situ: sendmail

Showing posts with label sendmail. Show all posts

Sunday, 22 November 2009

Configuring Sendmail to Relay Messages from Other Servers

Index

Part 1. Configuring Sendmail on Solaris 10
Part 2. Configuring Sendmail to Masquerade Your Messages
Part 3. Configuring Sendmail to Relay Messages to Another Server
Part 4. Configuring Sendmail to Relay Messages from Other Servers

Introduction

In the previous post you've learnt how to configure Sendmail to relay messages to another server. Now, such a server should be probably be configured to accept incoming messages to relay from other servers. Solaris 10 Sendmail default configuration does not allow message relay and proper configuration must be applied to Sendmail.

Configuring Relay for Hosts and Domains

The quickest way to have Sendmail relay messages for other domains is by modifying the /etc/mail/relay-domains file. Sendmail will relay mail for every domain listed in that file. If you want your server to relay messages for domain a.com, b.com and c.com, just insert the corresponding lines into /etc/mail/relay-domains and restart your Senmail instance:

# cat /etc/mail/relay-domains
a.com
b.com
c.com

Configuring the Access Database

If you want to relay messages from specific hosts (as well as domains and networks) you can use the access database. The access database lists email addresses, network numbers and domain names and a rule. Available rules are:

OK: Accept mail even if other rules in the running ruleset would reject it.
RELAY: Accept mail addressed to the indicated domain or received from the indicated
domain for relaying.
REJECT: Reject the sender or recipient with a general purpose message.
DISCARD: Discard the message completely using the $#discard mailer.
(A RFC-821 compliant error text): Return the error message.

If you want your Sendmail to relay mails for a domain or from some specific hosts, modify your /etc/mail/access accordingly:
your-domain       RELAY
192.168.0        RELAY
another-domain    RELAY
unwanted-host     REJECT

Once done, you have to generate the access db with the following command:

# makemap hash /etc/mail/access.db < /etc/mail/access

Enabling the Access Database

To have your Sendmail use the access database, you must properly configure it adding the access_db feature to its configuration file:

# cat your-file.mc
[...snip...]
FEATURE(`access_db')
[...snip...]

Restart your Sendmail and enjoy!

A Word of Warning: DNS Configuration

Sendmail often requires that host name you use in your configuration files (such as the access database) are properly configured in your name server, both for lookup and reverse lookup. I hope this will spare you some headache while debugging.

Configuring Sendmail to Relay Messages to Another Server

Index

Introduction

Sometimes you just need to configure your Sendmail to relay messages to another server. I often use such a configuration to centralize Sendmail configuration: if something had to change I would just need to change a reduced number of configuration files. For example, I made heavy use of Solaris Zones technology. Unless particular configuration is needed, whenever I create a new zone, I just configure its Sendmail to relay messages to another server (which is, incidentally, one of the preconfigured Sendmail zones we use).

Setting Up a Sendmail Smart Host

Setting up Sendmail to relay messages to another server is pretty easy. Modify your configuration file and use the following macro:

[...snip...]
define(`SMART_HOST', `your-smart-host')
[...snip...]

The smart host is the host this instance will relay messages to. This macro will be translated into a DS statement in your Sendmail configuration file. You should never modify .cf files directly: always compile .mc files! By the way, sometimes is useful to know .cf syntax if you need to interpret existing .cf files when you've lost the corresponding .mc files (something that should never pass to a seasoned System Administrator).

Configuring Sendmail to Masquerade Your Messages

Index

Sendmail Masquerading

Now that you've got your Sendmail up and running it's time to do some tweaking. If you try and send mail from your host, you'll notice that messages are sent from an address such as your-user-name@hostname.your.domain. That's not probably what you want (that address isn't probably even reachable from the outside) and you'd rather like: your-user-name@your.domain. Fine, that feature is called masquerading. To masquerade outgoing mail you can use the MASQUERADE_AS and MASQUERADE_DOMAIN macros, as in the following example:

divert(0)dnl
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MASQUERADE_AS(`your-domain.com')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_DOMAIN(`your-domain.com')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3

Restart your sendmail and the job is done.

Configuring Sendmail on Solaris 10

Index

Introduction

Whoever tried to get Sendmail up and running will agree that taming Sendmail requires black magic. I won't even try to enter into Sendmail internal and details: I don't master it and conform with being able to configure my Solaris box (and zones) to fulfill my needs. Nevertheless, I'll admit that Sendmail has got its own spell and felt compelled to keep on reading on to discover what Sendmail is capable of.

Verifying Sendmail State and Starting It Up

Solaris 10 Sendmail is configured as an SMF-managed service. To check sendmail status you can use:

$ svcs \*sendmail\*
STATE STIME FMRI
online 14:19:23 svc:/network/smtp:sendmail

If Sendmail were not enabled, just use svcadm to bring it up:

# svcadm enable svc:/network/smtp:sendmail

Configuring Sendmail for Open Mode

Solaris 10 Sendmail configuration is such that Sendmail will only run in local mode, thus rejecting connections from other hosts. If you want to review Sendmail default Solaris 10 configuration, you can use:

# svccfg -s svc:/network/smtp:sendmail listprop
[...snip...]
config/local_only                    boolean true
[...snip...]

If you're curios, SMF properties are used by SFM methods. A closer examination to Sendmail startup script in Solaris 10, indeed, reveals the following:

    local=`/usr/bin/svcprop -p config/local_only $SMF_FMRI 2>/dev/null`
    if [ $? = 0 -a "$local" = "true" ]; then
        OPTIONS="$OPTIONS -C /etc/mail/local.cf"
    fi

If you want to configure your Sendmail to work in open mode you can run the following:

# svccfg -s svc:/network/smtp:sendmail setprop config/local_only= boolean: false
# svcadm restart svc:/network/smtp:sendmail

Solaris 10 Default configuration

If you inspect the default sendmail.mc file for Solaris 10 you'll find the following:

divert(0)dnl
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl

LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3

Local and smtp mailers are on and you should be able to send mail, both locally and remotely, from such a host. Unless you configure your perform additional configuration, you won't be able to connect remotely to this instance, nor using such an instance as a mail relay. Naturally, some tweaking is usually required and it will be performed with the procedure described in the following sections.

Building a Configuration File for Sendmail

To build a configuration file for your Sendmail you can perform the following:

Temporarily disable your Sendmail:

# svcadm disable -t svc:/network/smtp:sendmail

Go to Sendmail configuration templates directory:

# cd /etc/mail/cf/cf

Start with a fresh file and write your configuration down:

# cp sendmail.mc your-file.mc

Compile your file:

# /usr/ccs/bin/make your-file.cf

Test your configuration:

# sendmail -C your-file.cf -v your-email-address </dev/null

Apply your configuration:

# cp your-file.cf /etc/mail/sendmail.cf

Restart and use Sendmail:

# svcadm enable svc:/network/smtp:sendmail

A good place to start for studying Solaris 10 Sendmail is Solaris System Administration Guide: Network Services (Chapter 13).