2
votes

I would like to send emails through an External SMTP Service (Yandex) with Sendmail on Ubuntu 18.04.3. I use Digital Ocean.

I set everything up: External SMTP Service, Sendmail, hostname. I added the MX record to my DNS.

~hostname
childrengo.org (my domain)

~host childrengo.org
childrengo.org has address <IP>
childrengo.org mail is handled by 10 mx.yandex.net.

I made a file with my login and password - /etc/mail/authinfo/yandex-auth :

AuthInfo:smtp.yandex.ru "U:<My login>" "I:<email>" "P:<password>" "M:<login>"
AuthInfo:smtp.yandex.ru:587 "U:<My login>" "I:<email>" "P:<password>" "M:<login>"

And than:

makemap hash /etc/mail/authinfo/yandex-auth < /etc/mail/authinfo/yandex-auth

I set up Sendmail to send emails through an External SMTP Service (Yandex).

But I have got an error in my syslog:

: STARTTLS=client, relay=smtp.yandex.ru., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
: 05BInLgB007204: AUTH=client, available mechanisms do not fulfill requirements
: AUTH=client, relay=smtp.yandex.ru., temporary failure, connection abort
: 05BInLgB007204: to=<EMAIL>, ctladdr=<[email protected]> (0/0), delay=00:11:24, xdelay=00:00:00, mailer=relay, pri=300379, relay=smtp.yandex.ru. [<IP>], dsn=4.0.0, stat=Deferred: Temporary AUTH failure

I checked this https://www.digitalocean.com/community/tutorials/how-to-send-email-through-an-external-smtp-service-with-sendmail-on-freebsd-10-1 and this https://www.digitalocean.com/community/questions/ubuntu-14-04-lamp-installed-sendmail-fatal-error-when-i-sent-first-message It did not help.

  • I installed cyrus-sasl*
  • I have the TXT records for DMARC1, spf1 and DKIM for my domain.
  • I have tried different users to send email. And I checked the password. I also checked the user exists.

I also don't see these errors in my mail.log and in mail.err

Do you have any idea how to fix it? Or may be how to debug it?

2

2 Answers

1
votes

I installed SASL again:

sudo apt-get install sasl2-bin
service saslauthd restart
service sendmail restart

After that I had a problem with authorisation. It failed even if I was sure the login and password combination is right.

In the end I find out a tricky thing. There is an application password which you can user to let some application to login to your mail from the yandex mail provider. But if you create a mail for your domain on yandex it cannot login through smtp with a password nor with an application password. It does not know which combination is ok and just return an error. So I removed an application password and everything works fine now. I hope this small trick also would useful for somebody.

0
votes

may be you need to change droplet name to domain name.