HOWTOlabs  
 Services     Software     Commentary     Design     Astral Musings   
Sendmail
Config tips for the world's most ubiquitous MTA
Sendmail is a popular Mail Transfer Agent (MTA) that is installed by default on most Linux/UNIX systems. It only delivers mail to other services running locally or to other remote systems that are listening to the standard SMTP port. Not itself and end user solution, some other service that sendmail delivers messages to must be used to store and access email (e.g. POP or IMAP server). Typically end user then use a popular email client (e.g. Thunderbird, Seamonkey, Microsoft Outlook, ...) to access there mail fromt the server it is stored on.  
IMAP/POP servers
  
Related
Elsewhere

SendGrid
rickatech 2016-09

Elsewhere [edit] 

# yum install sendmail

# yum install mailx 

# yum install cyrus-sasl-plain

# rpm -qa | grep -i cyrus

  cyrus-sasl-2.1.26-20.el7_2.x86_64
  cyrus-sasl-plain-2.1.26-20.el7_2.x86_64
  cyrus-sasl-lib-2.1.26-20.el7_2.x86_64

# rcsdiff sendmail.mc 

  26a27
  > define(`SMART_HOST', `smtp.sendgrid.net')dnl
  113a115,117
  > dnl # needed for sendgrid
  > define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
  > define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

# systemctl status sendmail

# tail -f /var/log/messages  

# mailq

# tail -f /var/log/maillog
The config files shown at right are from the first mail server in a two mail server scenario. The first server has port 25 exposed to the Internet and directly hosts mail for: badleafeng.com. The second server is internal only, but has the first server relay mail to it for domains: zaptech.com, zaptech.org, missioncitydesign.com, shaulsails.com, oldquad.org

Somehow this helps elucidate many of the common config tasks that sendmail setup entails even though it may be an atypical setup.

Tips ...
  • Sendmail will process email with local virtualusertable and aliases lookups if domain is listed in local-host-names. It _may_ be sufficient to omit locally processed domains from access file?
     
  • Sendmail processing skips local virtualusertable and aliases lookups if domain is NOT in local-host-names file. Typically there will be some sort of redirect in mailertable to another server for such domains. access file must have domain RELAY declared for non-locally processed domains. 
# cat local-host-names

  # local-host-names - include all aliases for your machine here.
  # Rick - ONLY put domains here that resolve to mail accounts on THIS
  #        machine.  If domains are relayed THROUGH this machine, only
  #        place directives for those domains in the access and mailertable
  #        files.  Otherwise mail for accounts WILL NOT be relayed to
  #        other machines!!!!!  Classic symptom is a 550 error for accounts
  #        that only exist on other machines, with LOCAL accounts intercepting
  #        any email that was supposed to be relayed that happens to match.
  badleafeng.com
  pop.badleafeng.com

# cat mailertable

  # Without entries below, typically the external MX servers for messages
  # waiting to be sent with these address/domains would be looked up.  With the
  # the entries below, external MX lookups are skipped and delivery is attempted
  # to the port/host specified.  Typically port/host would be a host on the
  # local network that knows how to handle mail for these address/domains.
  zaptech.com                     esmtp:[f5ip32.local.zaptech.org]
  zaptech.org                     esmtp:[f5ip32.local.zaptech.org]
  missioncitydesign.com           esmtp:[f5ip32.local.zaptech.org]
  shaulsails.com                  esmtp:[f5ip32.local.zaptech.org]
  oldquad.org                     esmtp:[f5ip32.local.zaptech.org]


# cat virtualusertable

  support@badleafeng.com                  oakleaf
  marketing@badleafeng.com                oakleaf
  sales@badleafeng.com                    oakleaf
  webmaster@badleafeng.com                oakleaf
  oakleaf@badleafeng.com                  oakleaf
  curtis@badleafeng.com                   elia

# cat access

  # Check the /usr/share/doc/sendmail/README.cf file for a description
  # of the format of this file. (search for access_db in that file)
  # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
  # package.
  #
  # by default we allow relaying from localhost...
  localhost.localdomain           RELAY
  localhost                       RELAY
  127.0.0.1                       RELAY
  zaptech.com                     RELAY
  zaptech.org                     RELAY
  shaulsails.com                  RELAY
  missioncitydesign.com           RELAY
  oldquad.org                     RELAY
  badleafeng.com                  OK
Mailertable

Sendmail has a notion of what domains it will process mail for directly, and which domains it simple forwards mail for. The latter occurs when a domain is listed in mailertable 
$ cat /etc/mail/mailertable
  jabber.zaptech.com              esmtp:[jabber.zaptech.com]
Access

The act of connecting to an MTA solely for the purpose of sending a new email is refered to as 'relaying'. Relaying is what the access config file controls. Due to spam and other exploits it is important to limit the hosts that can relay to an MTA. This is not to be confused with hosts that are simply transfering mail, for which connections should almost allways be allowed (1).

Allowing other hosts to relay mail ...
  • RedHat 5.X/sendmail before 8.9 ...
    > cat /etc/mail/ip_allow
    207.5.50.251
    207.5.50.252
    207.5.50.253
    207.5.50.254

    > cat /etc/mail/relay_allow
    devmac.zaptech.com

  • RedHat 6.X/sendmail 8.9 and later ...
    > cat /etc/mail/access
    # only allow relaying from the following ...
    localhost.localdomain RELAY
    localhost             RELAY
    127.0.0.1             RELAY
    192.168.254           RELAY
    216.200.191.113       RELAY
    216.200.191.114       RELAY

It is unlikely that a system will allow mail from the Internet to be accepted without configuring sendmail.cw
> cat /etc/sendmail.cw
# all aliases for your system
mail.zaptech.com
zaptech.com

sendmail Connection refused (redhat 7.X)
Default sendmail install does not accept network connections from any host other than the local computer
  • Edit /etc/mail/sendmail.mc and change DAEMON_OPTIONS to listen on network devices or comment out
  • Regenerate cf file with m4
        # m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Don't forget to restart sendmail ...
> /etc/rc.d/init.d/sendmail status

> /etc/rc.d/init.d/sendmail stop

> /etc/rc.d/init.d/sendmail start

sendmail stores mail for each user in different files. Its a good idea to periodically back these up in case the inevatable happens. These files can usually be found here ...
/var/spool/...

Often standard Linux installations do not install POP/IMAP, even though they usually install sendmail. Just find the appropiate IMAP RPM file (or equivelent tar or other installable file) and install it. Most distributions ship with this even if they don't automatically install it. If POP/IMAP is installed but clients can't connect, check that /etc/inetd.conf has the following uncommented ...
# Pop and imap mail services et al
pop-2 stream tcp nowait root /usr/sbin/tcpd ipop2d
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
imap  stream tcp nowait root /usr/sbin/tcpd imapd
Using an IMAP mail client like Netscape may work best if mail IMAP preferences are set thusly:
Email aliases ...
Edit /etc/aliases. Afterwards, make sure you run newaliases
Sendmail and Inetd
Some Linux distribution may not install inetd server components by default under certain cirbumstances. Classic symptom: properly configured sendmail stubbornly refuses to accept remote SMTP connections. Need to install inetd.
Virtual User Tables
This is a great way to have email directed at different domains handled by a single sendmail server. See HOWTO section for an example.
Secondary mail relay / Allowing other hosts to use you as a mail transfer agent (MTA)
named allows multiple mail servers for a given domain. Multiple MX tags in a zone file for a domain will resolve with the first MX as the primary, second MX as seconadary, ... For sendmail servers (starting at RH 6.X) that are acting as non-primary, make sure you have /etc/mail/access include the domain to act as secondary for.

Normally sendmail refuses to receive mail (i.e. be used as an MTA) from systems not sited in the same /etc/mail/access used for allowing secondary relaying. This helps prevent spammers from using your sendmail box as an origin. Of course if you have setup a LAN, you will need to add its hosts/network addresses so they can send mail.

Dovecot IMAP/POP server (Centos 4, installation)

This server enables standard mbox accounts with IMAP/POP access. 
# wget http://dl.atrpms.net/all/dovecot-1.0.5-15_61.el4.i386.rpm
  ...

# yum install postgresql-libs
  ...

# rpm -ivh dovecot-1.0.5-15_61.el4.i386.rpm
  ...

# service dovecot
  ...
zap technologies
tablet | printable