT TO:<smtp.emailarray.com>
<** 550 sorry, no mailbox here by that name
-> QUIT
<- 221 smtp2.emailarray.com
=== Connection closed with remote host.
The port 587 test starts here:
alias vrfy='/usr/dhk/swaks-20170
vrfy smtp.emailarray.com
To: mike@etched-metal.com
=== Trying mx1.emailsrvr.com:587...
*** Error connecting to mx1.emailsrvr.com:587:
*** IO::Socket::INET: connect: timeout
swaks looks similar to the smtp telnet test that I run that produced the following error:
rcpt to: accounting@etched-metal.co
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
I emailed this error to the person that does the support for email and Windows.
What I hoped would be a quick fix is anything but that.
I am waiting to hear from the Windows support person to see if he know how to resolve the error.
Thanks,
Dan
swaks -q rcpt -t is both incomplete (there's no to address) + will likely fail, because you have no from address. Almost every MTA will reject mail from an external site using a from address of root@localhost.localdomain
To have email delivered to most sites these days, you must send email from an IP with an SPF record for your domain, which says the IP is valid for sending email for your domain.
For example, if I send email from david@davidfavor.com then the IP I send/relay through must have an SPF record saying sending mail for the davidfavor.com domain is valid. This SPF record must be associated with the davidfavor.com domain, like this...
Which says the IP related to the host mailgun.davidfavor.com can send email for the davidfavor.com domain, then I relay my email from david@davidfavor.com through mailgun.davidfavor.com + I get 100% deliverability.
So when you use swaks, you must...
1) Send using a valid from address.
2) Relay your message through a service which is valid to send your email (via an SPF record).
I suggest you use MailGun, as you can send 10K messages/month with no charge + their debugging facilities are stellar.
Then setup an SMTP credential for your domain (in MailGun) + send messages using swaks like this...
I suggest you start by sending to a Gmail address, as Googles email deliverability requirements are stringent.
Once you can get Gmail to accept your email, likely you can send email to any domain.
Then move onto sending email to the accounting@etched-metal.co
To have email delivered to most sites these days, you must send email from an IP with an SPF record for your domain, which says the IP is valid for sending email for your domain.
For example, if I send email from david@davidfavor.com then the IP I send/relay through must have an SPF record saying sending mail for the davidfavor.com domain is valid. This SPF record must be associated with the davidfavor.com domain, like this...
dig +short mailgun.davidfavor.com txt
"v=spf1 include:mailgun.org ~all"
Which says the IP related to the host mailgun.davidfavor.com can send email for the davidfavor.com domain, then I relay my email from david@davidfavor.com through mailgun.davidfavor.com + I get 100% deliverability.
So when you use swaks, you must...
1) Send using a valid from address.
2) Relay your message through a service which is valid to send your email (via an SPF record).
I suggest you use MailGun, as you can send 10K messages/month with no charge + their debugging facilities are stellar.
Then setup an SMTP credential for your domain (in MailGun) + send messages using swaks like this...
swaks -s smtp.mailgun.org:587 -tls -auth -au postmaster@mailgun.davidfavor.com -ap your-key-here --from=valid-email --to=someone@gmail.com
I suggest you start by sending to a Gmail address, as Googles email deliverability requirements are stringent.
Once you can get Gmail to accept your email, likely you can send email to any domain.
Then move onto sending email to the accounting@etched-metal.co
BTW, I just sent an email to the above address + the email was delivered. Here's the MailGun record...
So it appears the only problem is your sending end, not the receiving end.
Also this message was delivered via port 25 to one of these MX records...
It's unclear to me why you're attempting involvement of port 587 at all.
Fix your sending end + all will be well.
If you get stumped, hire someone to setup your sending end for you.
Delivered: david@davidfavor.com → accounting@etched-metal.com 'test Sat, 11 Nov 2017 11:37:02 -0600' Server response: 250 OK
So it appears the only problem is your sending end, not the receiving end.
Also this message was delivered via port 25 to one of these MX records...
imac> dig +short etched-metal.com mx
10 mx1.emailsrvr.com.
20 mx2.emailsrvr.com.
It's unclear to me why you're attempting involvement of port 587 at all.
Fix your sending end + all will be well.
If you get stumped, hire someone to setup your sending end for you.
David,
Thank you for all of your input.
I am involving port 587 because that is what the their support person had to be used when using smtp.emailarray.com.
This is not worth the bother to send 1 email daily.
I'm going to try one other change to sendmail if that does not work they can setup a printer and have the summary printed.
This is what happens when you are the 4th person involved in an old installation from 2006 running an old OS and applications.
Like I said previously along the line that the original install of the OS did not setup a system name it was left as localhost.localdomain.
I thought this would be resolved by putting 587 here and smtp.emailarray.com there, rebuild sendmail and viola you are done.
I know sending email to etched-metal.com works, it has for years.
Thank you for all you tried to do.
Dan
Thank you for all of your input.
I am involving port 587 because that is what the their support person had to be used when using smtp.emailarray.com.
This is not worth the bother to send 1 email daily.
I'm going to try one other change to sendmail if that does not work they can setup a printer and have the summary printed.
This is what happens when you are the 4th person involved in an old installation from 2006 running an old OS and applications.
Like I said previously along the line that the original install of the OS did not setup a system name it was left as localhost.localdomain.
I thought this would be resolved by putting 587 here and smtp.emailarray.com there, rebuild sendmail and viola you are done.
I know sending email to etched-metal.com works, it has for years.
Thank you for all you tried to do.
Dan
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Are you attempting send email from this machine's MTA, through some other site like MailGun port 587?
Or...
Are you trying to have people submit email to your MTA via authenticated requests on port 587?