Certification Objective 12.03-sendmail Configuration

Previous page
Table of content
Next page

The sendmail daemon is configured from a directory of files in /etc/mail and a directory of configuration files in /usr/share/sendmail-cf. There are two basic configuration files: sendmail.cf for incoming mail and submit.cf for outgoing mail. I describe the key configuration files in /etc/mail in a bit of detail here.

  • sendmail.cf The main sendmail configuration file.

  • sendmail.mc A macro that's easier to edit, which can be used to generate a new sendmail.cf file.

  • access Supports outgoing access control to your sendmail server. The default version of this file supports access from the local computer. You can add host names or networks to this list, with a message to REJECT with an error message, DISCARD without an error message, or RELAY to accept and send the e-mail.

  • domaintable Allows you to map different domains. For example, if you've changed your domain name from Osborne.com to Mcgraw-hill.com, people might still send e-mails to addresses such as michael@Osborne.com. The following line would forward that e-mail to michael@Mcgraw-hill.com.

     Osborne.com Mcgraw-hill.com

  • helpfile Supports help commands when you manage your mail server from the sendmail prompt, which you can access with the telnet localhost 25 command.

  • local-host-names Allows you to add host names or aliases for your computer as a sendmail server. Enter one alias per line in this file.

  • mailertable Rarely used.

  • Makefile Supports compiling the sendmail.mc file.

  • spamassassin/ A directory that includes configuration files that can help you minimize spam. If you want to configure it on locally received e-mail, add the following line to /etc/procmailrc:

     INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

    On the Job 

    If you forget this detail, run the rpm -qi spamassassin command. You'll see it in the description.

  • statistic Collects statistics on sendmail usage in binary format. You can read it with the mailstats command. Does not exist until the sendmail service starts processing mail.

  • submit.cf The main outgoing sendmail configuration file.

  • submit.mc A macro that you can edit and then generate a new submit.cf file.

  • trusted-users Lists special users that can send e-mail without warnings. For example, you saw e-mail addresses in the Apache configuration file; if you include the apache user in this list, it can send messages to your Web server administrators without generating sendmail warning messages.

  • virtusertable Supports e-mail forwarding; if some users outside your network use your sendmail server, you can enter individual e-mail addresses or domains for allowed users.

If you don't see some of these files or directories, you may not have both sendmail RPM packages installed: sendmail and sendmail-cf. Use the rpm -q packagename command to determine whether these packages are installed and install them as required.

You'll also need to make sure the file is properly cited in sendmail.mc. For example, the following directive incorporates /etc/mail/virtusertable in your sendmail.mc configuration file:

 FEATURE('virtusertable','hash -o /etc/mail/virtusertable.db')dnl

You may notice several versions of these files with .db extensions. These are the database files used by sendmail. When you make changes to the base files, the make -C /etc/mail command, described shortly, processes these files into the .db databases.

There's one more important file, /etc/aliases, described later in this chapter. This file allows you to create forwarders on the same domain. For example, if user mary leaves the company, you can use this file to have her mail forwarded to user cindy.

Configuring sendmail for Basic Operation

When sendmail starts, it reads the /etc/mail/sendmail.cf and /etc/mail/submit.cf files. The sendmail.cf file is a long (around 1800 lines) file that may seem difficult to decipher but includes a wealth of helpful comments. The submit.cf file is nearly as long. This file provides detailed rules (organized into rulesets) on how sendmail should process e-mail addresses, filter spam, talk to other mail servers, and more.

This file is extremely complex and uses cryptic syntax. Fortunately, most of the directives included in this file are standards that you don't need to change. Many are required by various Internet agreements relating to e-mail address, mail transfer agents, and so on.

Red Hat simplifies this process with a smaller file, /etc/mail/sendmail.mc, which contains only the most relevant configuration directives. It is composed entirely of macros that define key sendmail.cf settings. Once you've configured this file, you can use the make command to compile a new, custom sendmail.cf file. However, the default RHEL version of this file is still around 200 lines long. Remember that the Red Hat Exam Prep guide requires only that you know how to configure the service for basic operation. Therefore, I'll highlight those directives that you may want to change or modify for that purpose.

The sendmail.mc file is made up of directives (macros) used to create content for sendmail.cf. (Other related .mc files follow the same criteria and use many of the same commands). These macros do the following:

  • Add comments to aid in comprehension

  • Define key variables and values

  • Enable or disable features

  • Create variables with specific settings

The most basic macro is dnl, which tells m4 to delete from this point through to the end of the line. It is used to comment out descriptive text or disable a feature that would otherwise be included.

The include directive instructs the make command to read the contents of the named file and insert it at the current location in the output. This is how additional configuration information (needed by sendmail but not relevant to mail configuration) is kept separately from settings you may wish to change.

The define directive sets files or enables features that you want to use. Some examples in sendmail.mc allow you to set the path to your administrative e-mail name in the ALIAS_FILE (/etc/aliases), identify where procmail lives (PROCMAIL_MAILER_PATH), and provide the path for the official database of e-mail users-in this case, in virtualusertable.db.

The FEATURE directive enables specific features. For example, one FEATURE directive allows sendmail to accept_unresolvable_domains. This allows sendmail to accept mail even if it can't figure out the domain of the user who sent the e-mail. Specifically, a domain is regarded as unresolvable when a reverse IP address lookup does not find the associated domain name. If you don't have reliable DNS access, you may need this feature, or else your sendmail configuration may refuse a lot of valid e-mail.

DAEMON_OPTIONS directly controls the SMTP daemon. The default active DAEMON_OPTIONS directive does not accept any mail from outside the local system, as defined by the localhost address:

 DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

You'll notice unusual quote characters in most of these lines. The command inside parenthesis starts with a back quote (`) and ends with a single quote (').

Configuring and Securing sendmail

In this section, you'll modify the sendmail.mc configuration file. Back it up first! You need to make only a couple of adjustments to get your system ready for use on the Internet. By default, the following line limits sendmail access to the local computer:

 DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

You can allow other computers to use your sendmail server by commenting out this line. As described earlier, this requires a dnl directive, as shown:

 dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Next, if you have reliable DNS access, comment out the FEATURE directive that allows you to accept_unresolvable_domains. This blocks spammers who use just an IP address or spammers who fake their domain name to hide themselves:

 FEATURE(`accept_unresolvable_domains')dnl

But that's not enough. If you want to allow remote computers or networks access to your sendmail server, you'll need to add their names or addresses to the /etc/mail/ access file. For example, if you wanted to allow access to the 192.168.30.0 domain, you'd add the following line to that file:

 192.168.30          RELAY

Watch the notation; unlike other services, there is no dot (.) at the end of the address. It covers all computers on the 192.168.30.0 network. Alternatively, you could designate the example.com domain or a specific computer name or IP address.

Back up the current sendmail.cf file. Then you can generate a new sendmail .cf file, process the other files in /etc/mail, and restart sendmail services with the following command:

 # make -C /etc/mail/

Now you can reconfigure e-mail clients such as Novell Evolution or even Microsoft Outlook Express to send outgoing e-mail through your sendmail server. You'll need to set your sendmail computer domain name or IP address as the SMTP outgoing mail server.

On the Job 

In previous versions of sendmail, all you needed to do was process sendmail .mc; it was therefore sufficient to use the m4 macro command. But you may be processing more files. The make -C /etc/mail command shown processes all files in the /etc/mail directory.

Configuring sendmail to Start at Reboot

Now start or restart sendmail to make sure it reads your new sendmail.cf configuration file:

 # chkconfig sendmail on # service sendmail restart

Your sendmail (SMTP) service should now be up and running and ready to accept mail from any (valid) source. To check the result, the following commands show that sendmail is currently running and starts in the desired runlevels:

 # service sendmail status # chkconfig --list sendmail

Troubleshooting sendmail

When name resolution is not working on your network, sendmail doesn't know where to send your outbound e-mail. These messages are placed in a queue that tries to resend your e-mail at regular intervals. Other mail forwarders and relay hosts on the Internet provide the same functionality if a network segment is not working. As an administrator, you need to monitor this queue. If it gets overloaded, you may wish to reconfigure messages for that network to be sent at more irregular times. See the following code for an example of a problem message (yes, this is old software from 1993, but is still a dependable part of RHEL). The prompt in this utility is the ampersand (&):

 # mail Mail version 8.1 6/6/93.  Type ? for help. "/var/spool/mail/root" 1 messages 1 new >N 1 MAILER-DAEMON@enterp Wed Dec 3 08:55 60/1914 "Returned mail: see tr"

Press ENTER to see each message, or the message number at the prompt (&):

 Message 1: From MAILER-DAEMON@localhost.localdomain Wed Dec 6 08:55:39 2006 Date: Wed, 6 Dec 2006 08:55:39 -0500 From: Mail Delivery Subsystem <MAILER-DAEMON@enterprise5a.example.org> To: root@ enterprise5a.example.org MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status;          boundary="DAA03153.938948139/enterprise5a.example.org" Subject: Returned mail: see transcript for details Auto-Submitted: auto-generated (failure) This is a MIME-encapsulated message --DAA03153.938948139/enterprise5a.example.org The original message was received at Wed, 6 Dec 2006 08:55:39 -0500 from root@enterprise5a.example.org --- The following addresses had transient non-fatal errors --- <michael@mommabears.cob>      (reason: 550 Host unknown)    --- Transcript of session follows --- 550 5.1.2 <michael@mommabears.cob>... Host unknown (Name server: mommabears.cob: host not found) .. (additional details deleted) ..

Now the d command deletes the current message, and the q command exits from the mail utility.

In the preceding example, the destination name server (mommabears.cob) could not be resolved (it is actually mommabears.com). Consequently, sendmail notifies the sender (root@localhost.localdomain) that the mail could not be delivered.

In this case, the problem is straightforward: you've specified an nonstandard domain. However, you may get a similar error for any of the following reasons:

  • No DNS server available, if so required in sendmail.mc.

  • Access from a computer not listed or specifically denied in the /etc/mail/ access configuration file.

  • Some firewall blocking access. You can configure a firewall to allow incoming e-mail through TCP/IP port 25. You can find more information about this in Chapter 15.


Previous page
Table of content
Next page
RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang
BUY ON AMAZON
Strategies for Information Technology Governance
The CISSP and CAP Prep Guide: Platinum Edition
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy