CSUF LogoCSUF Site Navigation
optics.csufresno.edu

FC6 Server & General Setup sendmail Configuration

Department of Electrical and Computer Engineering
Assistant Professor Gregory R. Kriehn
Forums
Wiki
FC6 sendmail Configuration
sendmail is an electronic mail transport agent, routing messages over whatever networks are necessary. The advantage of sendmail is that allows for internetwork forwarding to deliver the message to the correct place. The disadvantage is that if setup incorrectly, it allows for spammers to use your domain to spam accounts if setup to accept unresolvable domains. (Fortunately, this option is not set by default for Fedora Core 6.)

You can define most of sendmail's configuration parameters in the /etc/mail/sendmail.mc file, which is then used by "m4" macros to create a /etc/mail/sendmail.cf file. Configuration of the sendmail.mc file is much simpler than configuration of sendmail.cf, but it is still often viewed as an intimidating task. Fortunately, in most cases you won't have to edit this file very often.

In most Linux configuration files, a # symbol is used at the beginning of a line convert it into a comment line or to deactivate any commands that may reside on that line. However, the sendmail.mc file doesn't use this character for commenting, but instead uses the string "dnl".


Configure Your Mail Server's Name In DNS
You first need to make sure that your mail server's name resolves in DNS correctly. For example, if your mail server's name is [server] and it you intend for it to mostly handle mail for the domain [domain].[name], then [server].[domain].[name] must correctly resolve to the IP address of one of the mail server's interfaces. You can test this using the
host command:
~> host [server].[domain].[name]
[server].[domain].[name] has address [xxx.xxx.xxx.xxx]
 
Configure The /etc/resolv.conf File
The sendmail program expects DNS to be configured correctly on the DNS server. Your domain must point to the IP address of the mail server.

The program also expects the files used by the mail server's DNS client to be configured correctly. The first one is the /etc/resolv.conf file, in which there must be a domain directive that matches one of the domains the mail server is expected to handle mail for. Finally, sendmail expects a nameserver directive that points to the IP address of the DNS server the mail server should use to get its DNS information.

For example, if the mail server is handling mail for [domain.name] and the IP address of the DNS server is [xxx.xxx.xxx.xxx], there must be directives that look like this:

domain        [domain].[name]
nameserver    [xxx.xxx.xxx.xxx]
An incorrectly configured resolv.conf file can lead to errors when running the m4 command to process the information in your sendmail.mc file.

The /etc/hosts File
The /etc/hosts file also is used by DNS clients and also needs to be correctly configured. Here is a brief example of the first line you should expect to see in it:

127.0.0.1  localhost.localdomain  localhost
The entry for 127.0.0.1 must always have an entry for localhost and localhost.localdomain. Linux does not function properly if the 127.0.0.1 entry in /etc/hosts doesn't also include localhost and localhost.localdomain. Then you can add any other aliases your host may have on a separate line, in addition to the fully qualified domain name (FQDN) of the server and it's IP address. In the case above it would be [server].[domain.name]:
[Server IP Address]  [server].[domain.name]  [server] [other aliases]
Converting From a Mail Client to a Mail Server
All Linux systems have a virtual loopback interface that lives only in memory with an IP address of 127.0.0.1. As mail must be sent to a target IP address even when there is no NIC in the box, sendmail therefore uses the loopback address to send mail between users on the same Linux server. To become a mail server, and not a mail client, sendmail needs to be configured to listen for messages on NIC interfaces as well.

1. Determine which NICs sendmail is running on. You can see the interfaces on which sendmail is listening with the netstat command. Because sendmail listens on TCP port 25, you use netstat and grep for 25 to see a default configuration listening only on IP address 127.0.0.1 (loopback):

~> netstat -an |grep :25 |grep tcp
tcp        0        0  127.0.0.1:25        0.0.0.0:*        LISTEN
 
2. Edit /etc/mail/sendmail.mc to make sendmail listen on all interfaces. If sendmail is listening on the loopback interface only, you should comment out the daemon_options line in the /etc/mail/sendmail.mc file with dnl statements. It is also good practice to take precautions against spam by not accepting mail from domains that don't exist by commenting out the accept_unresolvable_domains feature too. Make the appropriate changes in the /etc/mail/sendmail.mc file. See the sixth line from the top and the fourth line from the bottom:
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
...
...
...
dnl
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
Note: You need to be careful with the accept_unresolvable_names feature. In the sample network, the mail server [server] does not accept e-mail relayed from any of the other PCs on your network if they are not in DNS.

In conjunction with this, make sure that you have have poked a hole in the firewall for TCP/IP Port Number 25. See the Firewall page for details on how to do this if you have not done it already.

3. Make sure that the SMART_HOST entry in sendmail.mc has been commented out. The mail server doesn't need a SMART_HOST entry in its sendmail.mc file. Comment this out with a dnl at the beginning, if necessary.
dnl define(`SMART_HOST',`mail.my-site.com')
4. Enable masquerading, if you need it. In my case, I have two aliases for my server, only one of which I want the outside world to see (optics.csufresno.edu). Therefore, I have the following lines enabled:
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`[server].[domain].[name]')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl #
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
MASQUERADE_DOMAIN([server].[domain].[name])dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
Substitute in your fully qualified domain name for the mail server, as necessary. Save and exit.

Generate the New Sendmail Configuration File /etc/mail/sendmail.cf

When mail passes through a sendmail server the mail routing information in its header is analyzed, and sometimes modified, according to the desires of the systems administrator. As previously mentioned, using a series of highly complicated regular expressions listed in the /etc/mail/sendmail.cf file, sendmail inspects this header and then acts accordingly.

In recognition of the complexity of the /etc/mail/sendmail.cf file, a much simpler file named /etc/mail/sendmail.mc was created, and it contains more understandable instructions for systems administrators to use (which is what we just edited). These are then interpreted by a number of macro routines to create the sendmail.cf file. After editing sendmail.mc, you must always run the macros and restart sendmail for the changes to take effect.

Once you finish editing the sendmail.mc file with the above changes, you can then execute the make command while in the /etc/mail directory to regenerate the new sendmail.cf file.
~> cd /etc/mail
sudo make -C /etc/mail
The make command actually generates the sendmail.cf file using the m4 command. The m4 usage is simple — you could just as easily specify the name of the macro file as the argument, in this case "sendmail.mc", and redirect the output (which would normally go to the screen) to the "sendmail.cf" file with the ">" redirector symbol:
~> sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
At any rate, restart sendmail:
~> sudo service sendmail restart
You should see the sm-clent and sendmail clients successfully restart:
Shutting down sm-client:                                   [  OK  ]
Shutting down sendmail:                                    [  OK  ]
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]
The /etc/mail/local-host-names File

When sendmail receives mail, it needs a way of determining whether it is responsible for the mail it receives. It uses the /etc/mail/local-host-names file to do this. This file has a list of host names and domains for which sendmail accepts responsibility. For example, if this mail server was to accept mail for the domain [server].[domain].[name] then the file would look like this:

[server].[domain].[name]
Edit the file and add your mail server's fully qualified domain name.

Which User Should Really Receive The Mail?

After checking the contents of the virtusertable, sendmail checks the aliases files to determine the ultimate recipient of mail. If there is no match in the virtusertable file, sendmail automatically checks /etc/aliases.

You can think of the /etc/aliases file as a mailing list file. The first column has the mailing list name (sometimes called a virtual mailbox), and the second column has the members of the mailing list separated by commas.

To start, sendmail searches the first column of the file for a match. If there is no match, then sendmail assumes the recipient is a regular user on the local server and deposits the mail in their mailbox.
If it finds a match in the first column, sendmail notes the nickname entry in the second column. It then searches for the nickname again in the first column to see if the recipient isn't on yet another mailing list. If sendmail doesn't find a duplicate, it assumes the recipient is a regular user on the local server and deposits the mail in their mailbox. If the recipient is a mailing list, then sendmail goes through the process all over again to determine if any of the members is on yet another list, and when it is all finished, they all get a copy of the e-mail message.

Because aliases can be very useful, here is an example for your /etc/aliases file:
# Mail to "directors@[domain].[name]" goes to users "peter", "paul" and "mary".
# Directors of my company
directors:    peter,paul,mary
This is important to me because my I pull my mail from a Fresno State university server to my local server, where the user name on the university server is different from my local username.

One important note about the /etc/aliases file: By default, your system uses sendmail to mail system messages to local user root. When sendmail sends e-mail to a local user, the mail has no To: in the e-mail header. If you then use a mail client with a spam mail filtering rule to reject mail with no To: in the header, such as Outlook Express or Evolution, you may find yourself dumping legitimate mail.

To get around this, try making root have an alias for a user with a fully qualified domain name, this forces sendmail to insert the correct fields in the header; for example:

# Person who should get root's mail
root:        [master user]@[domain].[name]
That's pretty much it. In the next page, I will discuss using fetchmail, which I use to fetch mail from the university server to my local one; and when discussing spambayes, I'll discuss procmail, which is an autonomous mail processor used to filter e-mail.

References:
http://www.chinalinuxpub.com/doc/www.siliconvalleyccie.com/linux-hn/sendmail.htm
http://www.joreybump.com/code/howto/smtpauth.html