Recipe 3.8 Configuring Relaying on a Mail Exchanger

Recipe 3.8 Configuring Relaying on a Mail Exchanger

Problem

You are asked to configure sendmail on a mail exchanger to permit relaying for all systems that legitimately use it as their mail exchanger.

Solution

Obtain from the domain administrator a listing of the hostnames whose MX records point to the local system as their mail exchanger. Add the list of hostnames to the local-host- names file to handle inbound mail that should be delivered to a mailbox on the mail exchanger or forwarded as directed by the aliases or .forward files. Add the hostnames from the list to the relay-domains file to handle mail that should be relayed.

Discussion

If you have access to a system that can list the entire domain, you can use the following bit of Unix magic to create a listing of every host in the domain that uses your mail system as its MX server: ^[3]

^[3] In the example, we list a domain named wrotethebook.com and grep for mail.wrotethebook.com . Replace these values with the correct values for your domain and mail system hostname.

 #  cd /etc/mail  #  host -l wrotethebook.com  \   > grep 'mail.*mail\.wrotethebook\.com'  \   > awk '{ print  }' > temp-relay-domains  

This example writes the list to a file named temp-relay-domains file. Verify the file contents before storing the data in either the relay-domains file or the local-host-names file. Additionally, this example requires the sendmail administrator to have direct access to a system that is entitled to list the entire domain file. Unless you pull double duty as both DNS administrator and sendmail administrator, you might have to rely on the domain administrator for the list of hostnames.

The local-host-names file configures the mail exchanger to accept mail for local delivery or forwarding, as discussed in Chapter 2. The relay-domains file configures the mail exchanger for relaying.

Mail to or from hosts in the relay-domains file will be relayed. Note that the names in the relay-domains file in this example are treated as hostnames, not domain names, because we are using the relay_hosts_only feature.

Alternatives

The relay_based_on_MX feature is an alternative solution to the problem described in the Problem section. When the relay_based_on_MX feature is used, sendmail relays mail for any system that lists the local host on its MX record. The relay_based_on_MX solution is simpler than this recipe, and just as effective, but it was rejected for two reasons:

• First, the creation of MX records is not under your control. Any domain administrator, anywhere in the world, could define your mail relay host as a mail exchanger for his domain. After that, any host in that remote domain can use your host as a mail relay. Thus, you are not in control of which hosts use your relay.

• Second, the sendmail developers state that it "is usually better to maintain a list of hosts/domains for which the server acts as a relay" than it is to use the relay_based_on_MX feature. In addition to the lack of control mentioned above, they cite the possibility of delivery problems when the remote DNS server is slow, and that some address formats ( specifically the % hack) are not treated as you might suppose.

Loss of control and the recommendation of the sendmail developers were enough to make us choose the solution in Recipe 3.8. If simplicity is more important to you, the relay_based_on_MX feature also works.

See Also

The discussion of the relay_based_on_MX feature in the cf/README file explains the developers' recommendations. The sendmail book covers relay_based_on_MX in 7.4.4. Recipe 2.1 and Recipe 3.7 provide important material for this recipe.