Sendmail

From SRS
Revision as of 05:40, 11 December 2009 by Hserus (talk | contribs) (Created page with 'This is a rewritten (and cleaned up) version of a post I made to comp.mail.sendmail some days ago I'm assuming sendmail 8.10.x or above here (which is there in the latest relea…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is a rewritten (and cleaned up) version of a post I made to comp.mail.sendmail some days ago

I'm assuming sendmail 8.10.x or above here (which is there in the latest releases of most linuxes). If you don't have it, you can download an updated package from your distro's site. or better still, download the tarball from ftp.sendmail.org and build it - it's easy).

One major difference in 8.10 and above is that all config files have moved to /etc/mail - the aliases file, sendmail.cf, virtusertable, mailertable etc. For more information, click here to read all about sendmail 8.10 at sendmail.Net

If you are going to upgrade your sendmail, or install it from scratch, please RTFM at http://www.sendmail.org and the INSTALL and README notes in the sendmail tarball. sendmail 8.12 and above have two cf files - sendmail.cf and submit.cf. You can normally leave submit.cf untouched and drop this stuff below into sendmail.cf.

1. Stop sendmail if it's already running

        mjollnir# /etc/rc.d/init.d/sendmail stop
        or:
        mjollnir# killall -9 sendmail

2. Install the sendmail-cf-[your-version-number].rpm if you are using an RPM build of sendmail. If you are using a compiled version, you don't need to install anything else - it's all there :)

3. Edit this file below (most importantly, put your ISP's smtp, that is, outgoing mail, server in place of your.isps.smtp.server. Then replace the domain name you want sendmail to call itself as (say vsnl.com or yahoo.com - whatever your primary e-mail account is). Save this file below as /etc/mail/sendmail.mc and follow the instructions given in the .mc file's comments if you use (oh, before I forget, BACKUP FIRST) to generate /etc/mail/sendmail.cf.

Note: If you use the sendmail 8.11 RPM that comes with Redhat 7.x, there is something you have to look out for (more details later on in this howto).

sendmail.mc file for use on dialups

        divert(-1)
        dnl This is the macro config file used to generate sendmail.cf
        dnl file. If you modify this file you will have to regenerate 
        dnl sendmail.cf by running this macro config through the m4
        dnl preprocessor:
        dnl
        dnl        m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
        dnl
        dnl You will need to have the sendmail-cf RPM installed for this
        dnl to work, if you use an rpm build of sendmail
        dnl
        dnl include(`../m4/cf.m4')
        dnl
        dnl If you compile sendmail from a tarball, use the include above.
        dnl In this setup, you should create the file as cf/cf/config.mc 
        dnl (in the sendmail source tree: eg. /usr/src/sendmail-8.11.6/cf/cf
        dnl Now give the command "sh Build config.cf".  Now copy the file
        dnl config.cf as /etc/mail/sendmail.cf (please backup first!)
        dnl
        dnl If you are using the RPM build of sendmail, use the 
        dnl include statement given below instead
        dnl
        include(`/usr/lib/sendmail-cf/m4/cf.m4')
        define(`confDEF_USER_ID',``8:12)
        OSTYPE(`linux')
        define(`confCF_VERSION',`dialup-1.3')
        define(`SMART_HOST', `your.isps.smtp.server')
        define(`confTO_CONNECT', `1m')
        define(`confTO_IDENT',0)
        define(`confDONT_PROBE_INTERFACES',true)
        define(`confCON_EXPENSIVE',true)
        define(`confDELIVERY_MODE', `queued')
        define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
        define(`ALIAS_FILE',`/etc/mail/aliases')
        MASQUERADE_AS(`example.com')
        FEATURE(`masquerade_envelope')
        FEATURE(always_add_domain)
        FEATURE(use_cw_file)
        FEATURE(`use_ct_file')
        FEATURE(local_procmail)
        FEATURE(`access_db')
        FEATURE(`blacklist_recipients')
        FEATURE(`accept_unresolvable_domains')
        FEATURE(`accept_unqualified_senders')
        dnl FEATURE(`relay_based_on_MX')
        MAILER(smtp)
        MAILER(procmail)

Notes on just what all the arcane stuff below means can be found in the file cf/README in the sendmail source tree (or in /usr/doc/sendmail if you install the sendmail-docs-[your-version-number].rpm

Note the quoting used - `' (the opening quote is a backtick and the closing quote is a single quote mark). Another thing you ought to remember is that the comment string in sendmail.mc is "dnl" and not # or /* */.

4. Now we'll ask sendmail not to do DNS lookups when passing all mail to the smarthost for delivery. Create a file called /etc/mail/service.switch

        hosts   files
        aliases files

5. There's a FEATURE defined above called use_ct_file. This is a list of "trusted" users whom sendmail allows to change the envelope sender from, say, login-name@your-domain.com to cute_cat@example.com, say, without any objections. Or else, sendmail will set the sender, but add an ugly looking header like

        X-Authentication-Warning: localhost.localdomain: suresh set 
        sender to suresh@example.com using -f

So, after including the use_ct_file feature, create a file /etc/mail/trusted-users (sendmail.ct in 8.9.x and older) and put all the login names you use / want to trust on that machine (in case you have more than one) into that file, one login name per line. For example:

        suresh
        hserus

In 8.12.x sendmail, if you use pine or mutt to read your mail, calling the sendmail binary, you will still get the authwarning despite having included the use_ct_file feature into sendmail.mc. You might try putting that into submit.mc as well and rebuild submit.cf the same way as sendmail.cf ... - but do not edit submit.mc in any other way. Things have a nasty way of breaking if you do that :)

6. Restart sendmail

        mjollnir# /etc/rc.d/init.d/sendmail restart

Phew! Done. :)

More and more ISPs require you to use SMTP AUTH to authenticate yourself before sending mail through their servers. So, you can set up sendmail as an AUTH client so that it authenticates itself to the smarthost before relaying through it.

For this, you need sendmail compiled with cyrus sasl and openssl libraries - most distro packaged sendmails are compiled with these anyway. If you want to compile sendmail by hand, see Claus Assmann's documentation on SMTP AUTH with sendmail - I would recommend that you read it anyway for more about SMTP AUTH implementation on sendmail.

To check what your sendmail is compiled with -

mjollnir# /usr/sbin/sendmail -d0 -bt < /dev/null
Version 8.13.6
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
               NAMED_BIND NDBM NETINET NETINET6 NETUNIX NEWDB NIS NISPLUS
               PIPELINING SASL SCANF STARTTLS USERDB XDEBUG

See the SASL and STARTTLS there?

Make sure your cyrus sasl is compiled with PLAIN and LOGIN support, if your ISP only offers AUTH PLAIN and LOGIN instead of other methods such as AUTH CRAM-MD5. If you are using an RPM (or other package) you might have to install a couple of additional packages which are plain / login plugins for sasl - for example, on redhat it would be cyrus-sasl-plain-[version].rpm and cyrus-sasl-login-[version].rpm. You can find out what authentication and other options (say TLS) your ISP offers by telneting to port 25 of their smtp server and issuing an EHLO command

For example -

   srs@quirk:~$ telnet frodo.hserus.net 25
   220 frodo.hserus.net ESMTP NO UCE
   ehlo quirk.hserus.net
   250-frodo.hserus.net Hello quirk.hserus.net [61.11.81.143]
   250-SIZE 52428800
   250-PIPELINING
   250-AUTH PLAIN LOGIN
   250-STARTTLS
   250 HELP

Once you have seen that your ISP offers AUTH, all you need to do is to stick an Authinfo: tag into /etc/mail/access for 8.12.x sendmails (example below) and then makemap the access file into an access.db

   AuthInfo:smtp.server.com "U:user" "I:user" "P:passwd" "R:smtp.server.com" "M:PLAIN"

Try this howto as well - Demand Dialing and Sendmail

Another approach to configuring sendmail on a dialup is described in this post to comp.mail.sendmail by Andrzej Filip. It requires sendmail 8.10.x or above with the dsmtp mailer.

If you want an even easier way out, download Donncha O'Caoimh's script from the website of the Cork LUG, Ireland and enjoy life :)

If your ISP (VSNL / Netkracker in India, and sometime back, Verizon (I think) stateside forces you to send out mail with your ISP address in the from / envelope from, use this workaround by Philip Tellis

Neal McBurnett writes in to say that not all that many ISPs block dialups, so instead of handing off mail to a smarthost, you can just use mailertables to route only mail for those domains that reject mail sent directly from dialups, through a smarthost while doing direct delivery for all other domains. I don't really agree - but still, here's the link - http://bcn.boulder.co.us/~neal/cablemail.html. Well, when you are on a cablemodem line, you may not find your IP blocked by all that many ISPs, even if it is dynamic or semi static (tends to change every few months instead of every few hours)

Finally, if you have any problems with sendmail, do the following

  • Please do RTFM at http://www.sendmail.org/faq/
  • Try to plough through the cf/README and doc/op/op.ps files first
  • Do a google groups search at http://groups.google.com/ for your question. Alternatively, do a Google web search.
  • Finally, ask on the comp.mail.sendmail newsgroup / post to your local LUG list / the Linux India Help mailing list.

We now have a sendmail system that queues mail sent to non local addresses for delivery through a smarthost (say your ISP's smtp server).

Note for users of Redhat 7's sendmail 8.11 RPM

Dr. Grahame Cooper writes:

You say that "One major difference in 8.10 and above is that all config files have moved to /etc/mail - the aliases file, sendmail.cf, virtusertable, mailertable etc.". Unfortunately, the sendmail rpm that comes with Redhat 7.0 still puts alias and sendmail.cf into the /etc directory, which can cause problems for people with this distribution who (like me) just copy and paste your sample sendmail.mc file.

Thanks for the tip :)

So, if you run Redhat 7.x, make appropriate changes to the paths, and copy the generated sendmail.cf into /etc. Or better, download and compile the official sendmail.org version. Note on turning off DNS lookups using service.switch

Please note that if you turn off DNS in the service.switch file, you have to use a smarthost for relaying outbound mails, by using the macro definition define(`SMART_HOST',`your.isps.smtp.server') as above.

This is because as DNS lookups are turned off at this stage, sendmail will deliver mail using gethostbyname() (directly to the hostname in the email address). The problem arises when the main host and the mailserver are not on the same IP / same machine.

For example, a domain example.com might be on 10.0.3.100 but its MX (or Mail eXchanger) server, which receives mail for the domain example.com, might be mail.example.com, which happens to be at 10.0.3.20

If you turn off DNS lookups locally and try to send mail directly (without a smarthost), mail meant for example.com will go directly to example.com instead of mail.example.com, and so may not reach the intended account, or even bounce with a "Relaying Denied" error.