How to Configure Sendmail to Relay Exclusively Through ISP’s SMTP Smart Host


2 views

When you need to route all outgoing email through your ISP's SMTP server (smart host) while blocking direct delivery attempts, Sendmail requires specific configuration. This approach is particularly useful for residential or small business setups where ISPs block port 25 outbound.

First, locate your sendmail.mc file (typically in /etc/mail/). You'll need to modify and recompile it:

dnl Define smart host as ISP's mail server
define(SMART_HOST', smtp.yourisp.com')dnl
FEATURE(access_db')dnl
FEATURE(delay_checks')dnl

Most ISPs require SMTP authentication. Create or edit /etc/mail/authinfo:

AuthInfo:smtp.yourisp.com "U:your-username" "P:your-password" "M:LOGIN"

Then process the auth file:

makemap hash /etc/mail/authinfo.db < /etc/mail/authinfo
chmod 600 /etc/mail/authinfo.db

To enforce relay-only behavior, edit your access file:

Connect:localhost RELAY
Connect:localhost.localdomain RELAY
Connect:127.0.0.1 RELAY
Connect: *    REJECT

When relaying through a smart host, ensure your DNS records align:

v=spf1 include:yourisp.com ~all

After making changes, remember to:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restart
echo "Test email" | mail -s "SMTP Test" you@example.com

Check logs (/var/log/maillog) to verify the message routed through your ISP's server.

When configuring Sendmail to exclusively relay through your ISP's SMTP server (smart host), we need to implement two critical security measures:

  • Disable open relaying completely
  • Enforce all outgoing mail routing through the designated smart host

Edit your sendmail.mc file (typically located in /etc/mail/) with these key directives:

define(SMART_HOST', smtp.yourisp.com')dnl
define(RELAY_MAILER_ARGS', TCP $h 587')dnl
define(confAUTH_MECHANISMS', EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(no_default_msa')dnl
DAEMON_OPTIONS(Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Create or modify /etc/mail/access to include:

smtp.yourisp.com RELAY

Then generate the access.db file:

makemap hash /etc/mail/access.db < /etc/mail/access

After rebuilding your Sendmail configuration:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
service sendmail restart

Verify with this test command:

echo "Test" | mail -s "SMTP Relay Test" recipient@example.com
  • Check mail logs (/var/log/maillog) for delivery attempts
  • Verify port 587 (or your specified port) isn't blocked by firewall
  • Ensure proper DNS resolution of your ISP's SMTP hostname

For systems requiring user-specific credentials, configure /etc/mail/sasl2/sendmail.conf:

pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

Then add user credentials:

echo "password" | saslpasswd2 -p -c -u hostname username