######################################################## # Searchable keywords: sendmail smtp mail imap Configuring sendmail as a server will vary slightly from OS to OS. Location ofthe files may be different use of macro files a little different...etc. I will reference between any that I know of in this short config tutorial. NOTE: This configuration is for an INTERNAL mailserver that can send mail to the outside world. Platform: Intel Linux OS: Red Hat 6.2(with references to Sun Solaris) Application: sendmail RPM packages: [root]# rpm -q sendmail sendmail-8.9.3-20 [root]# rpm -q sendmail-cf sendmail-cf-8.9.3-20 Files: /etc/sendmail.mc /etc/sendmail.cf /etc/sendmail.cw /etc/mail/access /etc/mail/virtusertable /etc/mail/aliases(with a symlink to /etc/aliases) /etc/sysconfig/sendmail /usr/bin/m4 /var/log/maillog Packages: The above packages are required for created a sendmail server and compiling the sendmail.cf file and perhaps other files. Yes, these are old, but the same principles can still be applied as sendmail evolves. Configuring: We will start with the sendmail.cf file. m4 has made this much easier than in the past when you had to edit the sendmail.cf file out right. The less editing of the sendmail.cf you can get away with the better. sendmail.mc To create a sendmail.cf file in this environment you need to be in /etc/mail(my own best practices for linux. solaris is /usr/lib/mail/cf) you should see a group of files in this directory. # ls /etc/mail Makefile access.orig local-host-names relay-domains virtusertable.db access domaintable mailertable sendmail.cf access.db domaintable.db mailertable.db virtusertable The sendmail.cf file here is an empty file at present. Next we need to make the apropreiate changes to our macro file.....our what ? Our macro file. Now in this case that file resides in /etc. Lets look at how I have hacked this file to shreds trying to get this configured. # cat /etc/sendmail.mc divert(-1) dnl This is the macro config file used to generate the /etc/sendmail.cf dnl file. If you modify thei file you will have to regenerate the dnl /etc/sendmail.cf by running this macro config through the m4 dnl preprocessor: dnl dnl m4 /etc/sendmail.mc > /etc/sendmail.cf dnl dnl You will need to have the sendmail-cf package installed for this to dnl work. include(`/usr/lib/sendmail-cf/m4/cf.m4') define(`confDEF_USER_ID',``8:12'') OSTYPE(`linux') undefine(`UUCP_RELAY') undefine(`BITNET_RELAY') define(`confAUTO_REBUILD') define(`confTO_CONNECT', `1m') define(`confTRY_NULL_MX_LIST',true) define(`confDONT_PROBE_INTERFACES',true) define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail') dnl --- smtp servers do NOT need or rewuire a smart host dnl define(`SMART_HOST',`mail.my-site.com') dnl FEATURE(`smrsh',`/usr/sbin/smrsh') FEATURE(`mailertable',`hash -o /etc/mail/mailertable') dnl -- note: virtusetable allows sending from a user here to a user@other.com FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') FEATURE(redirect) FEATURE(always_add_domain) dnl ! ! This one caught me we will be looking at the sendmail.cw file ! ! FEATURE(use_cw_file) FEATURE(local_procmail) MAILER(procmail) MAILER(smtp) FEATURE(`access_db') FEATURE(`blacklist_recipients') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not hav 24x7 DNS do need this. dnl ------------ custom ------------------ dnl commented out so all mail clients HAVE to be in DNS - SPAM prevention dnl FEATURE(`accept_unresolvable_domains') dnl ------------------------------------- dnl FEATURE(`relay_based_on_MX') dnl ------------ custom ------------------ dnl This used to masquerade the host name from an Email address. dnl aka myname@hostname.mydomain.com becomnes myname@mydomain.com dnl MASQUERADE_AS(`mydomain.com')dnl MASQUERADE_DOMAIN(`.mydomain.com')dnl EXPOSED_USER(`root')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl dnl ------------ custom ------------------ dnl In case I had multiple NICs I could just listen on a specific one. dnl DAEMON_OPTIONS(`Port=esmtp,Addr=192.168.100.12, Name=MTA') dnl --------- END SENDMAIL.MC --------------------- # NOTES: - This config will mask our host name from which we send mail( at the command line or through cron or in a script using mail or mailx ) Note the comments in the file for explanations - Note how you insert a comment. Not with a # or ; but with "dnl" - This sendmail.mc indicates we will be using a sendmail.cw file. More later. - Also the virtusertable sendmail.cf Now lets create the sendmail.cf using m4 and the newly edited sendmail.mc file /etc/mail # /usr/bin/m4 /etc/sendmail.mc >sendmail.cf voi la; sendmail.cf created and ready for duty. If you look in /etc/mail the sendmail.cf file is no longer an empty file. This becomes the golden copy but you still need to copy the new sendmail.cf up one directory to /etc ( in solaris you would create it in /usr/lib/mail/cf and copy it to /etc/mail ) /etc/mail # cat /etc/mail/sendmail.cf >/etc/sendmail.cf sendmail.cw This file tells sendmail from what domain you will recieve mail from. The /etc/mail/sendmail.cw file for what domains to allow the receiving of email for. This option is old and has been replaced with the /etc/mail/ lost-host-names file. This particular environment requires it bu I denote the local-host-names file also. /etc # cat sendmail.cw # sendmail.cw - include all aliases for your machine here. mydomain.com mailserver.mydomain.com 192.168.100.12 NOTE: now we will be able to accept mail from hosts in our domain or from any of the hosts or other domains that send us mail that are included in our sendmail.cw file. /etc/mail/access The access file is a flat file that creates a Berkley DB for use with sendmail. This is also a spam prevention step. This way only the hosts and domains that we specify will be able to relay from us. /etc/mail/ # cat access # Check the /usr/doc/sendmail-8.9.3/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/doc/sendmail-8.9.3/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY 192.168.100 RELAY mydomain.com RELAY mailserver.mydomain.com RELAY myisp.com RELAY #----------- END file --------------------# To create the access.db file. /etc/mail # make whaen the cursor comes back your done. virtusertable This also is a flat file that will create a Berkley DB for use with sendmail. The virtusertable allows to map a user or domain mail to a specific user or sendmail alias in the /etc/aliases file. ie you want all mail sent from any host to me@mydomain.com to me@myisp.com. You could map me@mydomain.com to to me@myisp.com or you want all mail desdin for webmaster@mydomain to go to user eric. webmaster@mydomain eric or you want ALL the mail desdin for a domain to be sent to a single user. @mydomain.com eric or you want mail desdin for a particular group sent to a /etc/aliasesed group or particular user. /etc/mail/ # cat virtusertable user1@mydomain.com user1@myisp.com webmaster@mydomain.com eric @mydomain.com eric manufacturing@mydomain.com manufacto user2@mydomain.com user2 #--------------- END file -------------------# To create the Berkley db for the virusertable. /etc/mail/ # make whaen the cursor comes back your done. /etc/aliases file /etc/aliases is used to direct mail from a user at that mail server to another mail server or to a group of Email address. ALot of the /etc/aliases file is what to do with root mail or mail produced by daemons. The ones we are concerned with here are the "Local" entries at the bottom of the file. The order in which the virtusetable and the alias files are consulted are........ virtusertable, then aliases /etc/ # cat aliases # # @(#)aliases 8.2 (Berkeley) 3/5/94 # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. MAILER-DAEMON: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root games: root ingres: root nobody: root system: root toor: root uucp: root # Well-known aliases. manager: root dumper: root operator: root # trap decode to catch security attacks decode: root # Person who should get root's mail #root: marc ##################################### # # Local aliases # root: sysadmin@mailserver # user2: user2@yahoo.com manufacto: user1,user2,user5 # ########## END file ################# To make the /etc/aliases file ready for use. You have to issue a "newaliases" command after editing it. /etc/ # newaliases newaliases /etc/aliases: 16 aliases, longest 15 bytes, 190 bytes total There you have it. Your new /etc/aliases file is ready for use /etc/sysconfig/sendmail This is where we tell sendmail how to run(in solaris it's /etc/rc2.d/SXsendmail look for the "MODE" line. MODE="bd" indicates sendmail willl startup as a daemon This is not neccessary for a workstation or client machine. For a client machine MODE="" will be just fine. ALso look at the QUERUEINTERVAL. You can set this to what ever you feel is neccessary or let the default remain). /etc/sysconfig # cat sendmail # DAEMON=no DAEMON=yes QUEUE=15m #------- END file ------------# NOTE: DAEMON=yes allows sendmail to listen on port 25 for in coming mail QUEUE=15m means it will queue mail for 15 minutes before it shovels it out. listening on port 25 is the key to running a mail server. This is a standard port that is used for most all MTAs(Mail TRansport Agent) Starting sendmail To start sendmail in this environment we will run the /etc/rc.d/init.d script. / # cd /etc/rc.d/init.d /etc/rc.d/init.d/ # ./sendmail start sendmail: [ok] /etc/rc.d/init.d/ # ps ax |grep sendmail 13600 ? S 0:00 sendmail: accepting connections on port 25 -------------------------- Testing sendmail -------------------------- To test if mail is functional. Telnet to the host at port 25 / # telnet mailserver.mydomain.com 25 Trying mailserver.mydomain.com... Connected to mailserver.mydomain.com. Escape character is '^]'. 220 mailserver.mydomain.com ESMTP server ready This would mena at least it's listening on port 25 Logs Also, check the /var/log/maillog(in Solaris it's /var/adm/messages or syslog) any error messages once you send a test messages to your aliasesed group or your virtuser. masquerqding You can actually use sendmail itself to test the masquerading /# sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter
> /tryflags ES > /try esmtp user1@mydomain.com Trying envelope sender address user1@mydomain.com for mailer esmtp rewrite: ruleset 3 input: user1 @ mydomain . com rewrite: ruleset 96 input: user1 < @ mydomain . com > rewrite: ruleset 96 returns: user1 < @ mydomain . com . > rewrite: ruleset 3 returns: user1 < @ mydomain . com . > rewrite: ruleset 1 input: user1 < @ mydomain . com . > rewrite: ruleset 1 returns: user1 < @ mydomain . com . > rewrite: ruleset 11 input: user1 < @ mydomain . com . > rewrite: ruleset 51 input: user1 < @ mydomain . com . > rewrite: ruleset 51 returns: user1 < @ mydomain . com . > rewrite: ruleset 61 input: user1 < @ mydomain . com . > rewrite: ruleset 61 returns: user1 < @ mydomain . com . > rewrite: ruleset 94 input: user1 < @ mydomain . com . > rewrite: ruleset 93 input: user1 < @ mydomain . com . > rewrite: ruleset 93 returns: user1 < @ mydomain . com . > rewrite: ruleset 94 returns: user1 < @ mydomain . com . > rewrite: ruleset 11 returns: user1 < @ mydomain . com . > rewrite: ruleset 4 input: user1 < @ mydomain . com . > rewrite: ruleset 4 returns: user1 @ mydomain . com Rcode = 0, addr = user1@mydomain.com > /canon mailserver getcanonname(mailserver) returns mailserver.mydomain.com > ------------------- Connecting to your new mail server ------------- Weelllllllll, your all happy because you can send mail from the command line. Cron, can now send mail out through your new mail server and any scripts you have send mail out.....properly! Oh yeah, what if you want to connect to your mail server and actually read the mail that any of the users have recieved. Pine will work if log on to the mailserver. Or you could just use the mail or mailx application after logging in to the mail server. But what if you DON"T want to log directly into the mail server? What if you wanted to use a imap client? or pop ? You will need some sort of cleint /server application to present the mail to a remote client. Several exist, cyrus, dovcot, courier, binc. I simply loaded the imap rpms from the Red Het 6.2 disk. ---------------------------- imap server ------------------------------ Install imap software [root]# rpm -i imap-devel-4.7-5 [root]# rpm -i imap-4.7-5 [root]# rpm -qa |grep imap imap-devel-4.7-5 imap-4.7-5 NOTE: These rpms' also supports popd Connection are made out of inetd [root]# more /etc/inetd.conf |grep imap # Pop and imap mail services et al imap stream tcp nowait root /usr/sbin/tcpd imapd NOTE: The imap daemon is wrapped in tcpd. Discussed later. Start the imap daemon [root]# which imapd /usr/sbin/imapd NOTE: With this UW imap there really isn't any trick to starting it. Basically. /usr/sbin/imapd. You can stick this in a start up script and start it up out of one of those /etc/rc.d/rcX.d/ Configuring Tcpwrappers [root]# more /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # ALL: LOCAL .mydomain.com imapd: 192.168.100. NOTE: This configuration allows the use of imapd from any host inside the net block 192.168.100.255 Check tcpd config [root]# tcpdchk -v Using network configuration file: /etc/inetd.conf >>> Rule /etc/hosts.allow line 7: daemons: imapd clients: 192.168.100. access: granted ---------------------------- imap client ------------------------- CLient config to connect to server: Incoming mail mailserver port 143(or secure imap -simap- port 993) Outgoing mail: mailserver port 25 See also Solaris_notes/sendmail_masquerade and Sparc_linux_notes/sendmail