Upload
unmesh-baile
View
266
Download
0
Embed Size (px)
Citation preview
Configuring Linux Mail Configuring Linux Mail ServersServersObjectives
◦ This chapter will show you how to install and use Mailservers
Contents◦ An Overview Of How Sendmail Works◦ Sendmail configruation files◦ Relaying◦ Sendmail Masquerading ◦ Using Sendmail to Change the Sender's Email
Address
Practical◦ Setting up mailserver
Getting SENDMAILGetting SENDMAIL Installing Sendmail
◦ You will need to make sure that the sendmail, sendmail-cf and m4 software RPMs are installed.rpm –ivh sendmail-8.12.8-4.i386.rpm (The client/server)rpm –ivh sendmail-cf-8.12.8-4.i386.rpm (Config files)rpm –ivh sendmail-devel-8.12.8-4.i386.rpm (Optional)rpm –ivh sendmail-doc-8.12.8-4.i386.rpm (Optional)
Starting/Stopping Sendmail◦ You can use the chkconfig command to get Sendmail configured to start at boot:
◦ To start/stop/restart sendmail after booting
◦ You need to restart sendmail after changing sendmail.cf
# chkconfig sendmail on
# service sendmail start# service sendmail stop# service sendmail restart
The /etc/mail/sendmail.mc The /etc/mail/sendmail.mc FileFileHow to Put Comments in sendmal.mc
◦The sendmail.mc file doesn't use the "#" for commenting, but instead uses the string "dnl".
Configuring the DNS for sendmail◦Make Your Mail Server The Mail Server For
Your Domain in DNS
Disabled statements due to "dnl" commentingdnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')Incorrectly disabled statement# DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')Active statementDAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
IN MX 10 mail.my-site.com
# host mail.my-site.commail.my-site.com has address 192.168.0.1
Sendmail & name Sendmail & name resolutionresolutionAll hosts that are not the nameserver
should have /etc/resolv.conf file like this:
And incorrectly configured resolv.conf ◦file can lead to errors like this when running
the m4
The /etc/hosts File must have loopback address
domain my-site.comnameserver 192.168.0.1
WARNING: local host name (smallfry) is not qualified; fix $j in config file
127.0.0.1 bigboy.my-site.com bigboy localhost.localdomain \ localhost
How To Configure Linux SendmailHow To Configure Linux Sendmail
All Linux mail clients in your home or company need to know which server is the mail server. ◦In /etc/mail/sendmail.mc file:
Converting From a Mail Client to a Mail Server◦Determine Which NICs Sendmail Is Running On◦We can verify that sendmail is running by first
using the pgrep command
define(`SMART_HOST',`mail.my-site.com')
# pgrep sendmail22131
# netstat -an | grep :25 | grep tcptcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
Convert the sendmail client to Convert the sendmail client to serverserverEdit sendmail.mc To Make
Sendmail Listen On All Interfacesdnl This changes sendmail to only listen on the loopback device 127.0.0.1dnl and not on any other network devices. Comment this out if you wantdnl to accept email over the network.
-> dnl DAEMON_OPTIONS(`Port=smtp,Addr=mail.my-site.com, Name=MTA')dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requiresdnl a kernel patchdnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl We strongly recommend to comment this one out if you want to protectdnl yourself from spam. However, the laptop and users on computers that dodnl not have 24x7 DNS do need this.
-> dnl FEATURE(`accept_unresolvable_domains')dnldnl FEATURE(`relay_based_on_MX')dnl
Convert the sendmail client to Convert the sendmail client to serverserverComment out the "SMART_HOST" Entry In
sendmail.mc
Regenerate The sendmail.cf File & Restart sendmail◦ This step can be accomplished by running the
script we created at the beginning of the chapter.
Now Make Sure Sendmail Is Listening On All Interfaces
dnl define(`SMART_HOST',`mail.my-site.com')
# netstat -an | grep :25 | grep tcptcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
# ./smmake
A General Guide To Using The sendmail.mc FileA General Guide To Using The sendmail.mc File
Primary rule, nice and clean sendmail.mc with comments◦Masquerade rewrites all mail from hosts to coming from domain
◦FEATURE adds functionallity to sendmail
dnl ***** Customised section 1 start *****DnlDnlFEATURE(delay_checks)dnlFEATURE(masquerade_envelope)dnlFEATURE(allmasquerade)dnlFEATURE(masquerade_entire_domain)dnldnldnldnl ***** Customised section 1 end *****
Sendmail feature filesSendmail feature files The /etc/mail/relay-domains File
The /etc/mail/access File◦ Keywords include RELAY, REJECT, OK (not ACCEPT) and
DISCARD
The /etc/mail/local-host-names File◦ Also recieve mail from my other site◦ In DNS we need to enter:
my-other-site.commy-site.com
localhost.localdomain RELAYlocalhost RELAY127.0.0.1 RELAY192.168.1.16 RELAY192.168.1.17 RELAY192.168.2 RELAYmy-site.com RELAY
my-site.commy-other-site.com
my-other-site.com. MX 10 mail.my-site.com.
Which User Should Really Receive The Mail?Which User Should Really Receive The Mail?
The /etc/mail/virtusertable file
The /etc/aliases File
Allways run command newaliases after working with aliases
[email protected] [email protected] [email protected] [email protected]@my-site.com [email protected] [email protected] error:nouser User unknown
. . .manager: rootabuse: root# trap decode to catch security attacksdecode: root# Person who should get root's mailroot: marc,[email protected]# My mailing list fileadmin-list: ":include:/home/mailings/admin-list"
Sendmail Masquerading Sendmail Masquerading ExplainedExplained If you want your mail to appear to come from
◦ [email protected] and not [email protected]
You can in that case:a)Configure your email client, such as Outlook
Express, to set your email address to [email protected]
b)Set up masquerading to modify the domain name of all traffic originating from and passing trough your mail server
Configuring masquerading◦ This can be solved by editing your sendmail.mc
configuration file and adding some masquerading commands:
FEATURE(always_add_domain)dnlFEATURE(`masquerade_entire_domain')dnlFEATURE(`masquerade_envelope')dnlFEATURE(`allmasquerade')dnlMASQUERADE_AS(`my-site.com')dnlMASQUERADE_DOMAIN(`my-site.com.')dnlMASQUERADE_DOMAIN(localhost)dnlMASQUERADE_DOMAIN(localhost.localdomain)dnl
Sendmail Masquerading Sendmail Masquerading ExplainedExplained Testing Masquerading
◦ You should also tail the /var/log/maillog file to verify that the masquerading is operating
Other Masquerading Notes◦ By default, user "root" will not be
masqueraded. This is achieved with the:
◦ in /etc/mail/sendmail.mc
mail -v username
EXPOSED_USER(`root')dnl
Using Sendmail to Change the Sender's Email AddressUsing Sendmail to Change the Sender's Email Address
Add these statements to your /etc/mail/sendmail.mc◦ In order to rewrite emails origin address,
you need some features:
◦ In /etc/mail/sendmail.mc Create a /etc/mail/generics-domains Create your /etc/mail/genericstable
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnlGENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
my-site.commy-other-site.combigboy.my-site.com
#linux-username [email protected] [email protected] [email protected]
Fighting SPAM, add featuresFighting SPAM, add features
RFC-Ignorant valid IP address checker.
Easynet open proxy list.
The Open Relay Database open mail relay list.
Spamcop spammer blacklist.
Spamhaus spammer blacklist.
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dn
SpamassassinSpamassassin
Downloading & Installing Spamassassin
Starting Spamassassin
Configuring Procmail for Spamassassin
Startup Spamassassin
◦ Combine spamassasin with sendmail features
cp /etc/mail/spamassassin/spamassassin-spamc.rc /etc/procmailrc
# /etc/init.d/spamassassin start
# chkconfig --level 35 spamassassin on
# rpm –ivh spamassassin-2.60-2.i386.rpm.
Thank youThank you