Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the SMTP
protocol. However, Sendmail is highly configurable, allowing control over almost every aspect of how email is handled, including the protocol used. Many system administrators elect to use Sendmail as their MTA due to its power and scalability.
12.3.2.1. Purpose and Limitations
It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses POP
or IMAP
, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another.
It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. Refer to the
Section 12.6, “Additional Resources” for a list of Sendmail resources.
This section reviews the files installed with Sendmail by default and reviews basic configuration changes, including how to stop unwanted email (spam) and how to extend Sendmail with the Lightweight Directory Access Protocol (LDAP).
12.3.2.2. The Default Sendmail Installation
In order to use Sendmail, first ensure the sendmail package is installed on your system by running, as root:
~]# yum install sendmail
In order to configure Sendmail, ensure the sendmail-cf package is installed on your system by running, as root:
~]# yum install sendmail-cf
The Sendmail executable is /usr/sbin/sendmail
.
Sendmail's lengthy and detailed configuration file is /etc/mail/sendmail.cf
. Avoid editing the sendmail.cf
file directly. To make configuration changes to Sendmail, edit the /etc/mail/sendmail.mc
file, back up the original /etc/mail/sendmail.cf
, and use the following alternatives to generate a new configuration file:
Use the included makefile in /etc/mail/
(~]# make all -C /etc/mail/
) to create a new /etc/mail/sendmail.cf
configuration file. All other generated files in /etc/mail
(db files) will be regenerated if needed. The old makemap commands are still usable. The make command will automatically be used by service sendmail start | restart | reload
.
Alternatively you may use the m4
macro processor to create a new /etc/mail/sendmail.cf
. The m4
macro processor is not installed by default. Before using it to create /etc/mail/sendmail.cf
, install the m4 package as root:
~]# yum install m4
Various Sendmail configuration files are installed in the /etc/mail/
directory including:
access
— Specifies which systems can use Sendmail for outbound email.
domaintable
— Specifies domain name mapping.
local-host-names
— Specifies aliases for the host.
mailertable
— Specifies instructions that override routing for particular domains.
virtusertable
— Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine.
Several of the configuration files in /etc/mail/
, such as access
, domaintable
, mailertable
and virtusertable
, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command, as root:
~]# makemap hash /etc/mail/<name>
< /etc/mail/<name>
where <name>
represents the name of the configuration file to be updated. You may also restart the sendmail
service for the changes to take effect by running:
~]# service sendmail restart
For example, to have all emails addressed to the
example.com
domain delivered to
[email protected]
, add the following line to the
virtusertable
file:
@example.com [email protected]
To finalize the change, the virtusertable.db
file must be updated:
~]# makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
Sendmail will create an updated virtusertable.db
file containing the new configuration.
12.3.2.3. Common Sendmail Configuration Changes
When altering the Sendmail configuration file, it is best not to edit an existing file, but to generate an entirely new /etc/mail/sendmail.cf
file.
Before changing the sendmail.cf
file, it is a good idea to create a backup copy.
To add the desired functionality to Sendmail, edit the /etc/mail/sendmail.mc
file as root. Once you are finished, restart the sendmail
service and, if the m4 package is installed, the m4
macro processor will automatically generate a new sendmail.cf
configuration file:
~]# service sendmail restart
The default sendmail.cf
file does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the /etc/mail/sendmail.mc
file, and either change the address specified in the Addr=
option of the DAEMON_OPTIONS
directive from 127.0.0.1
to the IP address of an active network device or comment out the DAEMON_OPTIONS
directive all together by placing dnl
at the beginning of the line. When finished, regenerate /etc/mail/sendmail.cf
by restarting the service
~]# service sendmail restart
The default configuration which ships with Red Hat Enterprise Linux works for most SMTP
-only sites. However, it does not work for UUCP (UNIX-to-UNIX Copy Protocol) sites. If using UUCP mail transfers, the /etc/mail/sendmail.mc
file must be reconfigured and a new /etc/mail/sendmail.cf
file must be generated.
Consult the /usr/share/sendmail-cf/README
file before editing any files in the directories under the /usr/share/sendmail-cf
directory, as they can affect the future configuration of the /etc/mail/sendmail.cf
file.
One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For instance, a company may want to have a machine called mail.example.com
that handles all of their email and assigns a consistent return address to all outgoing mail.
In this situation, the Sendmail server must masquerade the machine names on the company network so that their return address is
[email protected]
instead of
[email protected]
.
To do this, add the following lines to /etc/mail/sendmail.mc
:
FEATURE(always_add_domain)dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`allmasquerade')dnl
MASQUERADE_AS(`bigcorp.com.')dnl
MASQUERADE_DOMAIN(`bigcorp.com.')dnl
MASQUERADE_AS(bigcorp.com)dnl
After generating a new sendmail.cf
using the m4
macro processor, this configuration makes all mail from inside the network appear as if it were sent from bigcorp.com
.
Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards.
Sendmail makes it relatively easy to block new spamming techniques being employed to send junk email. It even blocks many of the more usual spamming methods by default. Main anti-spam features available in sendmail are header checks, relaying denial (default from version 8.9), access database and sender information checks.
For example, forwarding of SMTP
messages, also called relaying, has been disabled by default since Sendmail version 8.9. Before this change occurred, Sendmail directed the mail host (x.edu
) to accept messages from one party (y.com
) and sent them to a different party (z.net
). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the /etc/mail/relay-domains
file and restart Sendmail
~]# service sendmail restart
However, many times users are bombarded with spam from other servers throughout the Internet. In these instances, Sendmail's access control features available through the /etc/mail/access
file can be used to prevent connections from unwanted hosts. The following example illustrates how this file can be used to both block and specifically allow access to the Sendmail server:
badspammer.com ERROR:550 "Go away and do not spam us anymore" tux.badspammer.com OK 10.0 RELAY
This example shows that any email sent from badspammer.com
is blocked with a 550 RFC-821 compliant error code, with a message sent back to the spammer. Email sent from the tux.badspammer.com
sub-domain, is accepted. The last line shows that any email sent from the 10.0.*.* network can be relayed through the mail server.
Because the /etc/mail/access.db
file is a database, use the makemap
command to update any changes. Do this using the following command as root:
~]# makemap hash /etc/mail/access < /etc/mail/access
Message header analysis allows you to reject mail based on header contents. SMTP
servers store information about an email's journey in the message header. As the message travels from one MTA to another, each puts in a Received
header above all the other Received
headers. It is important to note that this information may be altered by spammers.
The above examples only represent a small part of what Sendmail can do in terms of allowing or blocking access. Refer to the /usr/share/sendmail-cf/README
for more information and examples.
Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. Refer to
Section 12.4.2.6, “Spam Filters” for more information about using SpamAssassin.
12.3.2.6. Using Sendmail with LDAP
Using LDAP
is a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an LDAP
server can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation, LDAP
is largely separate from Sendmail, with LDAP
storing the hierarchical user information and Sendmail only being given the result of LDAP
queries in pre-addressed email messages.
However, Sendmail supports a much greater integration with LDAP
, where it uses LDAP
to replace separately maintained files, such as /etc/aliases
and /etc/mail/virtusertables
, on different mail servers that work together to support a medium- to enterprise-level organization. In short, LDAP
abstracts the mail routing level from Sendmail and its separate configuration files to a powerful LDAP
cluster that can be leveraged by many different applications.
The current version of Sendmail contains support for LDAP
. To extend the Sendmail server using LDAP
, first get an LDAP
server, such as OpenLDAP, running and properly configured. Then edit the /etc/mail/sendmail.mc
to include the following:
LDAPROUTE_DOMAIN('yourdomain.com
')dnl
FEATURE('ldap_routing')dnl
This is only for a very basic configuration of Sendmail with LDAP
. The configuration can differ greatly from this depending on the implementation of LDAP
, especially when configuring several Sendmail machines to use a common LDAP
server.
Consult /usr/share/sendmail-cf/README
for detailed LDAP
routing configuration instructions and examples.