From SRS
Jump to: navigation, search

This is a rewritten (and cleaned up) version of a post I made to comp.mail.sendmail some days ago

I'm assuming sendmail 8.10.x or above here (which is there in the latest releases of most linuxes). If you don't have it, you can download an updated package from your distro's site. or better still, download the tarball from and build it - it's easy).

One major difference in 8.10 and above is that all config files have moved to /etc/mail - the aliases file,, virtusertable, mailertable etc. For more information, click here to read all about sendmail 8.10 at sendmail.Net

If you are going to upgrade your sendmail, or install it from scratch, please RTFM at the sendmail website and the INSTALL and README notes in the sendmail tarball. sendmail 8.12 and above have two cf files - and You can normally leave untouched and drop this stuff below into

1. Stop sendmail if it's already running

        mjollnir# /etc/rc.d/init.d/sendmail stop
        mjollnir# killall -9 sendmail

2. Install the sendmail-cf-[your-version-number].rpm if you are using an RPM build of sendmail. If you are using a compiled version, you don't need to install anything else - it's all there :)

3. Edit this file below (most importantly, put your ISP's smtp, that is, outgoing mail, server in place of your.isps.smtp.server. Then replace the domain name you want sendmail to call itself as (say or - whatever your primary e-mail account is). Save this file below as /etc/mail/ and follow the instructions given in the .mc file's comments if you use (oh, before I forget, BACKUP FIRST) to generate /etc/mail/

Note: If you use the sendmail 8.11 RPM that comes with Redhat 7.x, there is something you have to look out for (more details later on in this howto). file for use on dialups

        dnl This is the macro config file used to generate
        dnl file. If you modify this file you will have to regenerate 
        dnl by running this macro config through the m4
        dnl preprocessor:
        dnl        m4 /etc/mail/ > /etc/mail/
        dnl You will need to have the sendmail-cf RPM installed for this
        dnl to work, if you use an rpm build of sendmail
        dnl include(`../m4/cf.m4')
        dnl If you compile sendmail from a tarball, use the include above.
        dnl In this setup, you should create the file as cf/cf/ 
        dnl (in the sendmail source tree: eg. /usr/src/sendmail-8.11.6/cf/cf
        dnl Now give the command "sh Build".  Now copy the file
        dnl as /etc/mail/ (please backup first!)
        dnl If you are using the RPM build of sendmail, use the 
        dnl include statement given below instead
        define(`SMART_HOST', `your.isps.smtp.server')
        define(`confTO_CONNECT', `1m')
        define(`confDELIVERY_MODE', `queued')
        dnl FEATURE(`relay_based_on_MX')

Notes on just what all the arcane stuff below means can be found in the file cf/README in the sendmail source tree (or in /usr/doc/sendmail if you install the sendmail-docs-[your-version-number].rpm

Note the quoting used - `' (the opening quote is a backtick and the closing quote is a single quote mark). Another thing you ought to remember is that the comment string in is "dnl" and not # or /* */.

4. Now we'll ask sendmail not to do DNS lookups when passing all mail to the smarthost for delivery. Create a file called /etc/mail/service.switch

        hosts   files
        aliases files

5. There's a FEATURE defined above called use_ct_file. This is a list of "trusted" users whom sendmail allows to change the envelope sender from, say, to, say, without any objections. Or else, sendmail will set the sender, but add an ugly looking header like

        X-Authentication-Warning: localhost.localdomain: suresh set 
        sender to using -f

So, after including the use_ct_file feature, create a file /etc/mail/trusted-users (sendmail.ct in 8.9.x and older) and put all the login names you use / want to trust on that machine (in case you have more than one) into that file, one login name per line. For example:


In 8.12.x sendmail, if you use pine or mutt to read your mail, calling the sendmail binary, you will still get the authwarning despite having included the use_ct_file feature into You might try putting that into as well and rebuild the same way as ... - but do not edit in any other way. Things have a nasty way of breaking if you do that :)

6. Restart sendmail

        mjollnir# /etc/rc.d/init.d/sendmail restart

Phew! Done. :)

More and more ISPs require you to use SMTP AUTH to authenticate yourself before sending mail through their servers. So, you can set up sendmail as an AUTH client so that it authenticates itself to the smarthost before relaying through it.

For this, you need sendmail compiled with cyrus sasl and openssl libraries - most distro packaged sendmails are compiled with these anyway. If you want to compile sendmail by hand, see Claus Assmann's documentation on SMTP AUTH with sendmail - I would recommend that you read it anyway for more about SMTP AUTH implementation on sendmail.

To check what your sendmail is compiled with -

mjollnir# /usr/sbin/sendmail -d0 -bt < /dev/null
Version 8.13.6

See the SASL and STARTTLS there?

Make sure your cyrus sasl is compiled with PLAIN and LOGIN support, if your ISP only offers AUTH PLAIN and LOGIN instead of other methods such as AUTH CRAM-MD5. If you are using an RPM (or other package) you might have to install a couple of additional packages which are plain / login plugins for sasl - for example, on redhat it would be cyrus-sasl-plain-[version].rpm and cyrus-sasl-login-[version].rpm. You can find out what authentication and other options (say TLS) your ISP offers by telneting to port 25 of their smtp server and issuing an EHLO command

For example -

   srs@quirk:~$ telnet 25
   ehlo Hello []
   250-SIZE 52428800
   250 HELP

Once you have seen that your ISP offers AUTH, all you need to do is to stick an Authinfo: tag into /etc/mail/access for 8.12.x sendmails (example below) and then makemap the access file into an access.db "U:user" "I:user" "P:passwd" "" "M:PLAIN"

Try this howto as well - Demand Dialing and Sendmail

Another approach to configuring sendmail on a dialup is described in this post to comp.mail.sendmail by Andrzej Filip. It requires sendmail 8.10.x or above with the dsmtp mailer.

If you want an even easier way out, download Donncha O'Caoimh's script from the website of the Cork LUG, Ireland and enjoy life :)

If your ISP (VSNL / Netkracker in India, and sometime back, Verizon (I think) stateside forces you to send out mail with your ISP address in the from / envelope from, use this workaround by Philip Tellis

Neal McBurnett writes in to say that not all that many ISPs block dialups, so instead of handing off mail to a smarthost, you can just use mailertables to route only mail for those domains that reject mail sent directly from dialups, through a smarthost while doing direct delivery for all other domains. I don't really agree - but still, here's the link - Well, when you are on a cablemodem line, you may not find your IP blocked by all that many ISPs, even if it is dynamic or semi static (tends to change every few months instead of every few hours)

Finally, if you have any problems with sendmail, do the following

  • Please do RTFM at
  • Try to plough through the cf/README and doc/op/ files first
  • Do a google groups search at for your question. Alternatively, do a Google web search.
  • Finally, ask on the comp.mail.sendmail newsgroup / post to your local LUG list / the Linux India Help mailing list.

We now have a sendmail system that queues mail sent to non local addresses for delivery through a smarthost (say your ISP's smtp server).

Note for users of Redhat 7's sendmail 8.11 RPM

Dr. Grahame Cooper writes:

You say that "One major difference in 8.10 and above is that all config files have moved to /etc/mail - the aliases file,, virtusertable, mailertable etc.". Unfortunately, the sendmail rpm that comes with Redhat 7.0 still puts alias and into the /etc directory, which can cause problems for people with this distribution who (like me) just copy and paste your sample file.

Thanks for the tip :)

So, if you run Redhat 7.x, make appropriate changes to the paths, and copy the generated into /etc. Or better, download and compile the official version. Note on turning off DNS lookups using service.switch

Please note that if you turn off DNS in the service.switch file, you have to use a smarthost for relaying outbound mails, by using the macro definition define(`SMART_HOST',`your.isps.smtp.server') as above.

This is because as DNS lookups are turned off at this stage, sendmail will deliver mail using gethostbyname() (directly to the hostname in the email address). The problem arises when the main host and the mailserver are not on the same IP / same machine.

For example, a domain might be on but its MX (or Mail eXchanger) server, which receives mail for the domain, might be, which happens to be at

If you turn off DNS lookups locally and try to send mail directly (without a smarthost), mail meant for will go directly to instead of, and so may not reach the intended account, or even bounce with a "Relaying Denied" error.