Sendmail Correctly As an Internal Mail Handler

Posted: November 30, 2008 in LINUX, SENDMAIL
Tags:

Sendmail Mods — Using Sendmail Correctly As an Internal Mail Handler

Modifying the sendmail.mc file for internal servers….

Listed below are the changes to a default RH 9 /etc/mail/sendmail.mc file required to operate a mail server behind a corectly configured Sendmail gateway server. These intranet servers can send mail to local users, users on the gateway server, and external Internet addresses. Why would you want to do this? There are many applications that utilize mail (sendmail) to send status information and data to you or other users. Some examples of such handy software include cron, apinger, and logwatch. However, you may not want to expose these internal machines to the outside world. The following details will allow you to use your gateway server as a relay.

Again, this is a specialized application of Sendmail. For a more general application, see our other page.

We will assume that your firewall will not let outsiders touch these internal servers on port 25. As such, several of the lock-down and anti-spam measures that were implemented on the gateway server will not be emplemented here.

You are NOT done once you change the .mc file. There are other changes that need to be done to the server.

Anything not listed for change/add/delete here should work fine with the default settings. I do NOT know if this will work for any other installation (e.g. Red Hat 7.2 or Mandrake). This worked with the default sendmail RPM shipped with RH 9 (and subsequent sendmail updates). I gleaned some parts of this from several sources but one of your best resources is the published Red Hat documentation.RTFM. Red Hat has excellent manuals and you will find most of this stuff there.

Some hearty souls may chose to edit the sendmail.cf file directly however I do not see the need for this. The whole idea of the sendmail.mc file is to make the configuration file manageable and to generate the .cf file. When I dove into this, I read as much as I could, including the vaunted O’Reilly Bat Book. Everything I read said to stick with the macros (m4 and mc) and let them generate the .cf. I’ve played with both files from time to time and find the .mc to be much more manageable for my pea-brain. The sendmail.mc file is 145 lines, the sendmail.cf file is 1800 lines. You figure it out….

You will need to run make -C /etc/mail as root to generate the sendmail.cf file from the sendmail.mc macro after you are finished making these changes. You will also need to do a /sbin/service sendmail restart as root once you have made the new sendmail.cf file. More on this below.

Please let me know if you see any errors or omissions in this document. Also, note that I am well aware I am not saving the world here.


Some definitions:

Comment out: Place a dnl or a dnl # in front of the line in the macro file. This will cause the m4 compiler to ignore that line.

Uncomment: Remove the dnl or dnl # in front of the line in the macro file. There may also be changes after you uncomment.

Add: New lines that should be added just like they are shown.

Replace: Replace the existing line (which will be shown) with the new line.

Notes: These are listed in roughly the order they appear in the sendmail.mc file, not by importance. I suggest you read through them all and sort out the ones you need. Don’t change the order of things too much as the compiler can get picky if too many things are defined out of order. Also, they insist on using forward-single-quotes (`) which are a pain if you don’t notice them. It is best to copy existing lines and modify them so you don’t mix up the forward and standard quotes.


Modify the actual sendmal.mc file

1. The most important change you need to make is this first step. You must comment out the following line:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl

This will allow sendmail to make connections with machines other than the localhost. Duh. The reason for having this line included (turned on) by default will be left as an exercise for the reader.

2. Comment out the following line:

define(`UUCP_MAILER_MAX’, 2000000′)dnl

You don’t need this. Leave it if you like.

3. Comment out the following line:

FEATURE(`local_procmail,`’, `procmail -t -Y -a $h -d $u’)dnl

You don’t need procmail for the simple stuff. Leave it or modify it if you like.

4. Comment out the following line:

EXPOSED_USER(`root’)dnl

Leave it or modify it if you like.

5. Comment out the following line:

FEATURE(`accept_unresolvable_domains’)dnl

If this line is NOT commented out, you will open yourself up to more spam as sendmail will not do one of its basic checks on the incoming MTA.

6. Another key change is to set up your gateway machine as your “null client”. This is done by the following add:

FEATURE(`nullclient’,`[192.168.100.1]’)dnl   (assuming your SMTP gateway machine is 192.168.100.1)

This will forward mail to your other machine which will interface to the outside world and local users. You will need to have your access file set up correctly on your gateway machine to allow relaying from this internal sendmail machine.

7. Replace the following line and modify it as required.

MASQUERADE_AS(`mydomain.com’)dnl Becomes

MASQUERADE_AS(`eexamplee.net’)dnl

This causes all sent mail to appear to come from eexamplee.net.

8. Replace the following line and modify it as required.

MASQUERADE_AS(mydomain.com)dnl Becomes

MASQUERADE_AS(eexamplee.net)dnl

Note this is identical to the previous line except without the single quotes. Don’t know about this one.

9. Uncomment the following:

FEATURE(masquerade_envelope)dnl

This is similar to the previous masquerade statement except in also masquerades the entire envelope.

10. Replace and modify the following:

LOCAL_DOMAIN(`mydomain.com’)dnl Becomes

LOCAL_DOMAIN(`eexamplee.net’)dnl

This defines the domain name to masquerade.

11. Comment out the following line:

MAILER(smtp)dnl

12. Comment out the following line:

MAILER(procmail)dnl

Other changes beyond sendmail.mc

The next step is to modify the ancillary files to let sendmail do its thing.

Setting up the access file

The /etc/mail/access file allows you to block access to the mail server based on host names and IP addresses. You can use this to create blacklists and whitelists although they can be a bit hard to maintain as they are static. There are some lines you need to have in here even if you don’t explicitly list anything else. The required lines are the localhost and the hostname.

hostname.eexamplee.net RELAY localhost RELAY 127.0.0.1 RELAY 192.168.5 RELAY 192.168.100 RELAY

Setting up the local-host-names file

The /etc/mail/local-host-names file defines the aliases for the local machine. You want to put all the names in here that will be used by sendmail to define the host.

# local-host-names – include all aliases for your machine here.
eexamplee.net.net
mail.eexamplee.net

Pretty self explanatory.

Modifying the aliases file

The /etc/aliases file contains the mail aliases for the server. It is important that some of these be here to be compliant with RFCs. Usually you will only need to edit the last line.

# Person who should get root’s mail
root:           billybob

You may want to add some other lines for something like spamtrap: or any other aliases.

 

Burn it!

Now we will make sure everything is prepped and ready to use by sendmail. Execute the following commands as root:

/usr/bin/newalises    This activates the changes you made to the /etc/aliases file. Note: if you change aliases in the future, you only need to execute this command, you do not need to restart sendmail for the changes to show through.

makemap hash /etc/mail/access < /etc/mail/access    This creates a hashed version of your access database. This will keep your ISP username and password secure. A new /etc/mail/access.db file will be created.

makemap hash /etc/mail/local-host-names < /etc/mail/local-host-names    Like above, this creates a one-way hash of the local-host-names file you modified.

make -C /etc/mail    (That’s an upper case “C”) This creates the /etc/mail/sendmail.cf file from the /etc/mail/sendmail.mc file you modified earlier. Note: some of the above steps are covered here by the makefile but it won’t hurt to make them again.

Now all you have to do is restart the server.

/sbin/service sendmail restart    This will kill the sendmail job (if its running) and restart it using all your configuration changes.

That’s it!

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s