sendmail: Introduction and Configuration
With the growth of the Internet, e-mail has quickly become the main vehicle to spread information through the public at large. As the demand for fast, cheap and reliable e-mail grows, more individuals are turning to Linux to provide a fast, cheap and reliable solution.
sendmail was originally developed by Eric Allman, in 1979, as "delevermail", which first shipped with BSD 4.0. This program was not very flexible and required configuration at compile time. With the growth of TCP protocol and other factors, it became obvious that delevermail was not flexible enough to handle these new demands. Eric Allman had to recreate sendmail from scratch, and what he produced has become the standard for MTAs. Rather than reject messages that were did not conform to protocols, sendmail is designed to be tolerant of these messages. For those individuals who have never configured an e-mail server, this article will demonstrate how to configure sendmail 8.11.2 after a fresh install of Red Hat Linux 7.1.
By default, sendmail 8.11 is installed during the Red Hat Linux 7.1 installation. As Red Hat has progressed over the years, the installation process has become very easy. Though this article will not go into installation details, further documentation is provided on the Red Hat CD set.
For your new e-mail server to work, you must first get all the DNS issues straight. First, add the hostname and IP address for the new e-mail server to your DNS server and confirm the address with nslookup:
[root@testmail /root]# nslookup -sil testmail.blank.com Server: 192.168.100.1 Address: 192.168.100.1#53 Name: testmail.blank.com Address: 192.168.100.134
It is also important that your administrator put a reverse DNS entry to prevent delays in mail delivery. Most modern e-mail servers use reverse lookup as a means of authentication for mail transfer. Again, confirm this setting is correct using the nslookup command on your IP address.
[root@testmail /root]# nslookup -sil 192.168.100.134 Server: 192.168.100.1 Address: 192.168.100.1#53 134.100.168.192.in-addr.arpa name = TESTMAIL.blank.com.
As you can see, the DNS entries are setup and working correctly, so let's move on to actually configuring sendmail. By default, sendmail installations on Red Hat will only allow SMTP traffic on the localhost. The output of netstat -nl will show you all ports that have a dæmon listening; note the line that says 127.0.0.1:25. This means the server is only listening on the loop back interface for connections on port 25 (SMTP).
[root@testmail /root]# netstat -nl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 0.0.0.0:667 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 1119 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 1172 /tmp/.font-unix/fs7100
This will keep your mail dæmon from accepting e-mail from any computer except the localhost. To fix this issue, we must tell sendmail to listen for connections on the external interface. In the case of our new server, there is only one Ethernet card, with eth0 being the external interface. To confirm the IP on eth0, simply perform an ifconfig. Depending on your configuration, this IP can be different than the address defined by your DNS server, but in our example the addresses are the same.
[root@testmail /root]# ifconfig eth0 Link encap:Ethernet HWaddr 00:60:97:DE:E9:99 inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12421 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:10 Base address:0xe000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
This machine has an address of 192.168.100.134 on the eth0 interface. Once you have that address, edit the /etc/sendmail.cf file and configure the sendmail dæmon to listen on the address.
# SMTP daemon options O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
change to
O DaemonPortOptions=Port=smtp,Addr=192.168.100.134, Name=MTA
Once you have completed this task, save this file and restart the sendmail dæmon using the rc script /etc/init.d/sendmail.
[root@testmail /root]# /etc/init.d/sendmail restart Shutting down sendmail: [ OK ] Starting sendmail: [ OK ] [root@testmail /root]#
Now check to see if there has been a change with the netstat -nl command. As you can see the output clearly shows that a dæmon (sendmail) is listening on port 25 of the IP address 192.168.100.134 that is assigned to our interface eth0.
[root@testmail /root]# netstat -nl Active Internet connections (only servers) Proto Recv-Q send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 192.168.100.134:25 0.0.0.0:* LISTEN udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 0.0.0.0:667 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 1119 /dev/gpmctl unix 2 [ ACC ] STREAM LISTENING 1172 /tmp/.font-unix/fs7100 [root@testmail /root]#
Now that we have sendmail accepting external connections, we need to assign the domains that can be accepted. This can be accomplished with the /etc/mail/local-host-names file. Simply put the domain name, blank.com, in the file.
# local-host-names - include all aliases for your machine here. blank.com
Once this information is saved in this file, restart the sendmail dæmon with the rc script sendmail found in /etc/init.d/sendmail restart. sendmail can accept e-mail for multiple domains on the same server. Insert the domain name into this file each time you want to add a new domain.
You now have a fully working e-mail server from the localhost. It can accept e-mail from anywhere in the world, but can only send e-mail or relay e-mail from the localhost. Another default security feature is that sendmail will not allow the relay of any mail to prevent spam originating from your server. If your users log directly into the server, this configuration does not need modification. But if your organization is like most, clients are using e-mail from remote sites. If your users use clients like KMail or Outlook Express, you will need to allow those machines to relay e-mail using your new server, but you do not want to open your site up to complete relay. This can be done by adding the following line to the /etc/mail/access file and running the command make access.db after saving that file.
blank.com RELAY # Check the /usr/share/doc/sendmail-8.11.2/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail-8.11.2/README.cf is part of the sendmail-doc # package. # # by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY blank.com RELAY [root@testmail mail]# make access.db [root@testmail mail]#
The make access.db command will include your new setting in the hash database used by sendmail to determine who can relay e-mail off your server. This will allow connections from inside the blank.com domain to relay e-mail from your new mail server, and prevent use of the service to nonmembers. One can also put a subnet of IPs, such as 192.168, to limit inside a domain. Keep in mind that if this setting is to open, spammers can bounce huge amounts of e-mail off your system.
Now that you can accept e-mail from anywhere in the world, have configured your domain, and allowed relay e-mail for approved clients, you may want to allow remote access to that mail. This can be accomplished with IMAP or POP. With a default server install, not all required packages are installed to make POP/IMAP mail work. These services can be obtained by the installation of the imap-2000-9 rpm package. To check the install status of this package use the following command: rpm -aq | grep -i imap. If no package is found, insert Disk 2 of the Red Hat 7.1 installation disk set into your cd-rom and mount that media. To accomplish this use the mount /dev/cdrom /mnt/cdrom command.
[root@testmail mail]# mount /dev/cdrom /mnt/cdrom mount: block device /dev/cdrom is write-protected, mounting read-only (Successful Mount of Read-Only Media) Once mounted you can install the package with rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap-2000-9.i386.rpm. [root@testmail mail]# rpm -Uvh /mnt/cdrom/RedHat/RPMS/imap-2000-9.i386.rpm Preparing... ########################################### [100%] 1:imap ########################################### [100%] As you can see, when I run the rpm search, rpm -aq | grep -i imap the IMAP package is displayed with output. [root@testmail mail]# rpm -aq | grep -i imap imap-2000-9 [root@testmail mail]#
With the correct package install, you now need to enable POP3 connections to your new e-mail server. This can be accomplished in the /etc/xinetd.d directory by modifying the ipop3 file. Set the value for disable to no, and save the file. Remember to maintain the case as it appears in the file.
# default: off # description: The POP3 service allows remote users to access their mail \ # using an POP3 client such as Netscape Communicator, mutt, \ # or fetchmail. service pop3 { socket_type = stream wait = no user = root server = /usr/sbin/ipop3d log_on_success += USERID log_on_failure += USERID disable = no }
Now you need to restart the xinetd dæmon to make the new setting work. This is possible by using the rc script /etc/init.d/xinetd. Simply issue the restart command as seen below.
[root@testmail xinetd.d]# /etc/init.d/xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ] [root@testmail xinetd.d]#
Now send a test e-mail to your new server and connect to the server via your favorite pop client. You should now be able to access your e-mail via POP protocol.
One final consideration about your new server is performance. You may receive complaints about slow connection to your POP server if the client traffic is being initiated from behind a firewall. The reason for this delay is that your e-mail server initiates a IDENT session with the client to confirm the identity of the client. If there is no response to that query, the server will invoke a timeout value set by default to 5 seconds. This value can be reduced to 1 second to remove most of the delay caused by IDENT. To change this value edit the /etc/sendmail.cf file, and reduce the timeout value to the desired value.
# timeouts (many of these) #O Timeout.ident=5s change to O Timeout.ident=1s
Your e-mail server is now working and providing service to your users. There are many more configurations for sendmail that are beyond the scope of this article. Linux will provide a very stable, robust platform for your e-mail needs. To find more information about sendmail visit www.sendmail.org.
Eric Jorn Seneca is a UNIX system engineer in Baton Rouge, Louisiana.
email: eseneca@cs.selu.edu