Config tips for the world's most ubiquitous MTA
|Sendmail is a popular Mail Transfer Agent (MTA)
that is installed by default on most Linux/UNIX systems. It only
delivers mail to other services running locally or to other remote systems
that are listening to the standard SMTP port.
Not itself and end user solution, some other service
that sendmail delivers messages to must be used to store and access email
(e.g. POP or IMAP server). Typically end user then use a popular
email client (e.g. Thunderbird, Seamonkey, Microsoft Outlook, ...) to
access there mail fromt the server it is stored on.
- IMAP/POP servers
# yum install sendmail
# yum install mailx
# yum install cyrus-sasl-plain
# rpm -qa | grep -i cyrus
# rcsdiff sendmail.mc
> define(`SMART_HOST', `smtp.sendgrid.net')dnl
> dnl # needed for sendgrid
> define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
> define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
# systemctl status sendmail
# tail -f /var/log/messages
# tail -f /var/log/maillog
|The config files shown at right are from the first
mail server in a two mail server scenario. The first server has port 25
exposed to the Internet and directly hosts mail for: badleafeng.com.
The second server is internal only, but has the first server relay mail to
it for domains: zaptech.com, zaptech.org, missioncitydesign.com,
Somehow this helps elucidate many of the common config tasks
that sendmail setup entails even though it may be an atypical setup.
- Sendmail will process email with local virtualusertable and
if domain is listed in local-host-names. It _may_ be sufficient
to omit locally processed domains from access file?
- Sendmail processing skips local virtualusertable and
aliases lookups if domain is NOT in local-host-names file.
Typically there will be some sort of redirect in mailertable to
another server for such domains. access file must have domain RELAY
declared for non-locally processed domains.
# cat local-host-names
# local-host-names - include all aliases for your machine here.
# Rick - ONLY put domains here that resolve to mail accounts on THIS
# machine. If domains are relayed THROUGH this machine, only
# place directives for those domains in the access and mailertable
# files. Otherwise mail for accounts WILL NOT be relayed to
# other machines!!!!! Classic symptom is a 550 error for accounts
# that only exist on other machines, with LOCAL accounts intercepting
# any email that was supposed to be relayed that happens to match.
# cat mailertable
# Without entries below, typically the external MX servers for messages
# waiting to be sent with these address/domains would be looked up. With the
# the entries below, external MX lookups are skipped and delivery is attempted
# to the port/host specified. Typically port/host would be a host on the
# local network that knows how to handle mail for these address/domains.
# cat virtualusertable
# cat access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# by default we allow relaying from localhost...
Sendmail has a notion of what domains it will process mail for
directly, and which domains it simple forwards mail for. The latter
occurs when a domain is listed in mailertable
$ cat /etc/mail/mailertable
The act of connecting to an MTA solely for the purpose of sending
a new email is refered to as 'relaying'. Relaying is what the
access config file
controls. Due to spam and other exploits it is important to limit
the hosts that can relay to an MTA. This is not
to be confused with hosts that are simply transfering mail, for which
connections should almost allways be allowed (1).
Allowing other hosts to relay mail ...
- RedHat 5.X/sendmail before 8.9 ...
- > cat /etc/mail/ip_allow
> cat /etc/mail/relay_allow
- RedHat 6.X/sendmail 8.9 and later ...
- > cat /etc/mail/access
# only allow relaying from the following ...
It is unlikely that a system will allow mail from the Internet
to be accepted without configuring sendmail.cw
- > cat /etc/sendmail.cw
# all aliases for your system
- sendmail Connection refused (redhat 7.X)
Default sendmail install does not accept network connections
from any host other than the local computer
- Edit /etc/mail/sendmail.mc and change DAEMON_OPTIONS to listen on
network devices or comment out
- Regenerate cf file with m4
# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Don't forget to restart sendmail ...
- > /etc/rc.d/init.d/sendmail status
> /etc/rc.d/init.d/sendmail stop
> /etc/rc.d/init.d/sendmail start
sendmail stores mail for each user in different files.
Its a good idea to periodically back these up in case the
inevatable happens. These files can usually be found here ...
Often standard Linux installations do not install POP/IMAP,
even though they usually install sendmail. Just find the
appropiate IMAP RPM file (or equivelent tar or other installable
file) and install it. Most distributions ship with this even if they
don't automatically install it. If POP/IMAP is installed but clients
can't connect, check that /etc/inetd.conf has the following
- # Pop and imap mail services et al
pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
imap stream tcp nowait root /usr/sbin/tcpd imapd
Using an IMAP mail client like Netscape may work best
if mail IMAP preferences are set thusly:
- server support for folders and messages within folders disabled
- Delete message move to trash folder disabled
Email aliases ...
- Edit /etc/aliases. Afterwards, make sure you run
Sendmail and Inetd
- Some Linux distribution may not install inetd server
components by default under certain cirbumstances.
Classic symptom: properly configured sendmail
stubbornly refuses to accept remote SMTP connections.
Need to install inetd.
- Virtual User Tables
- This is a great way to have email directed at different domains
handled by a single sendmail server. See
HOWTO section for an example.
- Secondary mail relay / Allowing other hosts to use you as a mail transfer agent (MTA)
- named allows multiple mail servers for a given domain.
Multiple MX tags in a zone file for a domain will
resolve with the first MX as the primary, second MX as seconadary, ...
For sendmail servers (starting at RH 6.X) that are acting as non-primary,
make sure you have /etc/mail/access include the domain to act
as secondary for.
Normally sendmail refuses to receive mail (i.e. be used as an MTA)
from systems not sited in the same /etc/mail/access used for
allowing secondary relaying. This helps prevent spammers from using
your sendmail box as an origin. Of course if you have setup a LAN, you
will need to add its hosts/network addresses so they can send mail.
IMAP/POP server (Centos 4, installation)
- This server enables standard mbox accounts with IMAP/POP access.
# wget http://dl.atrpms.net/all/dovecot-1.0.5-15_61.el4.i386.rpm
# yum install postgresql-libs
# rpm -ivh dovecot-1.0.5-15_61.el4.i386.rpm
# service dovecot