Configuring Linux Mail Servers

===========================================

In This Chapter
Chapter 21 Configuring Linux Mail Servers Configuring Sendmail Configuring Your POP Mail Server Peter Harrison, www.linuxhomenetworking. om ===========================================

This

ha!ter will hel! to show "ou how to set u! a mail server for "our home network. #t overs Sendmail whi h is res!onsi$le for rela"ing "our mail to a remote user%s mail$ox and also POP mail whi h is used to retrieve the mail from the mail $ox to "our lo al PC via a mail lient su h as outlook &x!ress.

Configuring Sendmail
'n Overview Of How Sendmail (orks
Sendmail is the most !o!ular )inux !rogram for !ro essing mail. On e the mail arrives on the mail server it an $e read in a num$er of wa"s* o o )inux users logged into the mail server an read their mail dire tl" using a text $ased lient su h as +mail+ or a ,-# lient su h as &volution. (indows users an use an email lient su h as +Outlook+ or +Outlook &x!ress+ to download the mail to their lo al PC via POP. (indows users also have the o!tion of either kee!ing or deleting the mail on the mail server after it has $een downloaded. #f the mail is destined for a lo al user then sendmail will !la e the message in that !erson%s mail$ox so that the" an retrieve it using one of the methods a$ove.

.he !ro ess is different when sending mail via the mail server* o

#f the mail isn/t destined for the mail$ox of a lo al user, then sendmail will attem!t to rela" it to the a!!ro!riate destination mail server via the Sim!le Mail .rans!ort Proto ol or SM.P. One of the main advantages of mail rela"ing is that when a PC user +'+ sends mail to another user +0+ on the #nternet, the PC of user +'+ an delegate the SM.P !ro essing to the mail server. Note:#f mail rela"ing is not onfigured !ro!erl" then "our mail server ould end u! rela"ing SP'M. Sim!le sendmail se urit" is outlined on this !age.

Configuring 12S
3emem$er that "ou will never re eive mail unless "ou have onfigured 12S for "our domain to make "our new )inux $ox mail server the target of the 12S domain/s M4 re ord. See either the Stati 12S or 1"nami 12S !ages on how to do this.

#nstalling 'nd Starting Sendmail

Most 3edHat )inux software !rodu ts are availa$le in the 3PM format. 1ownloading and installing 3PMs isn%t hard. #f "ou need a refresher, the ha!ter on 3PMs overs how to do this in detail. o #t is $est to use the latest version of sendmail as older versions have had a num$er of se urit" holes. 's of this writing the latest version of the sendmail suite was version 5.67.89:. #nstall all the !a kages in this order* [root@bigboy tmp]# rpm -Uvh sendmail-cf-8.12.5- .i!8".rpm [root@bigboy tmp]# rpm -Uvh sendmail-8.12.5- .i!8".rpm [root@bigboy tmp]# rpm -Uvh sendmail-devel-8.12.5- .i!8".rpm o You an use the chkconfig ommand to get Sendmail onfigured to start at $oot* [root@bigboy tmp]# ch#config --level !5 sendmail on o .o start;sto!;restart sendmail after $ooting [root@bigboy tmp]# $etc$init.d$sendmail start [root@bigboy tmp]# $etc$init.d$sendmail stop [root@bigboy tmp]# $etc$init.d$sendmail restart o 3emem$er to restart the sendmail !ro ess ever" time "ou make a hange to the onfiguration files for the hanges to take effe t on the running !ro ess. You an also test whether the sendmail !ro ess is running with the !gre! ommand, "ou should get a res!onse of !lain old !ro ess #1 num$ers* [root@bigboy tmp]# pgrep sendmail

3estart Sendmail 'fter &diting Your Configuration <iles

#n this ha!ter we%ll see that Sendmail uses a variet" of onfiguration files whi h re=uire different treatments in order for their ommands to take effe t. .his little s ri!t en a!sulates all the re=uired !ost onfiguration ste!s. #%$bin$bash cd $etc$mail ma#e m& $etc$mail$sendmail.mc ' $etc$sendmail.cf m& $etc$mail$sendmail.mc ' $etc$mail$sendmail.cf ne-aliases $etc$init.d$sendmail restart -se this ommand to make the s ri!t exe uta$le. chmod ++ filename

# () *er .!# () *er 8.+,

You%ll need to run the s ri!t ea h time "ou hange an" of the sendmail onfiguration files des ri$ed in the se tions to follow. .he line in the s ri!t that restarts sendmail is onl" needed if "ou have made hanges to the ;et ;mail;sendmail.m file, $ut it has $een in luded so that "ou don%t forget. .his ma" not $e a good idea in a !rodu tion s"stem. 1elete the a!!ro!riate +m>+ line de!ending on "our version of 3edHat. 0oth the newaliases and m> ommands de!end on the sendmail9 f 3PM !a kage. .his must $e installed, if not, "ou/ll get errors like this when running the s ri!t*

Errors With The Newaliases Command

[root@bigboy mail]# ne-aliases .arning/ .cf file is o0t of date/ sendmail 8.12.5 s0pports version 1+1 .cf file is version + 2o local mailer defined 30e0e4irectory 536 option m0st be set [root@bigboy mail]#

Errors With The m4 Command

[root@bigboy mail]# m& $etc$mail$sendmail.mc ' $etc$mail$sendmail.cf $etc$mail$sendmail.mc/8/ m&/ 7annot open $0sr$share$sendmailcf$m&$cf.m&/ 2o s0ch file or directory [root@bigboy mail]#

Errors When Restarting sendmail

[root@bigboy mail]# $etc$init.d$sendmail restart 8h0tting do-n sendmail/ [ 9: ] 8h0tting do-n sm-client/ [;<=>?4] 8tarting sendmail/ 55& 5.+.+ 2o local mailer defined 55& 5.+.+ 30e0e4irectory 536 option m0st be set [;<=>?4] 8tarting sm-client/ [ 9: ] [root@bigboy mail]#

.he ;var;log;maillog <ile

Sendmail throws all its status messages in the /var/log/maillog file. #t is alwa"s good to monitor this file whenever "ou are doing hanges. O!en two telnet, SSH or onsole windows. (ork in one of them and monitor the sendmail status out!ut in the other using the ommand [root@bigboy tmp]# tail -f $var$log$maillog

.he ;et ;mail;sendmail.m <ile

Most of sendmail/s onfiguration !arameters are set in this file with the ex e!tion of mailing list and mail rela" se urit" features. #t is often viewed as an intimidating file with its series of stru tured +dire tive+ statements that get the ?o$ done. <ortunatel" in most ases "ou won/t have to edit this file ver" often. .he two most $asi ste!s in onfiguring a Sendmail server are to modif" this file to ena$le Sendmail to listen on the 2#C interfa e and to make Sendmail to a e!t mail from valid we$ domains.

Why Sendmail Only Listens On The Loopba ! Inter"a e #y $e"a%lt

'll )inux s"stems have a virtual loo!$a k interfa e that onl" lives in memor" with an #P address 67:.@.@.6. 's mail must $e sent to a target #P address even when there is no 2#C in the $ox, Sendmail therefore uses the loo!$a k address to send mail to users on the lo al $ox. .o $e ome a server, and not a lient, Sendmail needs to $e also onfigured to listen for messages on the 2#C interfa e. (e an verif" that sendmail is running $" first using the !gre! ommand whi h will return the sendmail !ro ess #1 num$er on e sendmail is running. #f it isn/t running, then the return value will $e $lank.

[root@bigboy tmp]# pgrep sendmail 221!1 [root@bigboy tmp]# .e can also see the interfaces on -hich 8endmail is listening -ith the @netstatA command. 8endmail listens on B7C port 251 so -e 0se DnetstatD and DgrepD for D25D to see a defa0lt config0ration listening only on =C address 12 .+.+.1 5loopbac#6. [root@bigboy tmp]# netstat -an E grep /25 E grep tcp tcp + + 12 .+.+.1/25 +.+.+.+/F >=8B?2 [root@bigboy tmp]#

Edit &et &mail&sendmail'm To (a!e Sendmail Listen On NICs Too

.o orre t this "ou/ll have to omment out the daemonAo!tions line in the /etc/mail/sendmail.mc file with +dnl+ statements. #t is also good !ra ti e to take !re autions against SP'M $" not a e!ting mail from domains that don/t exist $" ommenting out the +accept_unresolva le_domains+ feature too. See the itali i)ed lines in the exam!le $elow. dnl Bhis changes sendmail to only listen on the loopbac# device 12 .+.+.1 dnl and not on any other net-or# devices. 7omment this o0t if yo0 -ant dnl to accept email over the net-or#. dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Nam =MTA!" dnl 29B?/ binding both =Cv& and =Cv" daemon to the same port reG0ires dnl a #ernel patch dnl 4<?H92I9CB=9285JportKsmtp1<ddrK//11 2ameKHB<-v"1 ;amilyKinet"L6 dnl .e strongly recommend to comment this one o0t if yo0 -ant to protect dnl yo0rself from spam. )o-ever1 the laptop and 0sers on comp0ters that do dnl not have 2&M 428 do need this. dnl #EAT$%E(`a&& pt_'nr sol(a)l _doma*ns!"dnl dnl ;?<BU(?5JrelayIbasedIonIHNL6dnl You need to $e areful with the accept_unresolva le_names feature. #n our sam!le network, $ig$o" the mail server will not a e!t email rela"ed from an" of the other PCs on "our network if the" are not in 12S. .he ha!ter on 12S shows how to reate "our own internal domain ?ust for this !ur!ose.

Regenerate The sendmail' " *ile

On e finished editing the file, we have to regenerate a new sendmail. f file and restart sendmail.

Note: (hen sendmail starts, it reads the file sendmail. f for its onfiguration. sendmail.mc is a more user friendl" onfiguration file and reall" is mu h easier to fool around with without getting $urned. .he sendmail.cf file is lo ated in different dire tories de!endent on the version of 3edHat "ou use. /etc/sendmail.cf for versions u! to :.B, and /etc/mail/sendmail.cf for versions 5.@ and higher.

3edhat versions u! to :.B [root@bigboy tmp]# m& $etc$mail$sendmail.mc ' $etc$sendmail.cf 3edhat versions 5.@C [root@bigboy tmp]# m& $etc$mail$sendmail.mc ' $etc$mail$sendmail.cf

Restart sendmail to load the new on"ig%ration

[root@bigboy tmp]# $etc$init.d$sendmail restart 8h0tting do-n sendmail/ [ 9: ] 8tarting sendmail/ [ 9: ] [root@bigboy tmp]#

Now (a!e S%re Sendmail Is Listening On +ll Inter"a es

Sendmail should start listening on all interfa es D@.@.@.@E [root@bigboy tmp]# netstat -an E grep /25 E grep tcp tcp + + +.+.+.+/25 +.+.+.+/F >=8B?2 [root@bigboy tmp]#

+ ,eneral ,%ide To -sing The sendmail'm *ile

.he sendmail.m file an seem ?um$led. .o make it less luttered # usuall" reate two easil" identifia$le se tions in it with all the ustom ommands #/ve ever added. .he first se tion is near the to! where the <&'.-3& statements usuall" are, and the se ond se tion is at the ver" $ottom. Sometimes sendmail will ar hive this file when "ou do a version u!grade. Having easil" identifia$le modifi ations in this file will make !ost u!grade re onfiguration mu h easier. Here is a sam!le* dnl FFFFF 70stomised section 1 start FFFFF dnl dnl ;?<BU(?5delayIchec#s6dnl ;?<BU(?5masG0eradeIenvelope6dnl ;?<BU(?5allmasG0erade6dnl ;?<BU(?5masG0eradeIentireIdomain6dnl dnl dnl dnl FFFFF 70stomised section 1 end FFFFF

.he ;et ;hosts <ile

#t is ver" im!ortant to have a orre tl" onfigured ;et ;hosts file. Here is a $rief exam!le* 12 .+.+.1 1O2.1"8.1.1++ localhost.localdomain localhost bigboy.my-site.com bigboy mail

---

Here the #P address is followed $" the hostname.domain D$ig$o".m"9site. omE followed $" the hostname and all the 12S C2'M&s assigned to the server/s #P address. Sendmail uses this file to determine* o o .he s"stem name .he domains it is res!onsi$le for rela"ing

Sendmail looks for the #P address of "our 2#C in /etc/hosts and then assumes the first name after it is the full" =ualified domain name of the server su h as ig o!.m!"site.com. #f $ig$o" had an entr" like this* 1O2.1"8.1.1++ my-site.com 5.rong%%%6

Sendmail would assume the server/s name was m"9site and that the domain was all of +. om+. .he server would therefore $e o!en to rela" all mail from an" +. om+ domain and would ignore the se urit" features of the a ess and rela"9domains files we/ll des ri$e $elow. #f "ou fail to !ut the #P address of "our 2#C in the /etc/hosts file altogether, then "ou run the risk of having all "our mail a!!ear to ome from lo alhost.lo aldomain and not $ig$o".m"9site. om.

Symptoms O" + #ad &et &hosts *ile

's dis ussed a$ove, a !oorl" onfigured /etc/hosts file an make mail sent from "our server to the outside world a!!ear as if it ame from users at lo alhost.lo aldomain and not $ig$o".m"9site. om. -se the sendmail !rogram to send a sam!le email to someone in ver$ose mode. &nter some text after issuing the ommand and end "our message with a single +.+ all $" itself on the last line. [root@bigboy tmp]# sendmail -v eMample@another-site.com test teMt test teMt . eMample@another-site.com... 7onnecting to mail.another-site.com. via esmtp... 22+ ltmail.another-site.com >iteHail v!.+25P;>=B?H<=>&<6Q 8at1 +5 9ct 2++2 +"/&8/&& -+&++ ''' ?)>9 localhost.localdomain 25+-mM.another-site.com )ello [" .12+.221.1+"]1 pleased to meet yo0

25+ )?>C ''' H<=> ;rom/Rroot@localhost.localdomain' 25+ Rroot@localhost.localdomain'... 8ender 9# ''' (7CB Bo/ReMample@another-site.com' 25+ ReMample@another-site.com'... (ecipient 9# ''' 4<B< !5& ?nter mail1 end -ith D.D on a line by itself ''' . 25+ Hessage accepted for delivery eMample@another-site.com... 8ent 5Hessage accepted for delivery6 7losing connection to mail.another-site.com. ''' 3U=B [root@bigboy tmp]# )o alhost.lo aldomain is the domain that all om!uters use to refer to themselves, it is therefore an illegal internet domain. #f mail sent from om!uter PC6 to PC7 a!!ears to ome from a user at lo alhost.lo aldomain on PC6 and is re?e ted, the re?e ted email will $e returned to lo alhost.lo aldomain. PC7 will see that the mail originated from lo alhost.lo aldomain and will think that the re?e ted email should $e sent to a user on PC7 that ma" not exist. You will !ro$a$l" get an error like this in /var/log/maillog if this ha!!ens* 9ct 1" 1+/2+/+& bigboy sendmail[25++]/ gOS):!i3++25++/ 8T8?((5root6/ savemail/ cannot save reUected email any-here 9ct 1" 1+/2+/+& bigboy sendmail[25++]/ gOS):!i3++25++/ >osing .$GfgOS):!i3++25++/ savemail panic Note* You ma" also get this error if "ou are using a SP'M !revention !rogram, for exam!le a s ri!t $ased on the P&3) module Mail**'udit. 'n error in the s ri!t ould ause this t"!e of message too. 'nother set of tell tale errors aused $" the same !ro$lem an $e generated when tr"ing to send mail to a user , in this exam!le +root+, or reating a new alias data$ase file. D.he newalias ommand will $e ex!lained laterE* [root@bigboy tmp]# sendmail -v root .<(2=2S/ local host name 5bigboy6 is not G0alifiedQ fiM VU in config file [root@bigboy tmp]# ne-aliases .<(2=2S/ local host name 5bigboy6 is not G0alifiedQ fiM VU in config file [root@bigboy tmp]# (ith the a om!an"ing error in /var/log/maillog log file that looks like this* 9ct 1" 1+/2!/58 bigboy sendmail[2582]/ Hy 0nG0alified host name 5bigboy6 0n#no-nQ sleeping for retry

.he ;et ;mail;rela"9domains <ile

.he /etc/mail/rela!"domains file is used to determine domains from whi h it will rela" mail. .he ontents of the rela"9domains file should $e limited to those domains that an $e trusted not to originate s!am. 0" default, this file does not exist in a standard 3edHat install. #n this ase, all mail sent from m!"super"duper"site.com and not destined for this mail server will $e forwarded. my-s0per-d0per-site.com One disadvantage of this file is that it an onl" ontrol mail $ased on the sour e domain whi h an $e s!oofed $" SP'M email servers. .he /etc/mail/access file has more a!a$ilities, su h as restri ting rela"ing $" #P address or network range and is more ommonl" used. #f "ou delete /etc/mail/rela!"domains, then rela" a ess is full" determined $" the /etc/mail/access file. Sendmail has to $e restarted after editing this file for the hanges to take effe t.

.he ;et ;mail;a

ess <ile

You an make sure that onl" trusted PCs on "our network have the a$ilit" to rela" mail via "our mail server $" using the /etc/mail/access file. .hat is to sa", the mail server will onl" rela" mail for those PCs on "our network that have their email lients onfigured to use the mail server as their +outgoing SM.P mail server+. D#n Outlook &x!ress "ou set this using* .ools Menu 9F ' ounts 9F Pro!erties 9F ServersE #f "ou don/t take the !re aution of using this feature, "ou ma" find "our server $eing used to rela" mail for SP'M email sites. Configuring the /etc/mail/access file will not sto! SP'M oming to "ou, onl" SP'M flowing through "ou. .he /etc/mail/access file has two olumns. .he first lists #P addresses and domains from whi h the mail is oming or going. .he se ond lists the t"!e of a tion to $e taken when mail from these sour es ; destinations is re eived. Ge"words in lude 3&)'Y, 3&H&C., OG Dnot 'CC&P.E and 1#SC'31. .here is no third olumn to state whether the #P address or domain is the sour e or destination of the mail, Sendmail assumes it ould $e either and tries to mat h $oth. Sendmail will 3&H&C. all other attem!ted rela"ed mail that doesn/t mat h an" of the entries in the /etc/mail/access file. 1es!ite this, m" ex!erien e has $een that ontrol on a !er email address $asis is mu h more intuitive via the /etc/mail/virtuserta le file. #n the sam!le file $elow, we allow rela"ing for onl" the server itself D67:.@.@.6, lo alhostE, two lient PCs on "our home 6I7.6J5.6.4 network, ever"one on "our 6I7.6J5.7.4 network and ever"one !assing email through the mail server from servers $elonging to m"9site. om. 3emem$er that a server will onl" $e onsidered a !art of m"9site. om if its #P address an $e found in a 12S reverse Kone file* localhost.localdomain localhost 12 .+.+.1 1O2.1"8.1.1" 1O2.1"8.1.1 1O2.1"8.2 my-site.com (?><T (?><T (?><T (?><T (?><T (?><T (?><T

You/ll then have to onvert this text file into a Sendmail reada$le data$ase file named /etc/mail/access.d . Here are the ommands to do that* [root@bigboy tmp]# cd $etc$mail [root@bigboy mail]# ma#e 3emem$er that the rela" se urit" features of this file ma" not work if "ou don/t have a orre tl" onfigured ;et ;hosts file.

.he ;et ;mail;lo al9host9names <ile

(hen sendmail re eives mail, it needs a wa" of determining whether it is res!onsi$le for the mail it re eives. #t uses the /etc/mail/local"host"names file to do this. .his file has a list of hostnames and domains for whi h sendmail will a e!t res!onsi$ilit". <or exam!le, if this mail server was to a e!t mail for the domains m"9site. om and m"9other9site. om and the host server.m"9site. om then the file would look like this* my-site.com my-other-site.com #n this ase, remem$er to modif" the M4 re ord of the +m"9other9site. om+ 12S Konefile !oint to m"9site. om. Here is an exam!le D3emem$er ea h +.+ is im!ortantE* my-other-site.com. HN 1+ mail.my-site.com. Q Crimary Hail ?Mchanger for my-other-site.com

(hi h -ser Should 3eall" 3e eive .he MailL

Sendmail uses two different methods to determine who the ultimate mail re i!ient will $e. #t he ks these methods in this order* .he ;et ;mail;virtuserta$le file .his file has two olumns. o o .he first lists the destination to whi h the original sender intended to send the mail. .he se ond olumn lists the single true destination.

.he true destination in the e"es of the mail server ould $e a lo al )inux user, a mailing list entr" in the /etc/aliases file or the email address of someone on some other mail server to whi h the mail should $e automati all" forwarded. .he ;et ;aliases file .his file has two olumns too. #t ould $e viewed as a mailing list file. .he first olumn has the mailing list name Dsometimes alled a virtual mail$oxE and the se ond olumn has the mem$ers of the mailing list se!arated $" ommas. o o o #f the mailing list mem$er doesn/t have an +M+ in the name, then sendmail assumes the re i!ient is on the lo al $ox. #t will then sear h the first olumn of the aliases file to see if the re i!ient isn/t on "et another mailing list. #f it doesn/t find a du!li ate, it assumes the re i!ient is a lo al user.

#f the re i!ient is a mailing list, then it goes through the !ro ess all over again to determine ea h individual in the mailing list and when it is all finished, the" will all get a o!" of the email message.

.he ;et ;mail;virtuserta$le file

.his file ontains a set of sim!le instru tions on what to do with re eived mail. .he first olumn lists the target email address and the se ond olumn lists the lo al user%s mail $ox or remote email address to whi h the email should $e forwarded. #n the exam!le $elowN mail sent to* o o o o we$masterMm"9other9site. om will go to lo al user Dor mailing listE +we$masters+, all other mail to m"9other9site. om will go to lo al user +mar +. +sales+ at m"9site. om will go to the sales de!artment at m"9othersite. om. +!aul+ and +finan e+ at m"9site. om goes to lo al user Dor mailing listE +!aul+ all other users at m"9site. om re eive a +$oun e $a k+ message stating +-ser unknown+ -ebmaster@my-other-site.com @my-other-site.com sales@my-site.com pa0l@my-site.com finance@my-site.com @my-site.com -ebmasters marc sales@my-other-site.com pa0l pa0l error/no0ser User 0n#no-n

'fter editing this file "ou/ll have to onvert it into a sendmail reada$le data$ase file named /etc/mail/virtuserta le.d . Here are the ommands to do that*

[root@bigboy tmp]# cd $etc$mail [root@bigboy mail]# ma#e

.he ;et ;aliases <ile

.his file is reall" a list of email aliases for lo al users. #t ontains a list of virtual mail $oxes Dor mailing listsE in the first olumn, and mem$ers of the mailing lists in the se ond olumn. #n the exam!le $elow, "ou an see that mail sent to users +$in+, +daemon+, +l!+, +shutdown+, +a!a he+, +named+... et $" s"stem !ro esses will all $e sent to user Dor mailing listE +root+. #n this ase +root+ is a tuall" an alias for a mailing list onsisting of user +mar + and we$masterMm"9site. om. Note: .he default /etc/aliases file installed with 3edHat has the last line of this sam!le ommented out with a +O+, "ou ma" want to delete the omment and hange user +mar + to another user.

# Pasic system aliases -- these HU8B be present. mailer-daemon/ postmaster postmaster/ root # Seneral redirections for pse0do acco0nts. bin/ root daemon/ root lp/ root sh0tdo-n/ root mail/ root apache/ root named/ root system/ root manager/ root ab0se/ root # trap decode to catch sec0rity attac#s decode/ root # Cerson -ho sho0ld get rootLs mail root/ marc1-ebmaster@my-site.com 2oti e that there are no s!a es $etween the mailing list entries for P rootQ. .his is im!ortant as "ou will get errors if "ou add s!a es. 'fter editing this file "ou/ll have to onvert it into a sendmail reada$le data$ase file named /etc/aliases.d . Here is the ommand to do that* [root@bigboy tmp]# ne-aliases

Sim!le Mailing )ists -sing 'liases

#n the sim!le mailing list exam!le a$ove, mail sent to +root+ a tuall" goes to user a +mar + and we$masterMm"9site. om. Here are a few more list exam!les for "our ;et ;aliases file. Mail to +dire torsMm"9site. om+ goes to users +!eter+, +!aul+ and +mar"+. # 4irectors of my 89)9 company directors/ peter1pa0l1mary Mail sent to +famil"Mm"9site. om+ goes to users +grandma+, +$rother+ and +sister+ # Hy family family/ ount

grandma1brother1sister

Mail sent to admin9list gets sent to all the users listed in the file ;usr;home;admin;admin9list. .he advantage of using mailing list files is that the admin9list file an $e a file that trusted users an edit, user ProotQ is onl" needed u!date the aliases file. 1es!ite this, there are some !ro$lems with mail refle tors. One is that $oun e messages from failed attem!ts to

$road ast goes to all users. 'nother is that all su$s ri!tions and unsu$s ri!tions have to $e done manuall" $" the mailing list administrator. #f either of these are a !ro$lem for "ou, then onsider using a mailing list manager like ma?ordomo.

# Hy mailing list file admin-list/ D/incl0de/$home$mailings$admin-listD 'fter editing this file, "ou/ll have to onvert it into a sendmail reada$le data$ase file named /etc/aliases.d . Here is the ommand to do that* [root@bigboy tmp]# ne-aliases

'n #m!ortant 2ote '$out .he ;et ;aliases <ile

0" default "our s"stem uses sendmail to mail s"stem messages to lo al user +root+. (hen sendmail sends email to a lo al user, it will have no +to*+ in the email header. #f "ou then use a mail lient like Outlook &x!ress with a SP'M mail filtering rule to re?e t mail with no to* in the header, "ou ma" find "ourself dum!ing legitimate mail. .o get around this, tr" making root have an alias for a user with a full" =ualified domain name, this will for e sendmail to insert the orre t fields in the header. Here is an exam!le* # Cerson -ho sho0ld get rootLs mail root/ -ebmaster@my-site.com

Sendmail Mas=uerading &x!lained

#f "ou want "our mail to a!!ear to ome from userMm"site. om and not userM$ig$o".m"site. om then "ou have two hoi es* o o Configure "our email lient, su h as Outlook &x!ress, to set "our email address to userMm"site. om. .his ex!lained later in this ha!ter in the POP Mail se tion. Set u! mas=uerading to modif" the domain name of all traffi originating from and !assing trough "our mail server.

Con"ig%ring mas.%erading
#n the 12S onfiguration, we made $ig$o" the mailserver for the domain m"9site. om. You now have to tell $ig$o" in the sendmail onfiguration file sendmail.m that all outgoing mail originating on $ig$o" should a!!ear to $e oming from m"9site. om, if not, $ased on our settings in the /etc/hosts file, it will a!!ear to ome from mail.m"9site. om. .his isn/t terri$le, $ut "ou ma" not want "our we$site site to $e remem$ered with the word +mail+ in front of it. #n other words "ou ma" want "our mail server to handle all email $" assigning a onsistent return address to all outgoing mail, no matter whi h server originated the email. .his an $e solved $" editing "our sendmail.mc onfiguration file and adding some mas=uerading ommands and dire tives. .hese are ex!lained $elow*

;?<BU(?5al-aysIaddIdomain6dnl ;?<BU(?5JmasG0eradeIentireIdomainL6dnl ;?<BU(?5JmasG0eradeIenvelopeL6dnl ;?<BU(?5JallmasG0eradeL6dnl H<83U?(<4?I<85Jmy-site.com.L6dnl H<83U?(<4?I49H<=25Jmy-site.com.L6dnl H<83U?(<4?I<85my-site.com6dnl .he M#S$%&'#(&_#S dire tive will make all mail originating on $ig$o" a!!ear to ome from a server within the domain m"9site. om $" rewriting the email header. .he M#S$%&'#(&_()M#*N dire tive will make mail rela"ed via $ig$o" from all ma hines in the m"9other9site. om domain a!!ear to ome from the M#S$%&'#(&_#S domain of m"9site. om. <eature +masG0eradeIentireIdomain+ makes sendmail mas=uerade servers named Rm"9site. om, and Rm"9other9site. om as m"9site. om. #n other words, mail from sales.m"9site. om would $e mas=ueraded too. #f this wasn/t sele ted, then onl" servers named m"9site. om and m"9othersite. om would $e mas=ueraded. -se this with aution, onl" when "ou are sure "ou have the authorit" to do this. <eature +allmas+uerade+ will make sendmail rewrite $oth re i!ient addresses and sender addresses relative to the lo al ma hine. #f "ou * "ourself on an outgoing mail, the other re i!ient will see a * to an address he knows instead of one on lo alhost.lo aldomain. <eature +al-aysIaddIdomain+ will alwa"s mas=uerade email addresses, even if the mail is sent from a user on the mail server to another user on the same mail server. <eature +mas+uerade_envelope+ will rewrite the email envelo!e ?ust as +M#S$%&'#(&_#S + rewrote the header. .he email header is what email lients, su h as Outlook &x!ress, sa" the +to*+ and +from*+ should $e. .he +to*+ and +from*+ in the header is what is used when "ou use Outlook &x!ress to do a +re!l"+ or +re!l" all+. #t is eas" to fake the header, as S!ammers often do, it is detrimental to email deliver" to fake the envelo!e. .he email envelo!e ontains the +to*+ and +from*+ used $" mailservers for !roto ol negotiation. #t is the envelo!e/s +from*+ whi h is used when email re?e tion messages are sent $etween mail servers.

Testing (as.%erading
.he $est wa" of testing mas=uerading from the )inux ommand line is to use the + mail -v username+ ommand. # have noti ed that +sendmail -v username+ ignores mas=uerading altogether. You should also tail the /var/log/maillog file to verif" that the mas=uerading is o!erating orre tl" and he k the envelo!e and header of test email re eived $" test email a ounts.

Other (as.%erading Notes

0" default, user +root+ will not $e mas=ueraded. .his is a hieved with the* ?NC98?4IU8?(5JrootL6dnl ommand in /etc/mail/sendmail.mc. You an omment this out if "ou like with a +dnl+ at the $eginning of the line and re om!iling ; restarting sendmail

' Sim!le P&3) S ri!t .o Hel! Sto! SP'M

#t is !ossi$le to limit the amount of unsoli ited ommer ial email D-C& or SP'ME SP'M "ou re eive $" writing a small s ri!t to inter e!t "our mail $efore it is written to "our mail$ox. .his is fairl" sim!le to do as sendmail alwa"s he ks the P.for,ardQ file in "our home dire tor" for the name of this s ri!t. Sendmail then looks for the filename in the dire tor" /etc/smrsh and exe utes it. 0" default, P&3) doesn%t ome with modules that are a$le to he k email headers and envelo!es so "ou will have to download them from CP'2 Dwww. !an.orgE. .he most im!ortant modules are* o o o o Mail.ools #O9String" M#M&9tools Mail9'udit

# have written a s ri!t alled mail9filter.!l that effe tivel" filters out SP'M email for m" home s"stem. .here are a few ste!s re=uired to make the s ri!t work* o o o #nstall P&3) and the P&3) modules listed a$ove. Pla e an exe uta$le version of the s ri!t in "our home dire tor" and modif" the s ri!t%s S<#)&P'.H varia$le !oint to "our home dire tor" -!date the two onfiguration files* o mail9filter.a e!t, whi h s!e ifies the su$?e ts and email addresses to a e!t, mail9filter.re?e t that s!e ifies those that "ou should re?e t.

-!date "our P.for,ardQ file and !la e an entr" in /etc/smrsh

Mail9filter will first re?e t all email $ased on the Pre?e tQ file and will then a e!t all mail found in the Pa e!tQ file. #t will then den" ever"thing else. # have in luded a sim!le s ri!t with instru tions on how to install the P&3) modules in the '!!endix.

Configuring Your POP Mail Server

Sendmail will ?ust handle mail sent to "our +m"9site. om+ domain. &a h user on "our )inux $ox will get mail sent to their a ount/s mail folder. #f "ou want to retrieve this mail from "our )inux $ox/s user a ount, using a mail lient su h as Mi rosoft Outlook or Outlook &x!ress, then "ou have a few more ste!s. You/ll also have to make "our )inux $ox a POP mail server.

#nstalling Your POP Mail Server

Most 3edHat )inux software !rodu ts are availa$le in the 3PM format. 1ownloading and installing 3PMs isn%t hard. #f "ou need a refresher, the ha!ter on 3PMs overs how to do this in detail. o .he #M'P;POP mail suite omes standard with the 3edHat installation C1s. You an install the 3PM with this ommand* [root@bigboy tmp]# rpm -Uvh imap-2++1a-15.i!8".rpm o POP mail is started $" xinetd. .herefore to get POP mail onfigured to start at $oot "ou have to use the hk onfig ommand to make sure xinetd starts u! on $ooting. [root@bigboy tmp]# ch#config --level !5 Minetd on o .o start;sto!;restart POP mail after $ooting "ou an use the xinetd init s ri!t lo ated in the dire tor" /etc/init.d like this* [root@bigboy tmp]# $etc$init.d$Minetd start [root@bigboy tmp]# $etc$init.d$Minetd stop [root@bigboy tmp]# $etc$init.d$Minetd restart 3emem$er to restart the POP mail !ro ess ever" time "ou make a hange to the onfiguration files for the hanges to take effe t on the running !ro ess

Configuring Your POP Mail Server

.he starting and sto!!ing of POP Mail is ontrolled $" xinetd via the /etc/xinetd.d/ipopfile. POP Mail is dea tivated $" default, so "ou%ll have to edit this file to start the !rogram. Make sure the ontents look like this. .he disa$le feature must $e set to +no+ to a e!t onne tions. <ollow the ste!s $elow and set the +disa le+ !arameter to +no+. [root@bigboy tmp]# cd $etc$Minetd.d [root@bigboy Minetd.d]# vi ipop! # defa0lt/ off # description/ Bhe C9C! service allo-s remote 0sers # to access their mail W # 0sing an C9C! client s0ch as 2etscape 7omm0nicator1 m0tt1 W # or fetchmail. service pop! X

soc#etItype K stream -ait K no 0ser K root server K $0sr$sbin$ipop!d logIonIs0ccess ,K )98B 4U(<B=92 logIonIfail0re ,K )98B disable K no

You will then have to restart xinetd for these hanges to take effe t using the startu! s ri!t in the /etc/init.d dire tor". 2aturall", to disa$le POP Mail on e again, "ou%ll have to edit the ;et ;xinetd.d;i!o!B file, set Pdisa$leQ to P"esQ and restart xinetd.

How .o Configure Your (indows Mail Programs

'll "our POP email a ounts are reall" onl" regular )inux user a ounts in whi h Sendmail has de!osited mail. You an now onfigure "our email lient su h as Outlook &x!ress to use "our use "our new POP ; SM.P Mail Server =uite easil". Here%s how* POP Mail Set "our POP mail server to $e the #P address of "our )inux mail server. -se "our )inux user username and !assword when !rom!ted. SM.P Set "our SM.P mail server to $e the #P address ; domain name of "our )inux mail server.

How to handle overla!!ing email addresses.

#f "ou have a user overla!, eg. Hohn Smith D?ohnMm"9site. omE and Hohn 0rown D?ohnMm"9other9site. omE, $" default, $oth users will get sent to the )inux user a ount +?ohn+. You have two hoi es* o Make the user !art of the email address is different. <or exam!le* ?ohn6Mm"9site. om and ?ohn7Mm"9other9site. om. Create )inux a ounts +?ohn6+ and +?ohn7+. #f the users insist on overla!!ing names then "ou ma" need to modif" "our virtuserta$le file. Create the user a ounts +?ohn6+ and +?ohn7+. Have a virtuserta$le entries for ?ohnMm"9site. om !ointing to a ount +?ohn6+ and ?ohnMm"9other9site. om !ointing to a ount +?ohn7+. .he POP onfiguration in Outlook &x!ress for ea h user should POP using +?ohn6+ and +?ohn7+ res!e tivel".