7.6. Configuring the sendmail Server
sendmail is a robust email server. Like Apache, it has an enormous number of configuration options to handle many different service scenarios, even though many of these scenarios are pretty rare. With a small amount of configuration, sendmail can be configured to handle most mail-serving tasks.
7.6.1. How Do I Do That?
Fedora's default sendmail configuration will:
126.96.36.199. Preparing to configure sendmail and activating changes
# yum install sendmail-cf
Changes to the sendmail configuration are made to the file /etc/mail/sendmail.mc. However, this isn't the sendmail configuration file! Instead, it's a file that is used to generate the sendmail configuration file, /etc/mail/sendmail.cf.
To generate a new sendmail.cf file:
# cd /etc/mail # make
This must be done after each change is made to sendmail.mc. Reload the sendmail server to make your changes take effect:
# service sendmail reload
188.8.131.52. Configuring sendmail to use a mail relay
Some Internet Service Providers (ISPs) block email traffic to all mail servers except their own. This is intended to block viruses that set themselves up as a mail server, but it also interferes with Fedora's default sendmail configuration, which expects to be able to send email directly to the destination system.
To configure sendmail to send your outbound email through your ISP's mail server, find the line in /etc/mail/sendmail.mc that contains the word SMART_HOST:
dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(\QSMART_HOST',\Q smtp.your.provider')
In this file, dnl means discard to newline, which effectively turns this line into a comment. Uncomment the SMART_HOST line by removing the dnl and then replace smtp.your.provider with the name of your ISP's mail server:
184.108.40.206. Configuring sendmail to accept inbound email
To enable remote inbound connections, locate the line in sendmail.mc that contains the loopback address 127.0.0.1:
dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(\QPort=smtp,Addr=127.0.0.1, Name=MTA')dnl
Add dnl to the start of this line to comment it out:
dnl DAEMON_OPTIONS(\QPort=smtp,Addr=127.0.0.1, Name=MTA')dnl
sendmail will then accept connections on all network interfaces and deliver mail that is addressed to a user on the local host. For example, if the hostname is bluesky.fedorabook.com, then email addressed to firstname.lastname@example.org will be delivered to the mailbox of the local user chris, which is /var/spool/mail/chris.
# local-host-names - include all aliases for your machine here. fedorabook.commailserver.fedorabook.comglobal.proximity.on.ca
220.127.116.11. Using aliases
There are many standard email addresses that people expect to be able to use: webmaster to reach the person responsible for the web server and content, abuse to report spam problems, info as a general information contact, and so forth. Mail sent to these standard addresses can be redirected to the mailbox of chosen users through the sendmail alias facility.
Aliases are configured in the file /etc/aliases, which looks like this:
# # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root daemon: root adm: root ...(Lines snipped)... info: postmaster marketing: postmaster sales: postmaster support: postmaster # trap decode to catch security attacks decode: root # Person who should get root's mail #root: marc
You'll notice that all of the standard aliases are redirected to rootbut on most systems, no one checks the root mailbox, so you should start by defining who is to receive mail addressed to root. Uncomment the last line of this file and replace marc with a valid user ID:
Next, change any aliases that you do not wish to redirect to root, sending the mail to the user of your choice:
info: sam marketing: frida sales: angela support: henry
Destination mailboxes do not have to be local:
And it's possible to specify multiple destinations for an alias, separated by commas:
webmaster: frank, email@example.com
sales-team: angela, sue, mike, olgovie, george sysadmins: firstname.lastname@example.org, email@example.com, george
Note that alias destinations can be on multiple lines.
You can create as many aliases as you want, whenever you want. Aliases are handy for creating disposable email addresses. I create batches of made-up addresses from time to time and use them when I register for a conference or web site, or when I enter a contest:
daa: chris dab: chris dac: chris dad: chris dae: chris daf: chris
When I use one of these addresses, I record who I gave it to, and if I see spam arriving with that address, then I know who has been abusing my personal information. I can discontinue receiving mail at that address simply by removing the offending alias from the aliases file.
18.104.22.168. Configuring virtual users
Aliases (and regular user accounts) have one critical limitation: they apply to all of the domains for which sendmail is accepting mail. If you have a server that is accepting mail for fedorabook.com as well as global.proximity.on.ca, and you define an alias or create a user account named chris, then mail to firstname.lastname@example.org and mail to email@example.com will end up in the same mailbox.
To overcome this limitation, use the /etc/mail/virtusertable file to define where mail to each address should be sent. Each line in this file consists of an address, a space, and the destination. Here is an example:
firstname.lastname@example.org chris email@example.com firstname.lastname@example.org
email@example.com joseph firstname.lastname@example.org email@example.com @fedorabook.com chris
The last entry will redirect all mail to the fedorabook.com domain to the local user chris, except for mail addressed to firstname.lastname@example.org or email@example.com (because they are listed first, and the file is processed in the sequence given).
Like /etc/mail/sendmail.mc, the virtusertable file must be processed before it is used:
# cd /etc/mail # make
22.214.171.124. Configuring Masquerading
sendmail includes masquerading capability, which enables outbound mail to be modified so that it looks like it came from another system. This is commonly used to remove hostname information from the email address. To configure bluesky.fedorabook.com so that outbound mail appears to be from user @fedorabook.com instead of user @bluesky.fedorabook.com, locate the MASQUERADE_AS line in /etc/mail/sendmail.mc:
dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(\Qmydomain.com')dnl
7.6.2. How Does It Work?
Fedora's email system, like most others, is divided into three parts:
Originally written when a wide range of email transportation schemes were in use, sendmail is designed to route mail through and between these different systems, each with their own address format and message queuing system. Because of this heritage, sendmail has a sophisticated and complex configuration system, but many of the configuration options are not used for Internet email servers.
sendmail is now used almost exclusively with the Simple Mail Transport Protocol (SMTP), which is a human-readable transfer protocol that uses TCP/IP connections on port 25. You can use telnet to connect to an SMTP server and manually send mail if you want:
$ telnet concord2.proximity.on.ca smtp Trying 127.0.0.1... Connected to concord2.proximity.on.ca (127.0.0.1). Escape character is '^]'. 220 concord2.proximity.on.ca ESMTP Sendmail 8.13.5/8.13.5; Thu, 2 Mar 2006 13:07:11 -0500 EHLO fedorabook.com 250- concord2.proximity.on.ca Hello concord8.proximity.on.ca [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP MAIL From: firstname.lastname@example.org 250 2.1.0 email@example.com... Sender ok RCPT To: firstname.lastname@example.org 250 2.1.5 email@example.com... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Subject: Greetings!Date: Thu, Mar 2006 12:08:11 -0500 Hi there -- just dropping you a quick note viatelnet. Hope your day is going well. -Chris. 250 2.0.0 k22I7BTo016133 Message accepted for delivery QUIT 221 2.0.0 concord2.proximity.on.ca closing connection
You can also send mail by sending it to the standard input of a sendmail process:
$ /usr/bin/sendmail firstname.lastname@example.orgSubject: Test II Did you remember to renew the domain registration?If not, please take care of this before next Tuesday.[Ctrl-D]
Outbound mail is queued in /var/spool/mqueue/. Inbound mail is delivered via procmail to users' mailboxes in /var/spool/mail/. The mailboxes are simply text files containing all of the messages concatenated end to end; this format is sometimes called mbox format.
The /etc/mail/sendmail.mc file used for configuration is an m4 macro file. It is interpreted by the m4 command using files in /usr/share/sendmail-cf/m4/ to build /etc/mail/sendmail.cf. While it is possible to construct the sendmail.cf file by hand, it's typically eight times as long as the sendmail.mc file and uses a very cryptic structure. Here's a snippet:
R< > $+ $: < > < $1 <> $&h > nope, restore +detail R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in
Most system administrators would much rather deal with sendmail.mc than sendmail.cf.
7.6.3. What About...
126.96.36.199. ...using an alternate MTA?
# alternatives --config mta There are 2 programs which provide 'mta'. Selection Command ----------------------------------------------- *+ 1 /usr/sbin/sendmail.sendmail 2 /usr/sbin/sendmail.postfix Enter to keep the current selection[+], or type selection number: 2
You can also switch graphically, using the system-switch-mail command available through the menu option SystemAdministrationMail Transport Agent Switcher (this requires the somewhat obscure package system-switch-mail). The window shown in Figure 7-20 will be displayed; select the MTA you wish to use and click OK.
Figure 7-20. The Mail Transport Agent Switcher tool.
188.8.131.52. ...fetching mail from a remote mailbox?
If you're using Fedora at a location that does not have a permanent Internet connection with a static IP address, incoming email cannot be delivered directly to sendmail. Instead, you'll have to arrange for the email to be delivered to mailboxes on another system and then pick up the mail from that system.
Many MUAs such as Evolution will directly access remote mailboxes, but sometimes you want to have that mail flow through the local mail system so that alias handling and procmail processing take place.
Fetchmail can retrieve mail from a remote mailbox and feed it to sendmail on the local system. To configure Fetchmail, create the file ~/.fetchmailrc using a text editor. Here is a simple configuration:
# Check for email at five-minute (300-second) intervals set daemon 300 # Poll the system fedorabook.com using the POP3 protocol poll fedorabook.com with protocol POP3: # Describe how the usernames on this machine relate # to the usernames on fedorabook.com user chris here is chris.tyler there, password "FedoraRules!" user diane here is diane.tyler there, password "BiggestSecret";
This will fetch the mail for two users from one server using the Post Office Protocol, Version 3 (POP3). Fetchmail can retrieve mail using many different protocols and has an uncommonly readable configuration syntax; consult its extensive manpage for the gritty details.
Once you have set up the ~/.fetchmailrc file, execute the fetchmail command:
$ fetchmail -q fetchmail: background fetchmail at 8025 killed.
7.6.4. Where Can I Learn More?