Top

A Linux User Reference

Search tips
  • search ignores words that are less than 4 characters in length
  • searches are case insensitve
  • if a search does not return anything try it in Boolean mode then Query expansion mode by checking the appropriate radio button e.g. searching for 'cron' in just the Administration category returns nothing - presumably because the 50% threshold is reached. Boolean mode ignores this threshold so a search for 'cron' returns several hits
  • in Boolean mode preceding a word with a '+' means the result must include that word, a '-' means it must not
  • in Boolean mode '+crontab -anacron' means match articles about crontab that DO NOT mention anacron
  • to match a phrase e.g. 'manage system' check the Boolean mode radio button and enclose the phrase in quotes "some phrase ..."
  • in Query expansion mode the search context is expanded beyond the keywords you entered - relevancy of hits may well be degraded

MAIL

Sendmail

  • Brief introduction

    A massive topic in itself - just covering the basics.

    There are a number of configuration files. The main one is /etc/sendmail.cf. It can be edited directly though it is often simpler to edit it's 'm4' macro file sendmail.mc which is then run against the m4 utility to generate the /etc/sendmail.cf file.

    Common macro directives appearing within a '.mc' fiule include:

    OSTYPE()

    dnl - delete through to new line, allows for comments
    
    dnl # OSTYPE()            File must start with exactly one OSTYPE() macro
    
    OSTYPE(`linux')dnl           
    

    define()

    dnl # define()            Can use zero or more define() directives to set variables
    dnl                       which control the operation of the configuration macros.
    
    define(`MAIL_SETTINGS_DIR', `/etc/mail/')dnl
    define(`QUEUE_DIR', `/var/spool/mqueue/qd*')dnl         # For multiple queues
    define(`ALIAS_FILE', `/etc/mail/aliases, 
                          /etc/mail/aliases-2')dnl          # Multiple aliases files
    

    FEATURE()

    dnl # FEATURE()           Zero or more FEATURE() macros can be used to select which
    dnl                       special features to use
    
    FEATURE(`mailertable', `hash /etc/mail/mailertable')dnl
    

    MAILER()

    dnl # MAILER()            One or more MAILER() macros must be used to define which
    dnl                      MDAs are used
    MAILER(smtp)
    MAILER(local)
    

    After editing a '.mc' it then needs to be run through the 'm4' utility to generate the 'sendmail.cf' file.

    Generate sendmail.cf from a .mc file - m4

    # m4 ${CFDIR}/m4/cf.m4 config.mc > sendmail.cf
    
  • Common sendmail errors
    • 'newaliases' and 'm4' commands require the 'sendmail-cf' and 'm4' packages.
    • If you get any of the errors below make sure 'm4', 'sendmail' and 'sendmail-cf' packages are installed correctly.

    Possible error when running 'newaliases'

    # newaliases
    warning: .cf file is out of date: sendmail 8.12.5 supports \
    version 10, .cf file is version 0
    no local mailer defined
    queueDirectory (Q) option must be set
    

    Sample errors when processing the 'sendmail.mc' file

    # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
    /etc/mail/sendmail.mc:8: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: \
    No such file or directory
    

    Sample errors when restarting sendmail

    # service sendmail restart
    shutting down sendmail: [ OK ]
    shutting down sm-client: [FAILED]
    starting sendmail: 554 5.0.0 No local mailer defined
    554 5.0.0 QueueDirectory (Q) option must be set
    [FAILED]
    starting sm-client: [ OK ]
    

    Incorrectly Configured /etc/hosts files

    WARNING: local host name (somehostname) is not qualified; fix $j in config file
    
  • Relaying

    Send on mail that arrives at this host (mail server) but is not for this host or domain.

    Relaying used to be on by default, it is now off. A whitelist defines whether an email addressed to a domain other than the hosts should be relayed or not.

    The whitelist, a file, which can be named anything - in this example it is /etc/mail/relay-domains, contains a list of domains that are allowed to be relayed. access db is also checked

    Relaying macro directives - .mc file

    RELAY_DOMAIN(`asingle.domain.com')dnl             # Multiple statements for multiple domains
    
    dnl                                               # or
    RELAY_DOMAIN_FILE(`/etc/mail/relay-domains')dnl
    

    The 'relays' file - /etc/mail/relay-domains

    notme.server.com
    someother.server.com
    

    Convert .mc to .cf file - m4

    # m4 ${CFDIR}/m4/cf.m4 sendmail.mc > sendmail.cf
    # cp sendmail.cf /etc/mail/sendmail.cf
    

    Reload sendmail

    # /etc/init.d/sendmail reload
                                        (or)
    # killall -HUP sendmail
    
  • Host alias
    • Used when a system is required to accept mail from multiple domains, i.e. alternate hostnames for the system.
    • The macro directive points to a file that contains pertinent data. In this case the default file name is used.

    Host alias macro directives - sendmail.mc

    FEATURE(`use_cw_file')dnl             # Use_cw_file defaults to /etc/mail/local-host-names
    LOCAL_DOMAIN(`alias.host.name')dnl    # Or specify a single local system hostname alias
    

    Default host aliases file - /etc/mail/local-host-names

    a.domain.com                          # If hostname of server is not the same as the email domain
    another.domain.com                    # Then needs to be added to this file
    

    Test the configuration

    # sendmail -bt
    $=w                                   (Lists accepted domains)
    /quit
    
  • Bastion host
    mailertable
    • A Bastion host helps protect an internal network from an external network (often the Internet)
    • It controls the routing of mail between systems on the two networks
    • It uses /etc/mail/mailertable

    Enable mailertable feature - sendmail.mc

    FEATURE(`mailertable')dnl
    

    Configure the mailertable - /etc/mail/mailertable

    # Format: 
    # <email domain to route><white-space><how>:<where to send >
    
    internal1.domain.com smtp:[192.168.0.3]         # 192.168.0.3 = internal mail server
    internal2.domain.com smtp:[192.168.0.5]
    internal3.domain.com smtp:[192.168.0.7]
    host.com  procmail:/etc/procmailrcs/host.com    # Example of using procmail to route
    

    The procmail recipe - /etc/procmailrcs/host.com

    :0                                              # Forward all mail for <anybody>@host.com
    ! -oi -f $1 person@other.host                   # To a single user, $1=name of sender, 
                                                    # $2=name of recipient
    

    REMEMBER - no comments on condition line (this example has to aid explanation).

    Convert flat mailertable file to a database - makemap

    # makemap hash /etc/mail/mailertable 
    

    Reload sendmail

    # /etc/init.d/sendmail reload
                                                (or)
    # killall -HUP sendmail
    

    Test the configuration change

    # sendmail -bt
    /map mailertable internal1.domain.com       (Displays smtp:[192.168.0.3])
    /quit
    
  • Smart host
    • A smart host is a host which has been configured to relay all outgoing mail that cannot be delivered directly.
    • Set the DS directive (sendmail.cf) to the IP address(or Domain name) of the Smart host.

    Configuration via .mc file - sendmail.mc

    define(`SMART_HOST, `[IP | smart.domain.name])
    

    Configuration via sendmail.cf

    DS  smart.domain.name
    

    Best use '.mc' file though for small changes ... also maybe better to use an IP in case of problems with name resolution.

    Convert '.mc' to '.cf' file using Makefile utility

    # /etc/mail/make
    

    Convert '.mc' to '.cf' file if no Makefile utility

    # m4 /path to/m4/cf.m4 sendmail.mc > sendmail.cf
    # cp /etc/sendmail.cf /etc/sendmail.cf.old
    # cp sendmail.cf /etc/sendmail.cf
    

    Reload sendmail

  • Main sendmail tables
    File Name Description
    access Allow or deny relaying of mail from various hosts and domains. access.db is the hash file that is actually used by Sendmail (edit access then run "make" in the /etc/mail directory)
    domaintable Domain name mappings.
    local-host-names Names of all the domains and hosts for which the server is the endpoint. All domain names listed here are accepted for local delivery, no mail for a domain name listed here will be routed any further.
    mailertable Routing table that overrides other mail routes for specified domains.
    sendmail.cf Main configuration file for Sendmail. Controls all aspects of Sendmail, including its connections, timeouts, and routing instructions. All other files in this list are simply extensions of settings hidden within this file.
    sendmail.mc Macro configuration file. "Simplifies" editing of sendmail.cf. Anything done via sendmail.mc can also be done by directly editing the sendmail.cf file. The advantage to using the sendmail.mc file is that it records preferences and allows them to be re-applied to an updated version of Sendmail.
    trusted-users Users that can send mail as other users (sort of an su for sending mail). Apache and Mailman are good examples of users you might include in this file.
    virtusertable Acts as an aliases file for virtual domains. Allows the hosting of multiple domains on one machine.
  • Selective rewriting of domain names
    domaintable

    The company changes it's address/name but still needs to receive mail for the old address along with the new.

    /etc/mail/domaintable

    ux4.cso.uiuc.edu   students.uiuc.edu               # Oldname -> Newname
    
  • Map INCOMING email to a local account
    virtusertable

    /etc/mail/virtusertable

    tom@foo.com     tsmith                             # Mail is placed in tsmith's mailbox
    info@bar.com    bar-info
    joe@bar.com     error:nouser No such user here
    @baz.com        %1@example.com                     # Keep the original user name
    customer-support@isp.com custsupp                  # -> /etc/mail/aliases
    

    Convert flat file to db file and reload sendmail

    # makemap hash /etc/mail/virtusertable < sourcefile
    # kill -HUP <sendmail PID>
    

    Test the configuration

    # Sendmail -bt
    /map virtuser tom@foo.com                      (Returns where mail is sent i.e tsmith)
    /quit
    
  • Rewriting of OUTBOUND mail
    genericstable

    A mirror of virtusertable.

    /etc/mail/genericstable

    tsmith  tom@foo.com
    bar-info info@bar.com
    custsupp customer-support@isp.com
    

    Convert flat file to db file and reload sendmail

    # makemap -r hash genericstable.db < sourcefile
    # kill -HUP <sendmail PID>
    

    Test the configuration

    # sendmail -bt
    /map generics tsmith                           (Returns where mail is sent i.e tom@foo.com)
    /quit
    
  • Map full-names to user account names
    userdb

    Not intended for this purpose but can still be used.

    /etc/mail/userdb

    mark.smith@local.host.name    msmith
    

    Not a good idea to use fullnames as local-parts as they are not unique.

    Convert flat file to db file and reload sendmail

    # makemap btree /etc/mail/userdb < /etc/mail/userdb.txt
    # kill -HUP <sendmail PID>
    
  • Redirect mail for local recipients
    /etc/mail/aliases

    Example file entries

    MAILER-DEMON: postmaster
    postmaster: root
    root:  mark
    john.smith: jsmith
    custsupp: jsmith,mtom,amarlow
    

    Update sendmail with the changes

    # newaliases
                         (or)
    # sendmail -bi
    

    No need to re-load sendmail. Run either after any changes to aliases file.

    Do not use 'makemap hash' to create access.db.

  • Access control for systems and users
    /etc/mail/access

    Allow, deny access for systems and users.

    Sample file entries

    spammer@spammers.com   DISCARD
    spams-r-us.com   DISCARD
    192.168.0   OK
    host.somewhere.com  REJECT            # Send a generic rejection message
    relay.server.com  RELAY               # Can use this system as a RELAY
    relay2.server.com  RELAY
    From:pain@some.addr.com REJECT
    LUSERS@    DISCARD                    # Addressed to local users that do
                                          # not have local accounts
    

    Convert flat file to db file and reload sendmail

    # makemap hash access < source file
    # kill -HUP <sendmail PID>
    

    Test changes

    # sendmail -bt
    /map access 192.168.0                 (Returns access db's entry => OK)
    /quit
    
  • Sendmail program
    /usr/sbin/sendmail

    Possibly a bit dated - refer to the installed versions man pages.

    sendmail [options ...]
    
    Command sendmail flags:
     -bi                     Initialise its aliases database.
     -bp                     Print out the mail queue same as 'mailq''.
     -bs                     Run an SMTP session on stdout and stdin, just as if you'd 
                             telneted to port 25.
     -bv                     Verify address mode. This flag should be followed with a 
                             list of addresses to verify.
     -Fname_of_sender        Set full name of sender to name_of_sender. Modern versions 
                             of sendmail will stamp a warning header on the outgoing 
                             message - can be used to forge email.
     -qinterval              Process the mail queue at 'interval' minutes.  If 'interval'
                             is 0 mail queue is only processed once.
     -t                      Get the recipient of the message from the message headers. 
                             Often used by MUAs which call sendmail to deliver outgoing 
                             mail - no need to pass the recipient addresses on the cmd-line.
    

    Start sendmail from the command line

    #/usr/sbin/sendmail -bd -q20m
    

    '-bd' - Run as a daemon and listen on tcp port 25.

    '-q20m' - Start a job every 20 minutes to attempt to clear queue.

  • Logging file format
    /var/log/maillog

    Sendmail writes all its status messages to this file, always monitor this file whenever you are doing changes.

    # General format: 
    # date, host, sendmail_function[pid]: <queue id>: [occurrence]=message ...
    
    [occurrence]
     Relay                   Shows system that sent and received the relayed message
                             e.g. 'relay=root@localhost'
     Delay                   [days+]hh:mm:ss delay between time message was received
                             and delivered
     Nrcpts                  Number of recipients after aliasing 
     From                    From address/sender
     Pri                     Priority
     Size                    In bytes
    

    Made up log entry example - 'date' whould be a time/date stamp

    'date' a-host sendmail[1234]:fsge127346: from=root,size=0, class=0, nrcpts=0, \
    relay=root@domain.com
    
  • Display contents of mail queues
    /usr/bin/mailq

    Print the mail queue

    # sendmail -bp
    

    Each MTA will have its own programs to manage mail queues. They may or may not emulate sendmail commands.

    mailq [-Ac] [-q...] [-v]
    
    Common options:
     -Ac                  Show the queue specified in /etc/mail/submit.cf instead of 
                          in /etc/mail/sendmail.cf.
     -qL                  Show the "lost" items in the mail queue instead of the 
                          normal queue items.
     -qQ                  Show the quarantined items in the mail queue instead of the
                          normal queue items.
     -q[!]I substr        Show or not '!' queue IDs containing substr in queue ID.
     -q[!]Q substr        Show or not '!' quarantined jobs containing substr in the
                          quarantine reason.
     -q[!]R substr        Show or not '!' those containing substr in recipients.
     -q[!]S substr        Show or not '!' those containing substr in sender.
    

    For each message in the mail queue:

    The first line
    • Internal identifier (the host's message identifier with a possible status character)
    • The size of the message in bytes
    • The date and time the message was accepted into the queue
    • The envelope sender of the message
    The second line

    The error message that caused the message to be retained in the queue. Will not be present if message is being processed for the first time.

    Status characters Description
    * indicates the job is being processed
    X indicates that the load is too high to process the job
    - indicates that the job is too young to process
    The remaining lines

    Message recipients, one per line

  • Display mail statistics
    mailstats

    Check against man pages of your installed version - may well be dated.

    mailstats [-c] [-o] [-p] [-P]
              [-C cffile] [-f stfile]
    
    Options:
     -C           Read an alternative configuration file.
     -c           Try to use submit.cf instead of the default sendmail
                  configuration file.
     -f           Read an alternative statistics file instead of default.
     -P           Output information in program-readable mode without 
                  clearing statistics.
     -p           Output information in program-readable mode and clear
                  statistics.
     -o           Don't display the name of the mailer in the output.
    
  • A configuration walkthrough

    Got this stuff off someone's web site (sorry to whoever it was - cannot remember the site details), in my view - does a good job describing the steps required.

    (1). Configure sendmail to accept mail from localhost only

    Add the hostname and IP address for the new e-mail server to your DNS server, include in-addr.arpa entry.

    Confirm mailserver name resolution

    # nslookup -sil testmail.mydomain.com
    server:         192.168.100.1
    address:        192.168.100.1#53
    name:         testmail.mydomain.com
    address:        192.168.100.134
    

    Confirm reverse lookup

    # nslookup -sil   192.168.100.134
    server:         192.168.100.1
    address:        192.168.100.1#53
    134.100.168.192.in-addr.arpa    name = TESTMAIL.mydomain.com.
    

    Confirm server is listening on default port 25

    # netstat -nl
    active Internet connections (only servers)
    .....
    lISTEN
    tcp        0      0 127.0.0.1:25            0.0.0.0:*
    .....
    
    (2). Configure sendmail to accept mail from remote hosts

    Set DaemonPortOptions in /etc/sendmail.cf

    # SMTP daemon options
    #DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA         # Old/default entry to
    daemonPortOptions=Port=smtp,Addr=192.168.100.134, Name=MTA    # Listen on this network interface
    

    It's ok to edit directly if you are 100% sure about what you are doing - small changes.

    Restart sendmail to effect the change

    # /etc/init.d/sendmail restart
    # netstat -nl
    .....
    lISTEN
    tcp    0   0 192.168.100.134:25    0.0.0.0:*
    .....
    
    (3). Assign domains that mail will be accepted for

    Include all aliases for the machine - /etc/mail/local-host-names

    mydomain.com
    another.com
    and-another.com
    .....
    

    Restart sendmail

    # /etc/init.d/sendmail restart
    

    Now have a fully working e-mail server. It can accept e-mail from anywhere in the world, but can only send e-mail or relay e-mail from the localhost.

    Default security feature is that sendmail will not allow the relay of any mail (prevents spam originating from the server).

    If users log directly into the server, this configuration does not need modification. If users use e-mail clients from remote sites then will need to allow those machines to relay e-mail, while not becoming an open relay.

    (4). Enable relaying

    Add relevant domains to relay for - /etc/mail/access

    # by default allow relaying from localhost
    localhost.localdomain    RELAY
    localhost                RELAY
    127.0.0.1                RELAY
    mydomain.com             RELAY
    

    Make access.db after changes to /etc/mail/access

    # makemap hash /etc/mail/access.db < /etc/mail/access
    

    The server can now accept e-mail from anywhere in the world. The server will relay for approved domains. May wish to allow approved clients remote access to their mail, can be accomplished with IMAP or POP.

    (5). Enable POP3 connections to the e-mail server, can use /etc/xinetd - steps

    A default server install may not include all the required packages, if so need to install imap or pop3. If you are playing around on a desktop distro you will probably need to install the 'xinetd' package.

    Configure POP3 - /etc/xinetd.d/ipop3

    # default: off
    service pop3
    {
       socket_type    = stream
       wait           = no
       user           = root
       server         = /usr/sbin/ipop3d
       log_on_success += USERID
       log_on_failure += USERID
       disable        = no
    }
    

    Restart the xinetd

    # /etc/init.d/xinetd restart
    
  • Some performance considerations
    Server IDENT sessions

    The e-mail server initiates an IDENT session with the client to confirm its identity. If for any reason there is a slow connection between the client and or the POP server the mail server will implement a timeout (default of 5 secs). This can slow things down even more.

    The timeout value can be reduced to 1 second to remove most of the delay caused by IDENT or set to 0 to switch IDENT off.

    Reduce IDENT delays - /etc/sendmail.cf

    # timeouts (many of these)
    #O Timeout.ident=5s
    O Timeout.ident=1s
    

    Set to 1 second

    Some more server settings - /etc/sendmail.cf

     O MaxMessageSize=1000000                 Maximum message size in bytes; default = no limit.
     O LogLevel=9                             Controls the amount of information that goes into the
                                              log files.
     O MeToo=True                             True, sender gets copy of email they send to an alias.
     O Timeout.iconnect=5m                    Initial connection timeout, used to weed out slow hosts.
                                              Try setting to 5s. If fails to connect delivery to host
                                              is moved to back of queue, "O Timeout.connect" value used
                                              on next attempt to deliver.
     O Timeout.helo=5m                        Time to wait for the HELO command to complete (initial 
                                              connection) RFC's call for 5 minutes, wouldn't make it 
                                              smaller than 2 minutes.
     O Timeout.mail=10m                       Timeout for the response to the MAIL command
                                              RFC specifies a minimum of 5 minutes, try out - 2 minutes.
     O Timeout.datainit=5m                    Timeout for the response to the DATA cmd, RFC states 
                                              minimum of 2 mins.
     O Timeout.ident=0                        Switch off IDENT.
     O DefaultUser=8:12                       UserID:GroupID that Sendmail runs as.
     O QueueLA=8                              Load average at which Sendmail queues up new messages.
     O RefuseLA=12                            Load average to start to reject connections, modify if
                                              QueueLA changed.
     O MaxDaemonChildren=0                    Maximum number of child processes allowed at one time.
     O DeadLetterDrop=/tmp/dead.letter        Where to save bounces.
     O MaxRecipientsPerMessage=100            Maximum number of recipients in a message.