Section 7.6. Configuring the sendmail Server

7.6. Configuring the sendmail Server

sendmail is a robust email server. Like Apache, it has an enormous number of configuration options to handle many different service scenarios, even though many of these scenarios are pretty rare. With a small amount of configuration, sendmail can be configured to handle most mail-serving tasks.

7.6.1. How Do I Do That?

Fedora's default sendmail configuration will:

• Start the sendmail service at each boot

• Accept mail from local users for local mailboxes and place it in those mailboxes

• Accept mail from local users for remote systems, place it in a queue, and attempt to deliver it directly to the remote mail hosts

This configuration may or may not work for you, depending on how you are connected to the Internet.

7.6.1.1. Preparing to configure sendmail and activating changes

To configure sendmail easily, install the sendmail-cf package:

# yum install sendmail-cf                

Changes to the sendmail configuration are made to the file /etc/mail/sendmail.mc. However, this isn't the sendmail configuration file! Instead, it's a file that is used to generate the sendmail configuration file, /etc/mail/sendmail.cf.

To generate a new sendmail.cf file:

# cd /etc/mail # make                

This must be done after each change is made to sendmail.mc. Reload the sendmail server to make your changes take effect:

# service sendmail reload                

(You can also use the Restart button in the Services tool.)

7.6.1.2. Configuring sendmail to use a mail relay

Some Internet Service Providers (ISPs) block email traffic to all mail servers except their own. This is intended to block viruses that set themselves up as a mail server, but it also interferes with Fedora's default sendmail configuration, which expects to be able to send email directly to the destination system.

To configure sendmail to send your outbound email through your ISP's mail server, find the line in /etc/mail/sendmail.mc that contains the word SMART_HOST:

dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(\QSMART_HOST',\Q                      smtp.your.provider')

In this file, dnl means discard to newline, which effectively turns this line into a comment. Uncomment the SMART_HOST line by removing the dnl and then replace smtp.your.provider with the name of your ISP's mail server:

define(\QSMART_HOST',\Q                      mailserver.yourisp.com')

7.6.1.3. Configuring sendmail to accept inbound email

Fedora's standard sendmail configuration does not accept email from remote systems, a feature that must be enabled if the system is going to act as an Internet email host.

To enable remote inbound connections, locate the line in sendmail.mc that contains the loopback address 127.0.0.1:

dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(\QPort=smtp,Addr=127.0.0.1, Name=MTA')dnl

Add dnl to the start of this line to comment it out:

                   dnl DAEMON_OPTIONS(\QPort=smtp,Addr=127.0.0.1, Name=MTA')dnl

sendmail will then accept connections on all network interfaces and deliver mail that is addressed to a user on the local host. For example, if the hostname is bluesky.fedorabook.com, then email addressed to chris@bluesky.fedorabook.com will be delivered to the mailbox of the local user chris, which is /var/spool/mail/chris.

To configure sendmail to accept mail for other destinations, add those destinations to the file /etc/mail/local-host-names:

# local-host-names - include all aliases for your machine here.                       fedorabook.commailserver.fedorabook.comglobal.proximity.on.ca

Remember to enable inbound connections on port 25 (SMTP) in your firewall configuration.

7.6.1.4. Using aliases

There are many standard email addresses that people expect to be able to use: webmaster to reach the person responsible for the web server and content, abuse to report spam problems, info as a general information contact, and so forth. Mail sent to these standard addresses can be redirected to the mailbox of chosen users through the sendmail alias facility.

Aliases are configured in the file /etc/aliases, which looks like this:

# #  Aliases in this file will NOT be expanded in the header from #  Mail, but WILL be visible over networks or from /bin/mail. # #       >>>>>>>>>>      The program "newaliases" must be run after #       >> NOTE >>      this file is updated for any changes to #       >>>>>>>>>>      show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon:  postmaster postmaster:     root # General redirections for pseudo accounts. bin:            root daemon:         root adm:            root ...(Lines snipped)... info:           postmaster marketing:      postmaster sales:          postmaster support:        postmaster # trap decode to catch security attacks decode:         root # Person who should get root's mail #root:          marc

You'll notice that all of the standard aliases are redirected to rootbut on most systems, no one checks the root mailbox, so you should start by defining who is to receive mail addressed to root. Uncomment the last line of this file and replace marc with a valid user ID:

root:          chris                

Run the newaliases command after each edit to the /etc/aliases file to ensure that the changes are put into effect immediately: # newaliases/etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total

Next, change any aliases that you do not wish to redirect to root, sending the mail to the user of your choice:

info:           sam marketing:      frida sales:          angela support:        henry                

Destination mailboxes do not have to be local:

abuse:          hotline@global.proximity.on.ca                

And it's possible to specify multiple destinations for an alias, separated by commas:

webmaster:      frank, jason@fedorabook.com                

This opens up the possibility of using aliases to create simple mailing lists. For example, all of your sales people could be reached through one address:

sales-team:     angela, sue, mike, olgovie, george sysadmins:      nancy43252345234@hotmail.com,                                   scott84353534534@gmail.com,                                   george                

Note that alias destinations can be on multiple lines.

You can create as many aliases as you want, whenever you want. Aliases are handy for creating disposable email addresses. I create batches of made-up addresses from time to time and use them when I register for a conference or web site, or when I enter a contest:

daa:            chris dab:            chris dac:            chris dad:            chris dae:            chris daf:            chris

When I use one of these addresses, I record who I gave it to, and if I see spam arriving with that address, then I know who has been abusing my personal information. I can discontinue receiving mail at that address simply by removing the offending alias from the aliases file.

This strategy is also effective when publishing email addresses on a web site: simply change the address on the web site periodically, using a different disposable email address each time. If a spammer harvests your email address from the web page, it will be useful to them only for a short time.

7.6.1.5. Configuring virtual users

Aliases (and regular user accounts) have one critical limitation: they apply to all of the domains for which sendmail is accepting mail. If you have a server that is accepting mail for fedorabook.com as well as global.proximity.on.ca, and you define an alias or create a user account named chris, then mail to chris@fedorabook.com and mail to chris@global.proximity.on.ca will end up in the same mailbox.

To overcome this limitation, use the /etc/mail/virtusertable file to define where mail to each address should be sent. Each line in this file consists of an address, a space, and the destination. Here is an example:

chris@fedorabook.com            chris chris@global.proximity.on.ca    chris7895378943683897@gmail.com

Note that the syntax for /etc/mail/virtusertable differs from the syntax for /etc/aliases: there are no colons, and only one destination address may appear in each entry.

virtusertable also permits the redirection of entire domains, by leaving out the username portion of the email address:

joe@fedorabook.com             joseph frank@fedorabook.com           frank265897e93456738@hotmail.com @fedorabook.com                chris

The last entry will redirect all mail to the fedorabook.com domain to the local user chris, except for mail addressed to joe@fedorabook.com or frank@fedorabook.com (because they are listed first, and the file is processed in the sequence given).

Like /etc/mail/sendmail.mc, the virtusertable file must be processed before it is used:

# cd /etc/mail # make                 

7.6.1.6. Configuring Masquerading

sendmail includes masquerading capability, which enables outbound mail to be modified so that it looks like it came from another system. This is commonly used to remove hostname information from the email address. To configure bluesky.fedorabook.com so that outbound mail appears to be from user @fedorabook.com instead of user @bluesky.fedorabook.com, locate the MASQUERADE_AS line in /etc/mail/sendmail.mc:

dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(\Qmydomain.com')dnl

Uncomment the MASQUERADE_AS line and replace mydomain.com with the domain name you wish to use:

MASQUERADE_AS(\Qfedorabook.com')dnl

Masquerading is not applied to email from the root and mailer-daemon users because those addresses are used for error messages. If several machines in a domain were masquerading with the same name, it would not be possible to determine where the error messages were originating.

7.6.2. How Does It Work?

Fedora's email system, like most others, is divided into three parts:

mail transport agent (MTA)

Transports mail between systems. sendmail is the default MTA.

mail delivery agent (MDA)

Delivers mail to local users, optionally performing filtering or sending vacation replies ("Jane is away from the office until Monday; she will read and reply to your mail when she returns"). Fedora uses procmail in this role.

mail user agent (MUA)

The email client that interacts with the user. A Fedora user can choose from many different MDAs, including Evolution, Thunderbird, SquirrelMail, and the text-based mail command.

Originally written when a wide range of email transportation schemes were in use, sendmail is designed to route mail through and between these different systems, each with their own address format and message queuing system. Because of this heritage, sendmail has a sophisticated and complex configuration system, but many of the configuration options are not used for Internet email servers.

sendmail is now used almost exclusively with the Simple Mail Transport Protocol (SMTP), which is a human-readable transfer protocol that uses TCP/IP connections on port 25. You can use telnet to connect to an SMTP server and manually send mail if you want:

$ telnet concord2.proximity.on.ca smtp Trying 127.0.0.1... Connected to concord2.proximity.on.ca (127.0.0.1). Escape character is '^]'. 220 concord2.proximity.on.ca ESMTP Sendmail 8.13.5/8.13.5; Thu, 2 Mar 2006 13:07:11 -0500 EHLO fedorabook.com 250- concord2.proximity.on.ca Hello concord8.proximity.on.ca [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP MAIL From: chris@fedorabook.com 250 2.1.0 chris@fedorabook.com... Sender ok RCPT To: chris@concord2.proximity.on.ca 250 2.1.5 chris@concord2.proximity.on.ca... Recipient ok DATA 354 Enter mail, end with "." on a line by itself                    Subject: Greetings!Date: Thu, Mar 2006 12:08:11 -0500 Hi there -- just dropping you a quick note viatelnet. Hope your day is going well. -Chris. 250 2.0.0 k22I7BTo016133 Message accepted for delivery QUIT 221 2.0.0 concord2.proximity.on.ca closing connection

Notice the blank line separating the email headers from the message bodyjust like HTTP transfers. The HTTP format is derived from the email format.

You can also send mail by sending it to the standard input of a sendmail process:

$ /usr/bin/sendmail chris@concord2.proximity.on.caSubject: Test II Did you remember to renew the domain registration?If not, please take care of this before next Tuesday.[Ctrl-D]

Outbound mail is queued in /var/spool/mqueue/. Inbound mail is delivered via procmail to users' mailboxes in /var/spool/mail/. The mailboxes are simply text files containing all of the messages concatenated end to end; this format is sometimes called mbox format.

The /etc/mail/sendmail.mc file used for configuration is an m4 macro file. It is interpreted by the m4 command using files in /usr/share/sendmail-cf/m4/ to build /etc/mail/sendmail.cf. While it is possible to construct the sendmail.cf file by hand, it's typically eight times as long as the sendmail.mc file and uses a very cryptic structure. Here's a snippet:

R< > $+                 $: < > < $1 <> $&h >            nope, restore +detail R< > < $+ <> + $* >     $: < > < $1 + $2 >              check whether +detail R< > < $+ <> $* >       $: < > < $1 >                   else discard R< > < $+ + $* > $*        < > < $1 > + $2 $3           find the user part R< > < $+ > + $*        $#local $@ $2 $: @ $1           strip the extra + R< > < $+ >             $@ $1                           no +detail R$+                     $: $1 <> $&h                    add +detail back in

Most system administrators would much rather deal with sendmail.mc than sendmail.cf.

7.6.3. What About...

7.6.3.1. ...using an alternate MTA?

Postfix is an alternate MTA shipped as part of Fedora. For most users, sendmail will work well, but if you are familiar with Postfix configuration you may want to use it instead.

You can easily switch between sendmail and Postfix using the alternatives command:

# alternatives --config mta There are 2 programs which provide 'mta'.   Selection    Command ----------------------------------------------- *+ 1           /usr/sbin/sendmail.sendmail    2           /usr/sbin/sendmail.postfix Enter to keep the current selection[+], or type selection number:                       2

You can also switch graphically, using the system-switch-mail command available through the menu option SystemAdministrationMail Transport Agent Switcher (this requires the somewhat obscure package system-switch-mail). The window shown in Figure 7-20 will be displayed; select the MTA you wish to use and click OK.

Figure 7-20. The Mail Transport Agent Switcher tool.

7.6.3.2. ...fetching mail from a remote mailbox?

If you're using Fedora at a location that does not have a permanent Internet connection with a static IP address, incoming email cannot be delivered directly to sendmail. Instead, you'll have to arrange for the email to be delivered to mailboxes on another system and then pick up the mail from that system.

Many MUAs such as Evolution will directly access remote mailboxes, but sometimes you want to have that mail flow through the local mail system so that alias handling and procmail processing take place.

Fetchmail can retrieve mail from a remote mailbox and feed it to sendmail on the local system. To configure Fetchmail, create the file ~/.fetchmailrc using a text editor. Here is a simple configuration:

# Check for email at five-minute (300-second) intervals set daemon 300         # Poll the system fedorabook.com using the POP3 protocol poll fedorabook.com with protocol POP3:         # Describe how the usernames on this machine relate          # to the usernames on fedorabook.com         user chris here is chris.tyler there, password "FedoraRules!"         user diane here is diane.tyler there, password "BiggestSecret";

This will fetch the mail for two users from one server using the Post Office Protocol, Version 3 (POP3). Fetchmail can retrieve mail using many different protocols and has an uncommonly readable configuration syntax; consult its extensive manpage for the gritty details.

Once you have set up the ~/.fetchmailrc file, execute the fetchmail command:

$ fetchmail                

It will run in the background until you stop it by running fetchmail with the -q option:

$ fetchmail -q fetchmail: background fetchmail at 8025 killed.

To make fetchmail run automatically whenever you log in, place it in your ~/.bash_profile.

7.6.4. Where Can I Learn More?

• The manpages for sendmail, procmail, procmailrc, fetchmail, procmailex, and postfix (check the See Also section for a long list of other manpages related to postfix)

• The files in the /usr/share/doc/sendmail*, /usr/share/doc/fetchmail*, /usr/share/doc/procmail*, and /usr/share/doc/postfix* directories

• The sendmail web site: http://www.sendmail.org

• The fetchmail web site: http://www.catb.org/~esr/fetchmail

• The procmail web site: http://www.procmail.org

• The postfix web site: http://www.postfix.org

• RFC 2142 defines a standard list of aliases that should exist on any Internet server: http://www.ietf.org/rfc/rfc2142.txt