Configuring Linux Mail Servers Objectives –This chapter will show you how to install and use Mailservers Contents –An Overview Of How Sendmail Works –Sendmail configruation files –Relaying –Sendmail Masquerading –Using Sendmail to Change the Sender's Address Practical –Setting up mailserver

Getting SENDMAIL Installing Sendmail –You will need to make sure that the sendmail, sendmail-cf and m4 software RPMs are installed. rpm –ivh sendmail i386.rpm(The client/server) rpm –ivh sendmail-cf i386.rpm(Config files) rpm –ivh sendmail-devel i386.rpm(Optional) rpm –ivh sendmail-doc i386.rpm(Optional) Starting/Stopping Sendmail –You can use the chkconfig command to get Sendmail configured to start at boot: –To start/stop/restart sendmail after booting –You need to restart sendmail after changing sendmail.cf # chkconfig sendmail on # service sendmail start # service sendmail stop # service sendmail restart # service sendmail start # service sendmail stop # service sendmail restart

The /etc/mail/sendmail.mc File How to Put Comments in sendmal.mc –The sendmail.mc file doesn't use the "#" for commenting, but instead uses the string "dnl". Configuring the DNS for sendmail –Make Your Mail Server The Mail Server For Your Domain in DNS Disabled statements due to "dnl" commenting dnl DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') dnl # DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') Incorrectly disabled statement # DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') Active statement DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') Disabled statements due to "dnl" commenting dnl DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') dnl # DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') Incorrectly disabled statement # DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') Active statement DAEMON_OPTIONS(`Port=smtp,Addr= , Name=MTA') IN MX 10mail.my-site.com # host mail.my-site.com mail.my-site.com has address # host mail.my-site.com mail.my-site.com has address

Sendmail & name resolution All hosts that are not the nameserver should have /etc/resolv.conf file like this: And incorrectly configured resolv.conf –file can lead to errors like this when running the m4 The /etc/hosts File must have loopback address domain my-site.com nameserver domain my-site.com nameserver WARNING: local host name (smallfry) is not qualified; fix $j in config file bigboy.my-site.com bigboy localhost.localdomain \ localhost

How To Configure Linux Sendmail All Linux mail clients in your home or company need to know which server is the mail server. –In /etc/mail/sendmail.mc file: Converting From a Mail Client to a Mail Server –Determine Which NICs Sendmail Is Running On –We can verify that sendmail is running by first using the pgrep command define(`SMART_HOST',`mail.my-site.com') # pgrep sendmail # netstat -an | grep :25 | grep tcp tcp : :* LISTEN # pgrep sendmail # netstat -an | grep :25 | grep tcp tcp : :* LISTEN

Convert the sendmail client to server Edit sendmail.mc To Make Sendmail Listen On All Interfaces dnl This changes sendmail to only listen on the loopback device dnl and not on any other network devices. Comment this out if you want dnl to accept over the network. -> dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA') dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. -> dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl dnl This changes sendmail to only listen on the loopback device dnl and not on any other network devices. Comment this out if you want dnl to accept over the network. -> dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA') dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. -> dnl FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl

Convert the sendmail client to server Comment out the "SMART_HOST" Entry In sendmail.mc Regenerate The sendmail.cf File & Restart sendmail –This step can be accomplished by running the script we created at the beginning of the chapter. Now Make Sure Sendmail Is Listening On All Interfaces dnl define(`SMART_HOST',`mail.my-site.com') # netstat -an | grep :25 | grep tcp tcp : :* LISTEN # netstat -an | grep :25 | grep tcp tcp : :* LISTEN #./smmake

A General Guide To Using The sendmail.mc File Primary rule, nice and clean sendmail.mc with comments –Masquerade rewrites all mail from hosts to coming from domain –FEATURE adds functionallity to sendmail dnl ***** Customised section 1 start ***** Dnl FEATURE(delay_checks)dnl FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_entire_domain)dnl dnl dnl ***** Customised section 1 end ***** dnl ***** Customised section 1 start ***** Dnl FEATURE(delay_checks)dnl FEATURE(masquerade_envelope)dnl FEATURE(allmasquerade)dnl FEATURE(masquerade_entire_domain)dnl dnl dnl ***** Customised section 1 end *****

Sendmail feature files The /etc/mail/relay-domains File The /etc/mail/access File –Keywords include RELAY, REJECT, OK (not ACCEPT) and DISCARD The /etc/mail/local-host-names File –Also recieve mail from my other site –In DNS we need to enter: my-other-site.com my-site.com my-other-site.com my-site.com localhost.localdomain RELAY localhost RELAY RELAY RELAY RELAY RELAY my-site.com RELAY localhost.localdomain RELAY localhost RELAY RELAY RELAY RELAY RELAY my-site.com RELAY my-site.com my-other-site.com my-site.com my-other-site.com my-other-site.com. MX 10 mail.my-site.com.

Which User Should Really Receive The Mail? The /etc/mail/virtusertable file The /etc/aliases File Allways run command newaliases after working with aliases marc paul error:nouser User unknown marc paul error:nouser User unknown... manager: root abuse: root # trap decode to catch security attacks decode: root # Person who should get root's mail root: # My mailing list file admin-list: ":include:/home/mailings/admin-list"... manager: root abuse: root # trap decode to catch security attacks decode: root # Person who should get root's mail root: # My mailing list file admin-list: ":include:/home/mailings/admin-list"

Sendmail Masquerading Explained If you want your mail to appear to come from and not You can in that case: a)Configure your client, such as Outlook Express, to set your address to b)Set up masquerading to modify the domain name of all traffic originating from and passing trough your mail server Configuring masquerading –This can be solved by editing your sendmail.mc configuration file and adding some masquerading commands: FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`my-site.com')dnl MASQUERADE_DOMAIN(`my-site.com.')dnl MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`my-site.com')dnl MASQUERADE_DOMAIN(`my-site.com.')dnl MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

Sendmail Masquerading Explained Testing Masquerading –You should also tail the /var/log/maillog file to verify that the masquerading is operating Other Masquerading Notes –By default, user "root" will not be masqueraded. This is achieved with the: –in /etc/mail/sendmail.mc mail -v username EXPOSED_USER(`root')dnl

Using Sendmail to Change the Sender's Address Add these statements to your /etc/mail/sendmail.mc –In order to rewrite s origin address, you need some features: –In /etc/mail/sendmail.mc Create a /etc/mail/generics-domains Create your /etc/mail/genericstable FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl my-site.com my-other-site.com bigboy.my-site.com my-site.com my-other-site.com bigboy.my-site.com #linux-username alert peter #linux-username alert peter

Fighting SPAM, add features RFC-Ignorant valid IP address checker. Easynet open proxy list. The Open Relay Database open mail relay list. Spamcop spammer blacklist. Spamhaus spammer blacklist. FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `" ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL ( `')dnl FEATURE(`dnsbl', `relays.ordb.org', `"550 rejected due to sending server misconfiguration - see FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see

Spamassassin Downloading & Installing Spamassassin Starting Spamassassin Configuring Procmail for Spamassassin Startup Spamassassin –Combine spamassasin with sendmail features cp /etc/mail/spamassassin/spamassassin-spamc.rc /etc/procmailrc # /etc/init.d/spamassassin start # chkconfig --level 35 spamassassin on # rpm –ivh spamassassin i386.rpm.