sendmail: Introduction and Configuration

[root@testmail /root]# nslookup -sil testmail.blank.com

Server: 192.168.100.1

Address: 192.168.100.1#53

Name: testmail.blank.com

Address: 192.168.100.134

It is also important that your administrator put a reverse DNS entry to prevent
delays in mail delivery. Most modern e-mail servers use reverse lookup as a
means of authentication for mail transfer. Again, confirm this setting is correct
using the nslookup command on your IP address.

[root@testmail /root]# nslookup -sil 192.168.100.134

Server: 192.168.100.1

Address: 192.168.100.1#53

134.100.168.192.in-addr.arpa name = TESTMAIL.blank.com.

As you can see, the DNS entries are setup and working correctly, so let's move
on to actually configuring sendmail. By default, sendmail installations on Red
Hat will only allow SMTP traffic on the localhost. The output of netstat -nl will
show you all ports that have a dæmon listening; note the line that says
127.0.0.1:25. This means the server is only listening on the loop back interface
for connections on port 25 (SMTP).

[root@testmail /root]# netstat -nl

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address

State

tcp 0 0 0.0.0.0:32768 0.0.0.0:*

LISTEN

tcp 0 0 0.0.0.0:111 0.0.0.0:*

tcp 0 0 0.0.0.0:22 0.0.0.0:*

LISTEN

tcp 0 0 127.0.0.1:25 0.0.0.0:*

LISTEN

udp 0 0 0.0.0.0:32768 0.0.0.0:*

udp 0 0 0.0.0.0:667 0.0.0.0:*

udp 0 0 0.0.0.0:111 0.0.0.0:*

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 1119 /dev/gpmctl

unix 2 [ ACC ] STREAM LISTENING 1172

/tmp/.font-unix/fs7100

This will keep your mail dæmon from accepting e-mail from any computer
except the localhost. To fix this issue, we must tell sendmail to listen for
connections on the external interface. In the case of our new server, there is
only one Ethernet card, with eth0 being the external interface. To confirm the
IP on eth0, simply perform anifconfig. Depending on your configuration, this
IP can be different than the address defined by your DNS server, but in our
example the addresses are the same.

[root@testmail /root]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:60:97:DE:E9:99

inet addr:192.168.100.134 Bcast:192.168.100.255

Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:12421 errors:0 dropped:0 overruns:0 frame:0

TX packets:5 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100
Interrupt:10 Base address:0xe000

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:6 errors:0 dropped:0 overruns:0 frame:0

TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

This machine has an address of 192.168.100.134 on the eth0 interface. Once

# SMTP daemon options

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

change to

O DaemonPortOptions=Port=smtp,Addr=192.168.100.134, Name=MTA

Once you have completed this task, save this file and restart the sendmail
dæmon using the rc script /etc/init.d/sendmail.

[root@testmail /root]# /etc/init.d/sendmail restart

Shutting down sendmail: [ OK ]

Starting sendmail: [ OK ]

[root@testmail /root]#

Now check to see if there has been a change with the netstat -nl command. As
you can see the output clearly shows that a dæmon (sendmail) is listening on
port 25 of the IP address 192.168.100.134 that is assigned to our interface
eth0.
[root@testmail /root]# netstat -nl

Active Internet connections (only servers)

Proto Recv-Q send-Q Local Address Foreign Address

State

tcp 0 0 0.0.0.0:32768 0.0.0.0:*

LISTEN

tcp 0 0 0.0.0.0:111 0.0.0.0:*

LISTEN

tcp 0 0 0.0.0.0:22 0.0.0.0:*

LISTEN

tcp 0 0 192.168.100.134:25 0.0.0.0:*

LISTEN

udp 0 0 0.0.0.0:32768 0.0.0.0:*

udp 0 0 0.0.0.0:667 0.0.0.0:*

udp 0 0 0.0.0.0:111 0.0.0.0:*

Active UNIX domain sockets (only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2 [ ACC ] STREAM LISTENING 1119 /dev/gpmctl

unix 2 [ ACC ] STREAM LISTENING 1172

/tmp/.font-unix/fs7100

[root@testmail /root]#

Now that we have sendmail accepting external connections, we need to assign

# local-host-names - include all aliases for your machine here.

blank.com
Once this information is saved in this file, restart the sendmail dæmon with
the rc script sendmail found in /etc/init.d/sendmail restart. sendmail can
accept e-mail for multiple domains on the same server. Insert the domain
name into this file each time you want to add a new domain.

You now have a fully working e-mail server from the localhost. It can accept e-
mail from anywhere in the world, but can only send e-mail or relay e-mail
from the localhost. Another default security feature is that sendmail will not
allow the relay of any mail to prevent spam originating from your server. If
your users log directly into the server, this configuration does not need
modification. But if your organization is like most, clients are using e-mail
from remote sites. If your users use clients like KMail or Outlook Express, you
will need to allow those machines to relay e-mail using your new server, but
you do not want to open your site up to complete relay. This can be done by
adding the following line to the /etc/mail/access file and running the
command make access.db after saving that file.

blank.com RELAY

# Check the /usr/share/doc/sendmail-8.11.2/README.cf file for a

description

# of the format of this file. (search for access_db in that file)

# The /usr/share/doc/sendmail-8.11.2/README.cf is part of the

sendmail-doc

# package.

# by default we allow relaying from localhost...

localhost.localdomain RELAY

localhost RELAY

127.0.0.1 RELAY

blank.com RELAY
[root@testmail mail]# make access.db

[root@testmail mail]#

The make access.db command will include your new setting in the hash
database used by sendmail to determine who can relay e-mail off your server.
This will allow connections from inside the blank.com domain to relay e-mail
from your new mail server, and prevent use of the service to nonmembers.
One can also put a subnet of IPs, such as 192.168, to limit inside a domain.
Keep in mind that if this setting is to open, spammers can bounce huge
amounts of e-mail off your system.

Now that you can accept e-mail from anywhere in the world, have configured
your domain, and allowed relay e-mail for approved clients, you may want to
allow remote access to that mail. This can be accomplished with IMAP or POP.
With a default server install, not all required packages are installed to make
POP/IMAP mail work. These services can be obtained by the installation of
the imap-2000-9 rpm package. To check the install status of this package use
the following command: rpm -aq | grep -i imap. If no package is found,
insert Disk 2 of the Red Hat 7.1 installation disk set into your cd-rom and
mount that media. To accomplish this use the mount /dev/cdrom
/mnt/cdrom command.

[root@testmail mail]# mount /dev/cdrom /mnt/cdrom

mount: block device /dev/cdrom is write-protected, mounting read-only

(Successful Mount of Read-Only Media)

Once mounted you can install the package with rpm -Uvh

/mnt/cdrom/RedHat/RPMS/imap-2000-9.i386.rpm.

[root@testmail mail]# rpm -Uvh

/mnt/cdrom/RedHat/RPMS/imap-2000-9.i386.rpm

Preparing... ###########################################

[100%]
1:imap ###########################################

[100%]

As you can see, when I run the rpm search, rpm -aq | grep -i

imap the IMAP package is displayed with output.

[root@testmail mail]# rpm -aq | grep -i imap

imap-2000-9

[root@testmail mail]#

With the correct package install, you now need to enable POP3 connections to
your new e-mail server. This can be accomplished in the /etc/xinetd.d
directory by modifying the ipop3 file. Set the value for disable to no, and save
the file. Remember to maintain the case as it appears in the file.

# default: off

# description: The POP3 service allows remote users to access their mail

# using an POP3 client such as Netscape Communicator, mutt,

# or fetchmail.

service pop3

socket_type = stream

wait = no

user = root

server = /usr/sbin/ipop3d

log_on_success += USERID

log_on_failure += USERID

disable = no

}
Now you need to restart the xinetd dæmon to make the new setting work. This
is possible by using the rc script /etc/init.d/xinetd. Simply issue the restart
command as seen below.

[root@testmail xinetd.d]# /etc/init.d/xinetd restart

Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]

[root@testmail xinetd.d]#

Now send a test e-mail to your new server and connect to the server via your
favorite pop client. You should now be able to access your e-mail via POP
protocol.

One final consideration about your new server is performance. You may
receive complaints about slow connection to your POP server if the client
traffic is being initiated from behind a firewall. The reason for this delay is that
your e-mail server initiates a IDENT session with the client to confirm the
identity of the client. If there is no response to that query, the server will
invoke a timeout value set by default to 5 seconds. This value can be reduced
to 1 second to remove most of the delay caused by IDENT. To change this
value edit the /etc/sendmail.cf file, and reduce the timeout value to the
desired value.

# timeouts (many of these)

#O Timeout.ident=5s

change to

O Timeout.ident=1s

Your e-mail server is now working and providing service to your users. There
are many more configurations for sendmail that are beyond the scope of this
article. Linux will provide a very stable, robust platform for your e-mail needs.
To find more information about sendmail visit www.sendmail.org.