Configuring Linux Mail Servers

• Objectives
– This chapter will show you how to install and use Mailservers
• Contents
– An Overview Of How Sendmail Works
– Sendmail configruation files
– Relaying
– Sendmail Masquerading
– Using Sendmail to Change the Sender's Email Address

• Practical
– Setting up mailserver
Introduction
• MTA Mail transport agents
– transfer mail with SMTP protocol to other MTA based on DNS MX record
Popular agents: Sendmail Exim Postfix
• MUA Mail user agents
– Accesses users mailboxes for reading and writing
Popular agents: Fetchmail (POP & IMP) IMAP Qpopper
Courier IMAPD (POP & IMP) –server Cyrus IMAPD (POP & IMP) –server
• Mailbox processing
– Various mechanismes to process users mail when arrived to mailboxes
Procmail Spamassasin Vacation Amavisd
• SMTP trusts the user
– Everyone who have is allowed to login a computer is trusted for e-mail sending
• SMTP needs DNS
– MX entry for domains is needed if not only local mail
• Sendmail lives in smrsh chroot-jail
How sendmail works, incoming mail
• How Sendmail Works
– As stated before, sendmail can handle both incoming and outgoing mail for
your domain. Take a closer look
• Incoming Mail
– Sendmail processes it and deposits it in the mailbox file of the user's Linux
account (var/spool/mail)
– Mail isn't actually sent directly to the user's PC
– Users retrieve their mail from the mail server using client software that supports
imap and pop
– Linux users logged into the mail server can read their mail directly using a text-
based client, such as mail, or a GUI client
• Sendmail belong to what we call MTA
– MTA is responcible to encapsulate the message with header and trailer.
– MTA need DNS MX record to recognize mailserver that serves recieving domain.
– Header contain destination e-mail and source e-mail
– Header contain also the path email traverses throughout the network
– Trailer contain error correction code
How sendmail works, outgoing mail
• Outgoing Mail
– PC and Linux workstation users configure their e-mail software to make the mail
server their outbound SMTP mail server, e.g the user MTA.
• Local mail
If sendmail consider email local and places it directly in the destination users
mailbox (var/spool/mail) (it can be any nfs store to or database)
– If destination is localdomain (my-site.com).
– Virtual hosted domain in same server.
– If destination is localuser or virtualuser at same host.
• Mail to another domain
If sendmail consider the email to have destination outside localdomain it schedule
the mail for delivery within 15 minutes and temporary places it in
(/var/spool/mqueue)
– Sendmail uses DNS to get the MX record for the other domain
– Attempts to relay the mail using SMTP
– Relaying only for trustful domains that sendmail serves must be allowed
– Localhost/Localdomain must be allowed to relay.
How sendmail works, mail processing
• Sendmail main configuration /etc/sendmail.cf
– Using a series of highly complicated regular expressions
– The mail header contain mail routing information, sendmail inspects this header and
then acts accordingly.
– Sendmail configuration is highly configurable
• Simplified configuration /etc/sendmail.mc or /etc/mail/linux.mc
– Contains more understandable instructions for systems administrators to use
– Interpreted by a number of macro routines to create the sendmail.cf file
– You must always run the macros and restart sendmail for the changes to take effect
• Available macros sit in /usr/share/sendmail
• Sendmail files is in /etc/mail
– SuSE and RedHat also uses /etc/sysconfig/mail
– SuSE and RedHat also uses /etc/sysconfig/sendmail
• Mail is parsed with sendmail.cf
– Header parsing
– Header processing & shaping
– Header rewrite engine rules
– Calls to external processors like anti (spam and virus) appz
• Sendmail logfiles /var/log/mail* and /var/log/messages
How sendmail works, sendmail macros
• Macrofiles
– Macros is found in /usr/share/sendmail/
– There are several macrofiles, they have lastname .mc or .m4
• Macrofiles have keywords to call submacros/dirictives
– They can begin with DOMAIN, FEATURE, or OSTYPE and DNL
– Keywords is usally followed by a keyword
• Macro example with keyword and hashfile command
FEATURE(`virtusertable',`hash
FEATURE(`virtusertable',`hash-o
-o/etc/mail/virtusertable.db')dnl
/etc/mail/virtusertable.db')dnl
– the macro name is /usr/share/sendmail/feature/virtusertable.m4,
– the instruction `\ hash -o /etc/mail/virtusertable.db' is being passed to it.
– hash makes simple database format db
– hash –o means output generated database to the db file taht follows
• Example with only macro FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_envelope')dnl
• Use the m4 command to generate /etc/sendmail.cf
##m4
m4/etc/mail/linux.mc
/etc/mail/linux.mc>>/etc/sendmail.cf
/etc/sendmail.cf
Getting SENDMAIL from rpm
• Sendmail you can get as
– Open Source http://www.sendmail.org
– Commersial http://www.sendmail.com
• Installing Sendmail from RPM (SuSE)
– You will need to make sure that the sendmail, and m4 software RPMs are installed.
– You will need to remove/uninstall othermailers like exim and postfix before installing

## rpm
rpm –ivh
–ivh sendmail-8.13.3-5.i386.rpm
sendmail-8.13.3-5.i386.rpm (The
(The client/server)
client/server)
## rpm
rpm –ivh
–ivh sendmail-devel-8.13.3-5.i386.rpm
sendmail-devel-8.13.3-5.i386.rpm (Optional)
(Optional)
## rpm
rpm –ivh
–ivh sendmail-debug-8.13.3-5.i386.rpm
sendmail-debug-8.13.3-5.i386.rpm (Optional)
(Optional)
## rpm
rpm –ivh
–ivh m4-1.4.2-4.i586.rpm
m4-1.4.2-4.i586.rpm (macrocompilator)
(macrocompilator)
## rpm
rpm –ivh
–ivh db-devel-4.3.27-3.1.i586.rpm
db-devel-4.3.27-3.1.i586.rpm (Needed
(Needed if
if compile)
compile)
• Starting/Stopping Sendmail
– You can use the chkconfig or insserv command to get Sendmail configured to start at boot:

## insserv
insserv sendmail
sendmail
– To start/stop/restart sendmail after booting

## rcsendmail
rcsendmail start
start
## rcsendmail
rcsendmail stop
stop
## rcsendmail
rcsendmail restart
restart
– You need to restart sendmail after changing sendmail.cf and reload sendmail if the other files has been
manipulated
SENDMAIL from sources
• Get sendmail tar-ball, here 8.13.5
## cd
cd /usr/local/src
/usr/local/src
wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.5.tar.gz
## wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.5.tar.gz

• Unpack the tar-ball and add one group that sendmail needs
## tar xvfz sendmail.8.13.5.tar.gz
tar xvfz sendmail.8.13.5.tar.gz ##groupadd
groupaddsmmsp
smmsp
cd sendmail.8.13.5
## cd sendmail.8.13.5

• Read the tar-ball INSTALL and README files

– If you need extras like TLS or other you might need compile options
– Sendmail is very advanced and flexible
• The default build of should do in most cases
## cd
cd sendmail
sendmail ;; sh
sh ./Build
./Build
• Copy current sendmail.mc or linux.mc to sendmail.mc in the cf-cf
directory and make a new with all the new and updated macros.
– You can also copy generic-linux.mc if you do not have any sendmail.mc
## cd
cd cf/cf
cf/cf ;; cp
cp /etc/mail/linux.mc
/etc/mail/linux.mc sendmail.mc
sendmail.mc
## sh
sh ./Build
./Build sendmail.cf
sendmail.cf
SENDMAIL from sources, continued
• Backup old sendmail configuration and binaries
## tar
tar cvfz
cvfz /root/sm-config.tar.gz
/root/sm-config.tar.gz /etc/mail
/etc/mail /etc/sendmail*
/etc/sendmail*
## tar
tar cvfz /root/sm-bin.tar.gz /usr/sbin/sendmail /usr/lib/sendmail
cvfz /root/sm-bin.tar.gz /usr/sbin/sendmail /usr/lib/sendmail
• Install the new configuration
## sh
sh ./Build
./Build install-cf
install-cf
• Create a new user for sendmail called smmsp and make softlink for manuals
## useradd
useradd -m
-m –g
–g smmsp
smmsp -G
-G mail
mail smmsp;
smmsp; ln
ln –s
–s /usr/share/man
/usr/share/man /usr/man
/usr/man
• Install the new sendmail binaries and change owner on clientmqueue
## cd
cd ../../sendmail
../../sendmail ## chown
chown smmsp:smmsp
smmsp:smmsp /var/spool/
/var/spool/ \\
## sh
sh ./Build install
./Build install ;; cd
cd ..
.. clientmqueue
clientmqueue
• Sendmail utility directories contain the Build command
– They contain ectra functionality like support for antispam, antivirus, databases etc..
## find
find ** -type
-type ff -maxdepth
-maxdepth 11 -name
-name Build
Build

• Make and install example for mailstats

## cd
cd mailstats
mailstats ;; sh
sh ./Build
./Build ;; sh
sh ./Build
./Build install
install

• You will also have one output directory for all your makes
## ls The directories contain the compiled binaries and extras, ready for mass
ls obj.Linux*
obj.Linux* deployment
Standard sendmail.mc comment & DNS
• If sendmail uses /etc/mail/linux.mc we make some links
– Needed in SuSE and some other RPM distributions
## ln
ln –s
–s /etc/sendmail.cf
/etc/sendmail.cf /etc/mail/sendmail.cf
/etc/mail/sendmail.cf
## ln
ln –s /etc/mail/linux.mc /etc/mail/sendmail.mc
–s /etc/mail/linux.mc /etc/mail/sendmail.mc
• How to Put Comments in sendmail.mc
– The sendmail.mc file doesn't use the "#" for commenting, but instead uses the
string "dnl". dnl Disabled statements due to "dnl" commenting
dnl Disabled statements due to "dnl" commenting
dnl
dnlDAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')
Name=MTA')
dnl
dnl##DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')
Name=MTA')
dnl
dnlIncorrectly
Incorrectlydisabled
disabledstatement
statement
##DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')
Name=MTA')
dnl
dnlActive
Activestatement,
statement,here
heresendmail
sendmailclient
clientdaemon
daemonisisenabled
enabled
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

• Configuring the DNS for sendmail

– Make Your Mail Server The Mail Server For Your Domain in DNS
my-site.com.
my-site.com. IN
IN MX
MX 10
10 mail.my-site.com.
mail.my-site.com.
## host
host my-site.com
my-site.com
my-site.com
my-site.com mail
mail is
is handled
handled by
by 10
10 mail.my-site.com.
mail.my-site.com.
Sendmail & name resolution
• All hosts that are not the nameserver should have
/etc/resolv.conf file like this:
Server Client
domain
domain my-site.com domain
my-site.com domain my-site.com
my-site.com
nameserver
nameserver 127.0.0.1 nameserver
127.0.0.1 nameserver 192.168.0.1
192.168.0.1
• And incorrectly configured resolv.conf
– file can lead to errors like this when running the m4

WARNING:
WARNING: local
local host
host name
name (smallfry)
(smallfry) is
is not
not qualified;
qualified;
fix
fix $j
$j in
in config
config file
file

• The /etc/hosts File must have loopback address

– For a sample mailserver:
127.0.0.1  mail.my-site.com localhost.localdomain
127.0.0.1  mail.my-site.com localhost.localdomain localhost
localhost mail
mail

– For a sample client:

127.0.0.1  client.my-site.com localhost.localdomain
127.0.0.1  client.my-site.com localhost.localdomain localhost
localhost client
client
How To Configure Linux Sendmail Client
• All Linux mail clients in your home or company need to know which server
is the mail server, in /etc/mail/sendmail.mc
define(`SMART_HOST',`mail.my-site.com')
define(`SMART_HOST',`mail.my-site.com')
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
Name=MTA')
• If you run SuSE sendmail from RPM, take full control again
– In /etc/sysconfig/mail change: MAIL_CREATE_CONFIG=“no”
MAIL_CREATE_CONFIG=“no”
SMTPD_LISTEN_REMOTE="yes“
SMTPD_LISTEN_REMOTE="yes“
• Smarthost (the mailserver) must accept mail from your host/domain
– In /etc/mail/access:
my-site.com
my-site.com RELAY
RELAY
• Converting From a Mail Client to a Mail Server
– Determine Which NICs Sendmail Is Running On
– We can verify that sendmail is running by first using the pgrep command
## pgrep
pgrep sendmail
sendmail
22131
22131
## netstat
netstat -an
-an || grep
grep :25
:25 || grep
grep tcp
tcp
tcp
tcp 00 00 127.0.0.1:25
127.0.0.1:25 0.0.0.0:*
0.0.0.0:* LISTEN
LISTEN
– Here sendmail listens on loopback interface, this is normal because a client does not normally
recieve email directly
Convert the sendmail client to server
• Edit sendmail.mc To Make Sendmail Listen On All
Interfaces
dnl
dnl This
This changes
changes sendmail
sendmail toto only
only listen
listen on
on the
the loopback
loopback device
device
127.0.0.1
127.0.0.1
dnl
dnl and
and not
not on
on any
any other
other network
network devices.
devices. Comment
Comment this
this out
out if
if you
you
want
want
dnl
dnl to
to accept
accept email
email over
over the
the network.
network.
->
-> dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA')
dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA')
dnl
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port
NOTE: binding both IPv4 and IPv6 daemon to the same port
requires
requires
dnl
dnl aa kernel
kernel patch
patch
dnl
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1,
DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6,
Name=MTA-v6,
Family=inet6')
Family=inet6')
dnl
dnl We
We strongly
strongly recommend
recommend to to comment
comment this
this one
one out
out if
if you
you want
want to
to
protect
protect
dnl
dnl yourself
yourself from
from spam.
spam. However,
However, the
the laptop
laptop and
and users
users on
on
computers
computers that
that dodo
dnl
dnl not have 24x7 DNS
not have 24x7 DNS do
do need
need this.
this.
-> dnl FEATURE(`accept_unresolvable_domains')dnl
-> dnl FEATURE(`accept_unresolvable_domains')dnl
dnl
dnl FEATURE(`relay_based_on_MX')dnl
FEATURE(`relay_based_on_MX')dnl
Convert the sendmail client to server
• If you run SuSE sendmail from RPM, take full control again
– In /etc/sysconfig/mail change:
MAIL_CREATE_CONFIG=“no”
MAIL_CREATE_CONFIG=“no”
SMTPD_LISTEN_REMOTE="yes“
SMTPD_LISTEN_REMOTE="yes“
– SuSEconfig will write over your /etc/sendmail.cf
• Comment out the "SMART_HOST" Entry In sendmail.mc
dnl
dnl define(`SMART_HOST',`mail.my-site.com')
define(`SMART_HOST',`mail.my-site.com')
• Regenerate The sendmail.cf File & Restart sendmail
– This step can be accomplished by running the script we created at the beginning
of the chapter.
## ./smmake
./smmake

• Now Make Sure Sendmail Is Listening On All Interfaces

## netstat
netstat -an
-an || grep
grep :25
:25 || grep
grep tcp
tcp
tcp
tcp 00 00 0.0.0.0:25
0.0.0.0:25 0.0.0.0:*
0.0.0.0:* LISTEN
LISTEN
A General Guide To Using The sendmail.mc File

• Primary rule, nice and clean sendmail.mc with comments

– Masquerade rewrites all mail from hosts to coming from
domain
– FEATURE adds functionallity to sendmail
dnl
dnl *****
***** Customized
Customized section
section 11 start
start *****
*****
Dnl
Dnl
Dnl
Dnl
FEATURE(delay_checks)dnl
FEATURE(delay_checks)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(allmasquerade)dnl
FEATURE(allmasquerade)dnl
FEATURE(masquerade_entire_domain)dnl
FEATURE(masquerade_entire_domain)dnl
dnl
dnl
dnl
dnl
dnl
dnl *****
***** Customized
Customized section
section 11 end
end *****
*****

• After adding some features make a new sendmail.cf, but

first make a backup of the old working:
## cp
cp sendmail.cf
sendmail.cf sendmail-v1.cf
sendmail-v1.cf
## m4
m4 sendmail.mc > sendmail.cf
sendmail.mc > sendmail.cf
Sendmail feature files
• The /etc/mail/relay-domains File
– Relay those domains directly
• The /etc/mail/access File
– Keywords include:
RELAY # Allow access + Relay
REJECT # Refuse connection
OK # Allow access
DISCARD # Silently drop email
after recieved
550 You are not welcome here # Bounceback messages
my-other-site.com
my-other-site.com
my-site.com
my-site.com
localhost.localdomain          
localhost.localdomain           RELAY
RELAY
localhost                       RELAY
localhost                       RELAY
127.0.0.1                      
127.0.0.1                       RELAY
RELAY
192.168.1.16                    RELAY
192.168.1.16                    RELAY
192.168.1.17                   
192.168.1.17                    RELAY
RELAY
192.168.2      
192.168.2                      
                RELAY
RELAY
my-site.com                     RELAY
my-site.com                     RELAY

• The /etc/mail/local-host-names File my-site.com

my-site.com
– Also recieve mail from my other site my-other-site.com
my-other-site.com
– In DNS we need to enter:
my-other-site.com.
my-other-site.com. MX
MX 10
10 mail.my-site.com.
mail.my-site.com.
• After changing any sendmail files exept the .mc do a
## cd
cd /etc/mail
/etc/mail ;; newaliases
newaliases ;; make
make
Which User Should Really Receive The Mail?
• The /etc/mail/virtusertable file
[email protected]   webmasters
[email protected]   webmasters
@my-other-site.com           
@my-other-site.com            marc
marc
[email protected]            
[email protected]             [email protected]
[email protected]
[email protected]              paul
[email protected]              paul
[email protected]          
[email protected]           paul
paul
@my-site.com                 
@my-site.com                  error:nouser User
error:nouser User unknown
unknown

– The string @my-site.com actually rejects all non local emails with error message
• The /etc/aliases File
.. .. ..
manager:        root
manager:        root
abuse:          root
abuse:          root
## trap
trap decode
decode to
to catch
catch security
security attacks
attacks
decode:         root
decode:         root
## Person
Person who
who should
should get
get root's
root's mail
mail
root:           marc,kalle,[email protected]
root:           marc,kalle,[email protected]
## My
My mailing
mailing list
list file
file
admin-list:     ":include:/home/mailings/admin-list"
admin-list:     ":include:/home/mailings/admin-list"

• Allways run command newaliases after working with aliases

## cd
cd /etc/mail
/etc/mail ;; newaliases
newaliases ;; make
make
Mail-aliases ”/etc/aliases” explanations
• Mail to "[email protected]

" goes to users "peter",
"paul" and "mary".
• Mail sent to "
# Directors of my SOHO company
# Directors of my SOHO company
directors:
directors:peter,paul,mary
peter,paul,mary

[email protected]" goes to users "grandma",
"brother" and "sister" # My family family:
# My family family:
grandma,brother,sister
grandma,brother,sister

• Mail sent to ”[email protected]” gets sent to all the

users listed in the file /home/mailings/admin-list.
##MyMymailing
mailinglist
listfile
fileadmin-list:
admin-list:
":include:/home/mailings/admin-list"
":include:/home/mailings/admin-list"

• Mail sent to [email protected] goes to peter

##[email protected]
[email protected]
becomesame
sameas
[email protected]
[email protected]
peter.steen: peter
peter.steen: peter
Sendmail ”.mc” Masquerading Explained
• The MASQUERADE_AS directive makes all mail originating on mail appear to
come from a server within the domain my-site.com by rewriting the email header.
• The MASQUERADE_DOMAIN directive makes mail relayed via mail from all
machines in the another-site.com and localdomain domains appear to come from
the MASQUERADE_AS domain of my-site.com. Using DNS, sendmail checks the
domain name associated with the IP address of the mail relay client sending the
mail to help it determine whether it should do masquerading or not.
• FEATURE masquerade_entire_domain makes sendmail masquerade
servers named *my-site.com, and *another-site.com as my-site.com. In other
words, mail from sales.my-site.com would be masqueraded as my-site.com. If
this wasn't selected, then only servers named my-site.com and my-othersite.com
would be masqueraded. Use this with caution when you are sure you have the
necessary authority to do this.
• FEATURE allmasquerade makes sendmail rewrite both recipient addresses
and sender addresses relative to the local machine. If you cc: yourself on an
outgoing mail, the other recipient sees a cc: to an address he knows instead of one
on localhost.localdomain.
• FEATURE always_add_domain always masquerades email addresses, even
if the mail is sent from a user on the mail server to another user on the same mail
server.
• FEATURE masquerade_envelope rewrites the email envelope just as
MASQUERADE_AS rewrote the header.
Sendmail Masquerading example
• If you want your mail to appear to come from
– [email protected] and not [email protected] or [email protected]
You can in that case:
a) Configure your email client, such as Outlook Express, to set your email address
to [email protected]
b) Set up masquerading to modify the domain name of all traffic originating from
and passing trough your mail server
• Configuring masquerading
– This can be solved by editing your sendmail.mc configuration file and adding
some masquerading commands:
FEATURE(`always_add_domain')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`allmasquerade')dnl
MASQUERADE_AS(`my-site.com')dnl
MASQUERADE_AS(`my-site.com')dnl
MASQUERADE_DOMAIN(`my-site.com.')dnl
MASQUERADE_DOMAIN(`my-site.com.')dnl
MASQUERADE_DOMAIN(`localhost')dnl
MASQUERADE_DOMAIN(`localhost')dnl
MASQUERADE_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_DOMAIN(`localhost.localdomain')dnl
Testing Sendmail Masquerading
•  Testing Masquerading
– You should also tail the /var/log/mail* file to verify that the masquerading is
operating
## mail
mail -v -v username
username

– Verify reciever of email ## sendmail

sendmail -bv
-bv username@domain
username@domain

• Logfiles
/var/log/mail
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/messages
• Other Masquerading Notes
– By default, user "root" will not be masqueraded. This is achieved with the:

– in /etc/mail/sendmail.mc EXPOSED_USER(`root')dnl
EXPOSED_USER(`root')dnl
Using Sendmail to Change the Sender's Email Address

• Add these statements to your /etc/mail/sendmail.mc

– In order to rewrite emails origin address, you need some features:
FEATURE(`genericstable',`hash
FEATURE(`genericstable',`hash -o
-o /etc/mail/genericstable.db')dnl
/etc/mail/genericstable.db')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

• Create a /etc/mail/generics-domains my-site.com

my-site.com
– Same file as local-host-names my-other-site.com
my-other-site.com
mail.my-site.com
mail.my-site.com
– Make sure the file includes your server's
canonical domain name, which you can
sendmail
sendmail-bt
-bt-d0.1
-d0.1</dev/null
</dev/null
obtain using the command:
– Remember to do the make after changing your sendmail files
• Create your /etc/mail/genericstable
– Mail sent from alert, peter, anton will have new source address
#linux-username  
#linux-username   new
new source
source address:
address: user@domain
user@domain
alert          [email protected]
alert          [email protected]
peter          [email protected]
peter          [email protected]
anton
anton [email protected]
[email protected]
Sendmail and virtualusers
• At slide 17 we created your /etc/mail/virtusertable
– /etc/aliases can also be used, althought virtusertable is more flexible
• We need to add virtual domains last in file /etc/sendmail.cf
– For revieving email for virtual domains
CGmy-site.com
CGmy-site.com
CGmy-other-site.com
CGmy-other-site.com

• Everytime you run m4 command you will have to put

back your virtualdomains

• sendmail.cf is a long complicated file, sometimes you will

need to add and change things inside this file.
Troubleshooting Sendmail 1
• Testing TCP connectivity
– sendmail uses SMTP TCP port 25
Server  ## netstat
netstat -an-an || grep
grep :25
:25 || grep
grep tcp
tcp
tcp
tcp 00 00 0.0.0.0:25
0.0.0.0:25 0.0.0.0:*
0.0.0.0:* LISTEN
LISTEN
The server can listen on all interfaces 0.0.0.0
or a deligated interface like 192.168.1.1
Client  ## netstat
netstat -an -an || grep
grep :25
:25 || grep
grep tcp
tcp
tcp 0 0 127.0.0.1:25 0.0.0.0:*
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN LISTEN
Allways listen on 127.0.0.0
• Telnet to the mail server on port 25. You should get a
response with a 220 status code:
– Communication with sendmail remainds of radio communication

##telnet
telnetmail.my-site.com
mail.my-site.com25 25
Trying
Tryingmail.my-site.com...
mail.my-site.com...
Connected
Connectedto tomail.my-site.com.
mail.my-site.com.
Escape
Escapecharacter
characterisis'^]'.
'^]'.
220
220mail.my-site.com
mail.my-site.comESMTP
ESMTPserver
serverready
ready
Troubleshooting Sendmail 2
• Use the hello command to tell the mail server the domain
you belong to:
HELO
HELOmy-other-site.com
my-other-site.com
250
250mail.my-site.com
mail.my-site.comHello
Hellomail.my-site.com
mail.my-site.com[192.168.3.5],
[192.168.3.5],pleased
pleasedtotomeet
meetyou
you
• You should receive a message with a successful status
250 code at the beginning of the response.
• Inform the mail server from which the test message is
coming with the MAIL FROM: statement:
MAIL
MAILFROM:[email protected]
FROM:[email protected]
250
250 [email protected]...
2.1.0 [email protected]
Senderok
ok

• Tell the mail server to whom the test message is going

with the " RCPT TO:" statement:
RCPT
RCPTTO::[email protected]
TO::[email protected]
250
2502.1.0
[email protected]...
[email protected]
Senderok
ok
Troubleshooting Sendmail 3
• Prepare the mail server to receive data with the DATA
statement: DATA
DATA
354
354Enter
Entermail,
mail,end
endwith
with"."
"."on
onaaline
lineby
byitself
itself

• Type the string "subject:" then type a subject. Type in your

text message, ending it with a single period on the last
line. For example: Subject:
Subject:Test
TestMessage
Message
Testing
Testingsendmail
sendmailinteractively
interactively
..
250
2502.0.0
2.0.0iA75r9si017840
iA75r9si017840Message
Messageaccepted
acceptedfor
fordelivery
delivery

• Use the QUIT command to end the session:

QUIT
QUIT
221
2212.0.0
2.0.0mail.my-site.com
mail.my-site.comclosing
closingconnection
connection
Connection
Connectionclosed
closedbybyforeign
foreignhost.
host.
Common Errors Due To Incomplete Installation
• Sample Errors when running newaliases :
##newaliases
newaliases
Warning:
Warning:.cf
.cffile
fileisisout
outofofdate:
date:sendmail
sendmail8.13.3
8.13.3supports
supportsversion
version10,
10,.cf
.cffile
fileisisversion
version00
No
Nolocal
localmailer
mailerdefined
defined
QueueDirectory
QueueDirectory(Q) (Q)option
optionmust
mustbebeset
set
• Sample errors when processing the sendmail.mc file :
##m4
m4/etc/mail/sendmail.mc
/etc/mail/sendmail.mc>>/etc/mail/sendmail.cf
/etc/mail/sendmail.cf
/etc/mail/sendmail.mc:8:
/etc/mail/sendmail.mc:8:m4:
m4:Cannot
Cannotopen
open/usr/share/sendmail-cf/m4/cf.m4:
/usr/share/sendmail-cf/m4/cf.m4:No
Nosuch
such
file or directory
file or directory

• Sample errors when restarting sendmail :

##rcsendmail
rcsendmailrestart
restart
Shutting
Shutting down sendmail:[ [OK
down sendmail: OK] ]
Shutting
Shuttingdown
downsm-client:
sm-client:[FAILED]
[FAILED]
Starting
Starting sendmail: 554 5.0.0No
sendmail: 554 5.0.0 Nolocal
localmailer
mailerdefined
defined
554
5545.0.0
5.0.0QueueDirectory
QueueDirectory(Q) (Q)option
optionmust
mustbebeset
set
[FAILED]
[FAILED]
Starting
Startingsm-client:
sm-client:[ [OK
OK] ]
Incorrectly Configured /etc/hosts Files
• By default, Linux inserts the hostname of the server between the
127.0.0.1 and the localhost entries in /etc/hosts like this:
127.0.0.1
127.0.0.1mail
maillocalhost.localdomain
localhost.localdomainlocalhost
localhost
– Sendmail will think that the server's FQDN is mail
– It will then default to sending e-mails in which the domain is
localhost.localdomain.
• The /etc/hosts file is also important for configuring mail
relay 127.0.0.1
127.0.0.1my-site.com
my-site.comlocalhost.localdomain
localhost.localdomainlocalhost
localhost
– Here sendmail thinks that the server's FDQN was my-site and that the domain
was all of .com.
– The server would therefore be open to relay all mail from any .com domain
and would ignore the security features of the access and relay-domains
• The correct loopback entry should look like:
127.0.0.1  mail.my-site.com localhost.localdomain
127.0.0.1  mail.my-site.com localhost.localdomain localhost
localhost mail
mail
Incorrect name resolution hosts file ?
• Use the sendmail program to send a sample e-mail to
someone in verbose mode : ##sendmail
sendmail-v
[email protected]
[email protected]
– Look in /var/log/mail test
testtext
text
– Also look in /var/log/mail.err test text
test text
..
– Offcourse /var/log/messages
[email protected]...
[email protected]
Connectingtotomail.another-site.com.
mail.another-site.com.via
viaesmtp...
esmtp...
220
220ltmail.another-site.com
ltmail.another-site.comLiteMail
LiteMailv3.02(BFLITEMAIL4A);
v3.02(BFLITEMAIL4A);Sat, Sat,21
21Feb
Feb2006
200620:18:44
20:18:44+0100
+0100
>>> EHLO localhost.localdomain
>>> EHLO localhost.localdomain
250-mx.another-site.com
250-mx.another-site.comHello Hello[67.120.221.106],
[67.120.221.106],pleased
pleasedtotomeet
meetyou
you
250 HELP
250 HELP
>>>
>>>MAIL
MAILFrom:<[email protected]>
From:<[email protected]>
250
250<[email protected]>...
<[email protected]>...Sender SenderOk Ok
>>> RCPT To:<[email protected]>
>>> RCPT To:<[email protected]>
250
250<[email protected]>...
<[email protected]>...RecipientRecipientOk Ok
>>> DATA
>>> DATA
354
354Enter
Entermail,
mail,end
endwith
with"."
"."on
onaaline
lineby
byitself
itself
>>>
>>>. .
250
250Message
Messageaccepted
acceptedfor fordelivery
delivery
[email protected]...
[email protected] Sent(Message
(Messageaccepted
acceptedfor
fordelivery)
delivery)
Closing connection to mail.another-site.com.
Closing connection to mail.another-site.com.
>>>
>>>QUIT
QUIT
Fighting SPAM, add features to sendmail.mc

• RFC-Ignorant valid IP address checker.

FEATURE(`dnsbl',
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550
`ipwhois.rfc-ignorant.org',`"550 Mail
Mail from
from "" $&{client_addr}
$&{client_addr}
"" refused.
refused. Rejected for bad WHOIS info on IP of your SMTP server -- see
Rejected for bad WHOIS info on IP of your SMTP server see
http://www.rfc-ignorant.org/"')
http://www.rfc-ignorant.org/"')

• Easynet open proxy list.

FEATURE(`dnsbl',
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl',
`proxies.blackholes.easynet.nl', `"550
`"550 5.7.1
5.7.1 ACCESS
ACCESS DENIED
DENIED to
to
OPEN PROXY SERVER "$&{client_name}" by easynet.nl
OPEN PROXY SERVER "$&{client_name}" by easynet.nl
DNSBL  (http://proxies.blackholes.easynet.nl/errors.html)"',
DNSBL  (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
`')dnl

• The Open Relay Database open mail relay list.

FEATURE(`dnsbl',
FEATURE(`dnsbl', `relays.ordb.org',
`relays.ordb.org', `"550
`"550 Email
Email rejected
rejected due
due to
to sending
sending server
server
misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl
misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl

• Spamcop spammer blacklist.

FEATURE(`dnsbl',
FEATURE(`dnsbl', `bl.spamcop.net',
`bl.spamcop.net', `"450
`"450 Mail
Mail from
from "" $`'&{client_addr}
$`'&{client_addr} ""
refused
refused -- see
see http://spamcop.net/bl.shtml"')
http://spamcop.net/bl.shtml"')

• Spamhaus spammer blacklist.

FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected -- see
see http://spamhaus.org/')dn
http://spamhaus.org/')dn