Routing sendmail through external SMTP relay

Overview

The latest version of SFTP Gateway is version 3.x, which can be found on the AWS, Azure and Google Cloud Marketplaces.

Visit our Website to see who uses SFTP Gateway and watch this short video to see what SFTP Gateway is all about!

 

The following are links to the documentation for each version of SFTP Gateway:

• Version 3 on AWS (latest)
• Version 3 on Azure (latest)
• Version 3 on Google Cloud (latest)
• Version 2 on AWS
• Version 2 on Azure

The remainder of the article pertains to Version 1 (Classic) on AWS.

---

SFTP Gateway emails private keys via sendmail. The AWS public IP range tends to be flagged by spam filters. One workaround is to proxy the email through a relay. Here is an example of how to do this with gmail.

1. Elevate to the root user:

   sudo su
   

2. Navigate to the mail directory:

   cd /etc/mail
   

3. Create a directory to hold authentication info (this directory must be read/write for root only):

   mkdir -m 700 authinfo
   

4. Create an authentication file in this directory that holds relay credentials:

   echo 'AuthInfo: "U: <user>" "I: <email_address>" "P: <password>"' > authinfo/auth
   

5. Create a hash of the auth file:

   makemap hash authinfo/auth < authinfo/auth
   

   This will create a hash file auth.db.

6. Edit the sendmail.mc file:

   vim sendmail.mc
   

   # uncomment the line "dnl # define(`SMART_HOST', `smtp.your.provider')dnl"
   26 define(`SMART_HOST', `smtp.gmail.com')dnl
   
   # add these lines below smart host
   27 define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
   28 define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
   29 FEATURE(`authinfo', `hash -o /etc/mail/authinfo/authinfo.db')dnl
   
   # uncomment lines 44, 52, and 53
   44 define(`confAUTH_OPTIONS', `A p')dnl
   52 TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
   53 define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
   

7. Install sendmail-cf

   yum install -y sendmail-cf
   

8. Rebuild the sendmail configuration:

   make -C /etc/mail
   

9. Reload the sendmail service:

   /etc/init.d/sendmail reload
   

Now emails sent by SFTP Gateway will be relayed through the external SMTP server. They will appear to come from the email address specified in the "I:" section of the auth info.