Friday, October 2, 2009

Episode 19: How can I control whether incoming email is accepted, denied, or relayed when using Sendmail?

The file /etc/mail/access is used to accept, deny, or relay incoming email. This file controls access to users, entire domains, or an entire IP subnet. The first column specifies a user, domain, or subnet. The second column can be one of the following values:




REJECT
rejects the sender with a general purpose message

OK
accepts mail for receipt (not relay)

RELAY
accept mail for relaying

DISCARD
discard the message completely (harsher than reject)

ERROR:550 your message
like REJECT but returns with your specific message


Here is an example /etc/mail/access file:


user@spammer.org REJECT
spammers.net REJECT
204.168.23 REJECT
192.168 OK
virtualdomain.com RELAY
user@domain.com ERROR:550 mail discarded
nobody@ ERROR:550 bad name


After making changes to this file, execute the following for the changes to take effect:


# make -C /etc/mail
# service sendmail restart


For Example:

I add the following entry in /etc/mail/access :

receiver@intinfra.com REJECT
abhi ERROR:550 mail discarded
ajeet RELAY

Then I ran:
make -C /etc/mail
service sendmail restart

When I tried sending mail from user sender@groupinfra.com as:

[sender@Innova ~]$ echo "hello" | mail -v -s "hi" receiver@intinfra.com
receiver@intinfra.com... Connecting to [127.0.0.1] via relay...
220 Innova.intinfra.com ESMTP Sendmail 8.14.2/8.14.2; Sat, 3 Oct 2009 17:39:59 +0530
>>> EHLO Innova.intinfra.com
250-Innova.intinfra.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=47 AUTH=sender@Innova.intinfra.com
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
550 5.2.1 ... Mailbox disabled for this recipient
503 5.0.0 Need RCPT (recipient)
>>> RSET
250 2.0.0 Reset state
/home/sender/dead.letter... Saved message in /home/sender/dead.letter
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 Innovation1.groupinfra.com closing connection

And When I tried :

[sender@Innova ~]$ echo "hello" | mail -v -s "hi" abhi@intinfra.com
abhinesh@intinfra.com... Connecting to [127.0.0.1] via relay...
220 Innova.intinfra.com ESMTP Sendmail 8.14.2/8.14.2; Sat, 3 Oct 2009 18:46:32 +0530
>>> EHLO Innova.intinfra.com
250-Innova.intinfra.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=47 AUTH=sender@Innova.intinfra.com
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
550 5.0.0 ... mail discarded
503 5.0.0 Need RCPT (recipient)
>>> RSET
250 2.0.0 Reset state
/home/sender/dead.letter... Saved message in /home/sender/dead.letter
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 Innova.intinfra.com closing connection
[sender@Innova ~]$

So Both the receiver and abhi were discarded but when I tried mailing ajeet
it went successful.

[sender@Innova ~]$ echo "hello"|mail -v -s "I am here" ajeet@intinfra.com
ajeet@intinfra.com... Connecting to [127.0.0.1] via relay...
220 Innova.intinfra.com ESMTP Sendmail 8.14.2/8.14.2; Sat, 3 Oct 2009 18:54:29 +0530
>>> EHLO Innova.intinfra.com
250-Innova.intinfra.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=51 AUTH=sender@Innova.intinfra.com
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n93DOTF2006201 Message accepted for delivery
ajeet@intinfra.com... Sent (n93DOTF2006201 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 Innova.intinfra.com closing connection
[sender@Innova ~]$

So It is working for ajeet.

Episode 18: How can I make new aliases for my users if I am running sendmail?

Edit the /etc/aliases file. The syntax for the file is as follows:

username: newalias


Add the usernames and aliases then save the file. Then run (as the user root) the following command:


newaliases


Or restart sendmail with this command:


service sendmail restart

This is the same as running the following command:

sendmail -bi


The aliases database will now be rebuilt with the new changes.

Episode 17: How do I masquerade a server's mail address on sendmail with domaintable?

To masquerade a server's domainname from one name to another use the domaintable FEATURE of sendmail.


First, open the file /etc/mail/domaintable for editing. The structure of this file is:







For example:




# vi /etc/mail/domaintable
old.example.com new.example.com


So mail for old.example.com would process as new.example.com


Next, add the following entry to /etc/mail/sendmail.mc file:




FEATURE(domaintable)


Next, remake the sendmail.cf file:


# cd /etc/mail
# make


Then, restart the sendmail service:


# service sendmail restart

Episode 16: Is it possible to have 2 or more SMART_HOST's configured for redundancy in Sendmail?

It is possible to set up multiple smart hosts in Sendmail. The syntax required in the /etc/mail/sendmail.mc file is:




define(SMARTHOST `[smart.host.one]:[smart.host.two]:[smart.host.three]')


The square brackets are to ensure that Sendmail does not do a Domain Name Service MX lookup. After editing the /etc/mail/sendmail.mc file, the /etc/mail/sendmail.cf file must be regenerated.


For Red Hat Enterprise Linux 2.1, use:




m4 /etc/mail/sendmail.mc > /etc/sendmail.cf


For Red Hat Enterprise Linux 3, use:

make -C /etc/mail


Note: If you are running a Domain Name Server (DNS), an alternative to specifying multiple smart hosts is to set up your DNS server to have multiple MX records under the smart host's host name and have the DNS server 'round robin' the MX records. This configuration, however, is out the scope of this Knowledgebase article

Episode 15: Why do I get the error 'can not chdir(/var/spool/clientmqueue/): Permission denied' when restarting Sendmail?

You should first check the permissions on the following files:




# ls -l /usr/sbin/sendmail.sendmail
-r-xr-sr-x root smmsp /usr/sbin/sendmail.sendmail

# ls -l /var/spool
drwxrwx--- smmsp smmsp /var/spool/clientmqueue



If your permissions are mis-matched, you can modify them by doing the following:




# chown root.smmsp /usr/sbin/sendmail.sendmail
# chmod g+s /usr/sbin/sendmail.sendmail
# chown smmsp.smmsp /var/spool/clientmqueue


After changing permissions, you need to restart the Sendmail service, type:




# service sendmail restart


More information is available at:


•Hints how to configure and run Sendmail

Episode 14: Sendmail Masquerade

Masquerading is a feature which rewrites the hostname in the address of outbound mails. This feature is usually applied to route the inbound mail from a network through a centralized mail hub. This feature is also applied to hide the actual hostname in order to manage mails to avoid using a busy hostname.


To enable this, add the following lines to the /etc/mail/sendmail.mc file:




MASQUERADE_AS(domain.com)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
MASQUERADE_DOMAIN(domain.com)dnl


Update the Sendmail configuration files using the m4 macro processor to generate a new sendmail.cf file by executing the following command:




# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf


To get the Sendmail macro file, the sendmail-cf package must be installed on the system.


After creating a new /etc/mail/sendmail.cf file, restart Sendmail for the changes to take effect. To do this, use the following command:




# service sendmail restart


For more details on the masquerading of Sendmail, use the following links:


•Red Hat Documentation: http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-email-mta.html

•Sendmail - Masquerading and Relaying: http://www.sendmail.org/m4/masquerading.html

Episode 13: How do I configure sendmail to receive mail for multiple domains?

This can be accomplished by adding the domains you wish to receive mail for in the /etc/mail/local-host-names file. It is important that the sendmail server can resolve these domain names through DNS.


Example:

/etc/mail/local-host-names

# local-host-names - include all aliases for your machine here.
domain1.com
domain2.com
domain3.com

Episode 12: How do I configure sendmail to route mail to specific hosts?

This can be accomplished by adding appropriate entries to the /etc/mail/mailertable file. This file allows you to specify a domain, and where you want all email for that domain sent to. In the example below, all email destined for mydomain.com will be automatically forwarded to a mail server that resolves to backend.mail.server. Additionally, all email received from the 192.0.0.0 network will be forwarded to a mail server that resolves to outbound.mail.server.


Example:



/etc/mail/mailertable



mydomain.com smtp:backend.mail.server
192. smtp:outgoing.mail.server



After your modifications to /etc/mail/mailertable are complete you will need to run the following command:



makemap hash /etc/mail/mailertable.db < /etc/mail/mailertable

Then restart sendmail: service sendmail restart

Episode11: Can sendmail be used without DNS?

There are a number of steps required to successfully use sendmail when there is limited or no DNS.


•Setting a SMARTHOST

◦Ensure the required host is resolvable, either by /etc/hosts or DNS, or alternatively specify an IP address.

◦Use line in /etc/mail/sendmail.mc that resembles define(`SMART_HOST',`name.of.smart.host')dnl

•Since the system implicitly have limited resolving capabilities, accept email for unknown domains

◦Use line in /etc/mail/sendmail.mc of the form FEATURE(accept_unresolvable_domains)dnl

•Ensure that the ServiceSwitchFile (by default at /etc/mail/service.switch) has content similar to:


aliases files
hosts files


•Setting the submission agent to ignore DNS

◦Use line in /etc/mail/submit.mc of the form define(`confDIRECT_SUBMISSION_MODIFIERS',`C')

◦Use line in /etc/mail/submit.mc of the form FEATURE(accept_unresolvable_domains)dnl


Having completed the above changes remake the submit.cf & sendmail.cf by typing make in /etc/mail


The daemon may also need to be restarted with the command:




# service sendmail restart

Episode 10: Sendmail server to forward mail to an internal backup mail server?

In order to do this you must define two options in your /etc/mail/sendmail.mc file:




define(`MAIL_HUB', `hostname')
FEATURE(`stickyhost')


In the above options, "hostname" is the hostname of the backup mail server. After you have added those options, you need to execute the commands:




make -C /etc/mail
service sendmail restart



These commands will rebuild the Sendmail macro configuration file for m4 and then restart the Sendmail service, respectively.


Note: This configuration should also work if the internal backup server is a Microsoft Exchange mail server

Episode 9: How do I setup a Sendmail server to forward all mail to a different mail server?

First, you setup the mail server to allow connections from other systems. Change the following line in the /etc/mail/sendmail.mc file:




DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl


to:




DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl


Add the following line to the /etc/mail/sendmail.mc file:




define('SMART_HOST', 'hostname')


Where hostname is the hostname or the IP address of the other mail server. Next, rebuild your m4 macros and restart Sendmail. Execute the commands:




make -C /etc/mail
service sendmail restart


All mail sent to the primary mail server will forward mail to the server defined in the Smart Host option

Episode 8: Why does sendmail does not use NIS mail.aliases?

By default sendmail honors aliases defined only in /etc/aliases. To honor NIS mail.alaises map, edit the file /etc/mail/sendmail.mc

Change the following line:


Change

define(`ALIAS_FILE', `/etc/aliases')dnl

To

define(`ALIAS_FILE',`nis:mail.aliases@NIS-DOMAINNAME')dnl


For example, if the domain name is Example.com, the file may look like this:


define(`ALIAS_FILE',`nis:mail.aliases@Example.com')dnl


It may also look like this:




define(`ALIAS_FILE',`/etc/aliases,nis:mail.aliases@Example.com')

Episode 7: Sendmail to deliver mail in an NIS environment without DNS?

Create a file called /etc/mail/service.switch and include the following in the file:


hosts nis files


Restart Sendmail using service sendmail restart as root. This should resolve the issue

Episode 6: Sendmail Not Listening to Local Domain but working for other Domain..

There had been changes to the way Sendmail handles email from previous versions. Previously, Sendmail will connect directly to the receiving Mail Transport Agent (MTA). It is possible, at that point, not to run the Sendmail daemon but still be able to send emails. In Red Hat Enterprise Linux 3 and later, Sendmail runs 2 daemons: one to listen on localhost to queue the mail and one to actually send the mail.


In some configurations, Sendmail uses a smart host to relay outgoing emails. For security purposes, it is also sometimes configured not to run as a daemon process. This configuration works fine in Red Hat Enterprise Linux 2.1 but not in Red Hat Enterprise Linux 3 and later. If Sendmail does not listen on the localhost, emails to the local system will be deferred. Below is a sample log of what happens:




Jun 27 11:28:46 localhost sendmail[3272]: j5R1SktO003272: from=root, size=37, class=0, nrcpts=1, msgid=<200506270128.j5R1SktO003272@dhcp-99-example.com>, relay=root@localhost
Jun 27 11:28:46 localhost sendmail[3272]: j5R1SktO003272: to=joe, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30037, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]


Using ps ax | grep sendmail to check if Sendmail is running would give the following output:




3240 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/mqueue
3246 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue


Solution:

To correct this problem, it is necessary that Sendmail listens on localhost. Make sure that /etc/sysconfig/sendmail is configured with the option:




DAEMON=yes


After making any changes, restart Sendmail by running this command:




service sendmail restart


Verifying with ps ax | grep sendmail should show something similar to this:




2387 ? Ss 4:31 sendmail: accepting connections
2393 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue

Episode 5: Block specific sender to specific recipient ..

Issue: I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.

The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.

Any and all help appreciated

Solution:

I read the Sendmail, 3rd Edition book and resolved the issue.

Mainly, I had to add

FEATURE(`check_compat')
in the /etc/mail/sendmail.mc file

Then I had to create the following entries
Compat:sender@domain.com<@>recipient@ourdomain.com DISCARD
in /etc/mail/access file

Episode 4: Sendmail Local Mailbox Commands..

In the Last Episode we went through few Sendmail Masquerading stuffs,this time we will be exploring Local users malbox commands in details:

Say, There are Two users: Sender and Receiver.Sendmail is configured properly. Let us run this command logging in as sender:

[sender@Innova ~]$ echo " Hello" | mail -v -s "hi" receiver@localhost
receiver@localhost... Connecting to [127.0.0.1] via relay...
220 Innova.intinfra.com ESMTP Sendmail 8.14.2/8.14.2; Sat, 3 Oct 2009 14:26:02 +0530
>>> EHLO Innova.intinfra.com
250-Innova.intinfra.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=43 AUTH=sender@Innova.intinfra.com
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n938u2nS005377 Message accepted for delivery
receiver@localhost... Sent (n938u2nS005377 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 Innova.intinfra.com closing connection
[sender@Innova ~]$

A Mail has been sent to receiver in the same machine.
Let us now check if the mail has actually been received by user called receiver or not.

[receiver@Innova ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/receiver": 1 message 1 unread
>U 1 sender@intinfra.co Sat Oct 3 14:26 17/674 "hi"
&

Yes It shows that receiver has received the mail.
Let us try out with other commands:

Type ? after & above and it will display lots of options:

[receiver@Innova ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/receiver": 1 message 1 unread
>U 1 sender@intinfra.co Sat Oct 3 14:26 17/674 "hi"
& ^CInterrupt
& ?
Mail Commands
t type messages
n goto and type next message
e edit messages
f give head lines of messages
d delete messages
s file append messages to file
u undelete messages
R reply to message senders
r reply to message senders and all recipients
pre make messages go back to /usr/spool/mail
m mail to specific users
q quit, saving unresolved messages in mbox
x quit, do not remove system mailbox
h print out active message headers
! shell escape
cd [directory] chdir to directory or home if none given

A consists of integers, ranges of same, or user names separated
by spaces. If omitted, Mail uses the last message typed.

A consists of user names or aliases separated by spaces.
Aliases are defined in .mailrc in your home directory.
&


Let us see the mail sent by sender through this command:


Option 1:

& t sender
Message 1:
From sender@groupinfra.com Sat Oct 3 14:26:02 2009
Date: Sat, 3 Oct 2009 14:26:02 +0530
From: sender@groupinfra.com
To: receiver@groupinfra.com
Subject: hi

Hello

&


So Sender has simply sent "hello" Message with subjectline "hi".

Option 2:

Lets see another option to check new mail if any.

& n
At EOF
&


Option 3:

& f sender
> 1 sender@groupinfra.co Sat Oct 3 14:26 17/674 "hi"
&



Option 4:

& R sender
To: sender@groupinfra.com
Subject: Re: hi

I have received your mail Dude
.
Cc: ajeet.singh.raina@logica.com
& q
Saved 1 message in mbox

Episode 3: Using Sendmail to Change the Sender's Email Address

1) Add these statements to your /etc/mail/sendmail.mc file to activate the feature:

FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

2) Create a /etc/mail/generics-domains file that is just a list of all the domains that should be inspected. Make sure the file includes your server's canonical domain name, which you can obtain using the command:



[root@Innova ~]# sendmail -bt -d0.1
> You have new mail in /var/spool/mail/root
[root@Innova ~]#

Here is a sample /etc/mail/generics-domains file:
[root@Innova ~]# cat /etc/mail/generics-domains

intinfra.com
Innova.intinfra.com



3) Create your /etc/mail/genericstable file. First sendmail searches the /etc/mail/generics-domains file for a list of domains to reverse map. It then looks at the /etc/mail/genericstable file for an individual email address from a matching domain. The format of the file is

mailadmin mailadmin@intinfra.com
ajeet ajeet@intinfra.com


Run m4 command followed by service restart for the sendmail to work.
This time if you send mail as:

[mailadmin ~]$ echo "hello" | mail -v -s "hello" ajeetraina@gmail.com

The Mail will arrive as:

mailman@intinfra.com and not root@host.domain.com

Episode 2: Sendmail Troubleshooting

Aim:

You are not able to send/receive mail due to Domain Name Issue.

Solution:

Add DSmailw.intinfra.com to sendmail.cf and Restart the sendmail service.

Dont forget to add this line to /etc/hosts:


158.245.200.109 mailw.intinfra.com mailw


Hope it will solve the domain name issue.

Episode 1: Sendmail Masquerading

Aim:

You want to receive mail as root@domain.com and not as root@host.domain.com under Sendmail configuration.

Solution:

Add this entry in sendmail.mc file:

FEATURE(always_add_domain)dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MASQUERADE_AS(`intinfra.com')dnl
MASQUERADE_DOMAIN(`intinfra.com.')dnl
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl

By default, user "root" will not be masqueraded. To remove this restriction use:

EXPOSED_USER(`root')dnl
command in /etc/mail/sendmail.mc. You can comment this out if you like with a "dnl" at the beginning of the line and running the sendmail start script.

Run m4 command and restart the Sendmail.

Do Remember to add:

DSmailw.intinfra.com

to sendmail.cf file.