FAQ HCL DRIVERS LAPTOPS TUTORIALS
Home / Documents / Tutorials / Sendmail
NEWS  
EVENTS  
SOFTWARE  
HARDWARE  
SECURITY  
DOCUMENTS  
BOOKMARKS  
COMMUNITY  
FORUM  
JOB  
SURVEYS  
FEEDBACK  
 DOCUMENTS 
 TUTORIALS 

Configuring Sendmail

Keith Parkansky
http://www.execpc.com/~keithp

Last revised: May 1, 2002

Introduction

Sendmail has the reputation of having the most hideous configuration file in the history of mankind. It's extremely long and incredibly cryptic. However, it is this very complexity that has made it the most popular MTA (Mail Transport Agent) on the Internet. Its' flexibility allows sendmail to handle the most demanding, disjointed mail routing and serving configurations you can dream up.

The sendmail that's distributed freely is coordinated by the folks at the www.sendmail.org Web site. Downloads, extensive FAQs, and documentation, including Solaris-specific information, are available. It has a big-brother commercial version that's developed and supported by Sendmail, Inc. (www.sendmail.org). While Sendmail, Inc. is a commercial venture, it should be noted that they commit several of their employees to aid in the development of the freely-distributed little brother.

A mail server runs two e-mail related server applications. An MTA daemon and a POP daemon. It also has a sub-directory for each mail user which serves as the mailboxes for storing received messages.

An MTA (Mail Transport Agent) is a server-based service that routes mail messages between itself and other MTA servers. It also routes mail that comes in from mail clients (users) that are sending messages. It does this using SMTP (Simple Mail Transport Protocol).

POP (Post Office Protocol) is a server-based service that allows a user to retrieve their e-mail from their mailbox sub-directory on the server using a mail reader client. POP is used by "remote" clients (i.e. other systems) to communicate over the wire with the mail server.

Note that sendmail has NOTHING to do with the POP process. An MTA conerns itself with sending outgoing messages on their way and taking received messages and putting them into the mailbox sub-directories on the server. Once they're there the MTA's job is done. It's up to you to use POP to get at them.

Terminology

MTA - Mail Transport Agent
The server-based application that routes mail from MUA's to other MTAs and accepts mail from other MTAs. Sendmail is the most popular MTA. Exim and Microsoft Exchange are others.

MUA - Mail User Agent
This is the nerd term for the e-mail reader client software. Common MUAs are pine and elm (Unix/Linux), Netscape Communicator, Eudora, and Microsoft Outlook (Windows).

SMTP - Simple Mail Transport Protocol
"Protocol" is just a fancy term for "a set of rules that you have to follow". With SMTP (and many other communications protocols) the "rules" are the commands and their syntax. The SMTP protocol is a set of commands used to communicate with/between MTAs. SMTP listens on port 25.

POP - Post Office Protocol
A message retrieval protocol (commands) used to communicate with a POP service running on a mail server. The most commonly-used versions are POP2 and POP3. popd is one of the most common POP daemons run on mail servers. An MUA uses POP commands to communicate with the POP service (daemon) to retreive any messages stored in your mailbox directory. IMAP (Internet Message Access Protocol) is another common message retrieval protocol. POP listens on port 110.

The sendmail that is installed during the Solaris OS installation is pretty much ready to go. There are just a couple small changes that need to be made which we'll do below using a text editor. However, if you ever want to get into some serious sendmail configurations you'll want to use sendmail's M4 macro processor for generating configuration files. We won't get into M4 here. Just be aware that using a text editor make significant changes to an existing configuration file is normally not done. As a matter of fact, the folks at www.sendmail.org told me they don't support modifying the sendmail configuration files with a text editor at all. You can refer to the /usr/lib/mail/README file for more information.

Sendmail starts automatically when you boot your system. It's set up to allow for e-mailing between various machines on a local network. You can even send mail between different user accounts on the same machine just by entering a user's login ID in the "To:" field. You can verify that sendmail is running by looking for it in the list of currently-running processes using the command:

ps -A | more

The only thing you need to do to turn your system into a serious Internet e-mail server (other than hardening the OS for tight security) is set up an MX (Mail Exchange) DNS record to point to the public IP address assigned to your system's network interface. (Your ISP will usually host your DNS records on their DNS server for a small fee.) You don't have to bother with that if you just want to play around with Internet e-mail serving, but we'll get to that in a bit.

Configuration

To set up sendmail to work with your domain (even a made-up domain), make the following changes to the sendmail configuration files:

  1. Use the text editor to Open the file: 
      /etc/mail/sendmail.cf
  2. Look in the "local info" section of the file for the following two lines: 
      # who I masquerade as (null for no masquerading)
  DM
  3. Enter your domain name immediately after the M on the second line. For example, if your domain name in bigsunfan.com, the line should be: 
      DMbigsunfan.com

    Note that there are NO SPACES in this line.

    Setting this masquerade value removes the hostname from the return address of e-mails sent FROM non-root users who use the system as their mail server. If you didn't do this, and your system name was solarisi and your login ID was iluvsun, e-mails sent by you would be have a "From:" address of 

      iluvsun@solarisi.bigsunfan.com

    Making the above change results in the more common format for "From:" addresses: 

      iluvsun@bigsunfan.com

    Note:  I tested sendmail on both Solaris 8 x86 and Debian 2.2r6 and the same behavior was exhibited. While the above removes the hostname from the "From:" address in messages sent by non-root users, mail sent by root does include the hostname in the "From" address.

  4. Save the file.
  5. Click on File on the text editor's menu line and select New.
  6. Enter your domain name (ex: bigsunfan.com) and press Enter to create a new (blank) line beneath it and do the following:
    • Click on File and select Save As
    • If necessary navigate to the /etc/mail directory
    • Enter the file name sendmail.cw in the "file name" field
    • Click on OK
  7. Next you'll also want to Open the /etc/hosts file to (if necessary) enter a FQDN (Fully Qualified Domain Name) for your system and also add the word "mailhost" to the line so it looks like this: 
      192.168.10.20     solarisi solarisi.bigsunfan.com     loghost mailhost
  8. Save the file and exit the editor.

Sendmail only reads the configuration files when it starts up so you'll need to restart it using the following two commands:

/etc/init.d/sendmail stop
/etc/init.d/sendmail start

Testing

So now lets take it for a spin. We're assuming here that you've got our system connected to a network that has access to the Internet. The IP address in your /etc/defaultrouter file should be that of the gateway that leads to the Internet.

Even if this isn't a "real" Internet mail server you can try this. You need to have a bogus domain name entered in your network configuration files though. Make sure it's a domain name that hasn't been registered. If this is going to be a production Internet mail server be sure to harden the OS, services, etc. to prevent crackers from having a party on your system. You'll also want to check the "anti-relaying" articles on www.sendmail.org to help ensure that spammers don't use your server as a relay.

Simply log in to the system as a non-root user, open the Mail program, and send an e-mail to someone. If you're using a bogus domain name you'll have to pick a recipient that doesn't receive their mail via an ISP. That's because most ISP's will DNS the domains of incoming mail as an anti-spam measure. If the domain name in the "From:" field of an incoming message doesn't DNS, the mail will get dropped. Most school districts, universities, local governments and some mid-size companies have their own e-mail servers but don't bother to DNS incoming mail so try recipients at these types of organizations.

In the body of the message ask the recipient to forward the message onto your legitimate e-mail address so you can get a look at it. If you're using a bogus domain name you may also want to put a note in there to not reply to the message. If they did reply, it would just get bounced back to them because your bogus domain can't be found by whatever DNS server they are using. If the recipient does receive the message and they forward it back to you, look at the "From:" line of your original message. It should look like this: 

  iluvsun@bigsunfan.com

with your legitimate or bogus domain name in place of the bigsunfan.com domain.

If you run into a problem where your network clients are having problems using their MUAs to send e-mail, you can pretend to be an e-mail client by using telnet to issue SMTP commands to the e-mail server. You can use any computer on the same local network to run telnet and connect to port 25 (that's the port SMTP listens on) on the server to issue the commands. The telnet program that comes with Windows 9x/NT won't let you specify a port for a telnet connection so you'll need to use another Linux/Unix system or Windows 2000 (or download a better telnet program for 9x/NT). Using 192.168.1.10 as an example address for the server, start the telnet program and enter:

open 192.168.1.10 25

If you don't have access to another Linux/Unix or Windows 2000 system to try this, you can get on the server system itself and enter:

telnet localhost 25

However, running telnet on the local server system won't tell you if you have a network connection problem with the e-mail server.

Note:  If sendmail takes a long time to respond to commands, check to make sure your server can "see" the Internet, either via a mdoem or default gateway. For some reason, sendmail is very slow to respond to commands when there is no pathway to the Internet, even if the commands don't involve entering domain names (which could result in DNS queries).

In the following example, the lines in bold are the commands you enter to pretend you're a mail client sending an e-mail message through the server. The lines in italics are the responses you should see from your server. After you connect via telnet the server will respond and wait for your commands. Note that with some telnet programs you may not see your commands echoed when you type them. 

  (telnet connection established)

  220 solarisi.bigsunfan.com ESMTP Sendmail 8.10.2+Sun/8.10.2;
  Fri, 26 Apr 2002 20:34:10 -0500 (CDT)

  helo bigsunfan.com

  250 solarisi.bigsunfan.com Hello debian2 [192.168.10.40],
  pleased to meet you

  mail from: iluvsun@bigsunfan.com

  250 2.1.0 iluvsun@bigsunfan.com... Sender OK

  rctp to: root@bigsunfan.com

  250 2.1.5 root@bigsunfan.com... Recipient OK

  data

  354 Enter mail, end with "." on a line by itself

  This is a test mail message sent to root
  .

  250 2.0.0 g35R498Q270058 Message accepted for delivery

  quit

  220 2.0.0 solarisi@bigsunfan.com closing connection

In the above example we were sending mail from a non-root user to the root user in the same domain (but on different systems). If you tried to use a rcpt to: address that was not in the same domain you'd likely get a relaying denied error.

Sendmail is constantly being updated to make it more secure and harder for spammers to use. Upgrading is no walk in the park, but if you're the adventurous type yo can get the latest release from the www.sendmail.org Web site. Be sure you fully understand the process before you attempt an upgrade. Making a full backup before you start wouldn't hurt either. You can tell which version of sendmail you're currently running by looking at the initial connection response when you telnet in, or by using the following command at a shell prompt:

echo \$Z | /usr/lib/sendmail -bt -d0

Note that sendmail can do virtual hosting of multiple domains just as the Apache Web server software does. However, the setup is somewhat more sophisticated and is beyond the scope of this document.

Note that SMTP has many more commands than just those shown above and some of them (VRFY, EXPN, etc.) can be used by spammers and hackers. Setting up a secure Internet mail server involves not only hardenng the OS, but appropriately configuring the protocols and the Sendmail application itself also.

Copyright © 2002 by Keith Parkansky. All rights reserved.

Thanks to Keith Parkansky for his contribution and maintenance of the article.
Original text: http://www.execpc.com/~keithp/bdlogsol.htm

Logo
Top
News Events Software Hardware Security Documents Bookmarks Community Forum Job Surveys Feedback
Powered by History To Do Legal stuff Last modified: 2003-03-15