Configuring Linux Mail Configuring Linux Mail ServersServersObjectives

◦ This chapter will show you how to install and use Mailservers

Contents◦ An Overview Of How Sendmail Works◦ Sendmail configruation files◦ Relaying◦ Sendmail Masquerading ◦ Using Sendmail to Change the Sender's Email

Address

Practical◦ Setting up mailserver

Getting SENDMAILGetting SENDMAIL Installing Sendmail

◦ You will need to make sure that the sendmail, sendmail-cf and m4 software RPMs are installed.rpm –ivh sendmail-8.12.8-4.i386.rpm (The client/server)rpm –ivh sendmail-cf-8.12.8-4.i386.rpm (Config files)rpm –ivh sendmail-devel-8.12.8-4.i386.rpm (Optional)rpm –ivh sendmail-doc-8.12.8-4.i386.rpm (Optional)

Starting/Stopping Sendmail◦ You can use the chkconfig command to get Sendmail configured to start at boot:

◦ To start/stop/restart sendmail after booting

◦ You need to restart sendmail after changing sendmail.cf

# chkconfig sendmail on

# service sendmail start# service sendmail stop# service sendmail restart

The /etc/mail/sendmail.mc The /etc/mail/sendmail.mc FileFileHow to Put Comments in sendmal.mc

◦The sendmail.mc file doesn't use the "#" for commenting, but instead uses the string "dnl".

Configuring the DNS for sendmail◦Make Your Mail Server The Mail Server For

Your Domain in DNS

Disabled statements due to "dnl" commentingdnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')Incorrectly disabled statement# DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')Active statementDAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')

IN MX 10 mail.my-site.com

# host mail.my-site.commail.my-site.com has address 192.168.0.1

Sendmail & name Sendmail & name resolutionresolutionAll hosts that are not the nameserver

should have /etc/resolv.conf file like this:

And incorrectly configured resolv.conf ◦file can lead to errors like this when running

the m4

The /etc/hosts File must have loopback address

domain my-site.comnameserver 192.168.0.1

WARNING: local host name (smallfry) is not qualified; fix $j in config file

127.0.0.1  bigboy.my-site.com  bigboy  localhost.localdomain \ localhost

How To Configure Linux SendmailHow To Configure Linux Sendmail

All Linux mail clients in your home or company need to know which server is the mail server. ◦In /etc/mail/sendmail.mc file:

Converting From a Mail Client to a Mail Server◦Determine Which NICs Sendmail Is Running On◦We can verify that sendmail is running by first

using the pgrep command

define(`SMART_HOST',`mail.my-site.com')

# pgrep sendmail22131

# netstat -an | grep :25 | grep tcptcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

Convert the sendmail client to Convert the sendmail client to serverserverEdit sendmail.mc To Make

Sendmail Listen On All Interfacesdnl This changes sendmail to only listen on the loopback device 127.0.0.1dnl and not on any other network devices. Comment this out if you wantdnl to accept email over the network.

-> dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA')dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requiresdnl a kernel patchdnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl We strongly recommend to comment this one out if you want to protectdnl yourself from spam. However, the laptop and users on computers that dodnl not have 24x7 DNS do need this.

-> dnl FEATURE(`accept_unresolvable_domains')dnldnl FEATURE(`relay_based_on_MX')dnl

Convert the sendmail client to Convert the sendmail client to serverserverComment out the "SMART_HOST" Entry In

sendmail.mc

Regenerate The sendmail.cf File & Restart sendmail◦ This step can be accomplished by running the

script we created at the beginning of the chapter.

Now Make Sure Sendmail Is Listening On All Interfaces

dnl define(`SMART_HOST',`mail.my-site.com')

# netstat -an | grep :25 | grep tcptcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN

# ./smmake

A General Guide To Using The sendmail.mc FileA General Guide To Using The sendmail.mc File

Primary rule, nice and clean sendmail.mc with comments◦Masquerade rewrites all mail from hosts to coming from domain

◦FEATURE adds functionallity to sendmail

dnl ***** Customised section 1 start *****DnlDnlFEATURE(delay_checks)dnlFEATURE(masquerade_envelope)dnlFEATURE(allmasquerade)dnlFEATURE(masquerade_entire_domain)dnldnldnldnl ***** Customised section 1 end *****

Sendmail feature filesSendmail feature files The /etc/mail/relay-domains File

The /etc/mail/access File◦ Keywords include RELAY, REJECT, OK (not ACCEPT) and

DISCARD

The /etc/mail/local-host-names File◦ Also recieve mail from my other site◦ In DNS we need to enter:

my-other-site.commy-site.com

localhost.localdomain           RELAYlocalhost                       RELAY127.0.0.1                       RELAY192.168.1.16                    RELAY192.168.1.17                    RELAY192.168.2                       RELAYmy-site.com                     RELAY

my-site.commy-other-site.com

my-other-site.com. MX 10 mail.my-site.com.

Which User Should Really Receive The Mail?Which User Should Really Receive The Mail?

The /etc/mail/virtusertable file

The /etc/aliases File

Allways run command newaliases after working with aliases

webmaster@my-other-site.com   webmasters@my-other-site.com            marcsales@my-site.com             sales@my-other-site.compaul@my-site.com              paulfinance@my-site.com           paul@my-site.com                  error:nouser User unknown

. . .manager:              rootabuse:                root# trap decode to catch security attacksdecode:               root# Person who should get root's mailroot:                 marc,webmaster@my-site.com# My mailing list fileadmin-list:     ":include:/home/mailings/admin-list"

Sendmail Masquerading Sendmail Masquerading ExplainedExplained If you want your mail to appear to come from

◦ user@mysite.com and not user@bigboy.mysite.com

You can in that case:a)Configure your email client, such as Outlook

Express, to set your email address to user@mysite.com

b)Set up masquerading to modify the domain name of all traffic originating from and passing trough your mail server

Configuring masquerading◦ This can be solved by editing your sendmail.mc

configuration file and adding some masquerading commands:

FEATURE(always_add_domain)dnlFEATURE(`masquerade_entire_domain')dnlFEATURE(`masquerade_envelope')dnlFEATURE(`allmasquerade')dnlMASQUERADE_AS(`my-site.com')dnlMASQUERADE_DOMAIN(`my-site.com.')dnlMASQUERADE_DOMAIN(localhost)dnlMASQUERADE_DOMAIN(localhost.localdomain)dnl

Sendmail Masquerading Sendmail Masquerading ExplainedExplained  Testing Masquerading

◦ You should also tail the /var/log/maillog file to verify that the masquerading is operating

Other Masquerading Notes◦ By default, user "root" will not be

masqueraded. This is achieved with the:

◦ in /etc/mail/sendmail.mc

mail -v username

EXPOSED_USER(`root')dnl

Using Sendmail to Change the Sender's Email AddressUsing Sendmail to Change the Sender's Email Address

Add these statements to your /etc/mail/sendmail.mc◦ In order to rewrite emails origin address,

you need some features:

◦ In /etc/mail/sendmail.mc Create a /etc/mail/generics-domains Create your /etc/mail/genericstable

FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnlGENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

my-site.commy-other-site.combigboy.my-site.com

#linux-username       username@new-domain.comalert          security-alert@my-site.competer          urgent-message@my-site.com

Fighting SPAM, add featuresFighting SPAM, add features

RFC-Ignorant valid IP address checker.

Easynet open proxy list.

The Open Relay Database open mail relay list.

Spamcop spammer blacklist.

Spamhaus spammer blacklist.

FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')

FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL  (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl

FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl

FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')

FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dn

SpamassassinSpamassassin

Downloading & Installing Spamassassin

Starting Spamassassin

Configuring Procmail for Spamassassin

Startup Spamassassin

◦ Combine spamassasin with sendmail features

cp /etc/mail/spamassassin/spamassassin-spamc.rc /etc/procmailrc

# /etc/init.d/spamassassin start

# chkconfig --level 35 spamassassin on

# rpm –ivh spamassassin-2.60-2.i386.rpm.

Thank youThank you