Converting From a Mail Client to a Mail Server
All Linux systems have a virtual loopback interface that lives only in memory with an IP address of 127.0.0.1. As mail must be sent to a target IP address even when there is no NIC in the box, sendmail therefore uses the loopback address to send mail between users on the same Linux server. To become a mail server, and not a mail client, sendmail needs to be configured to listen for messages on NIC interfaces as well.
1) Determine which NICs sendmail is running on. You can see the interfaces on which sendmail is listening with the netstat command. Because sendmail listens on TCP port 25, you use netstat and grep for 25 to see a default configuration listening only on IP address 127.0.0.1 (loopback):
[root@bigboy tmp]# netstat -an | grep :25 | grep tcptcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN[root@bigboy tmp]#
2) Edit sendmail.mc to make sendmail listen on all interfaces. If sendmail is listening on the loopback interface only, you should comment out the daemon_options line in the /etc/mail/sendmail.mc file with dnl statements. It is also good practice to take precautions against spam by not accepting mail from domains that don't exist by commenting out the accept_unresolvable_domains feature too. See the fourth and next to last lines in the example.
dnldnl This changes sendmail to only listen on the loopbackdnl device 127.0.0.1 and not on any other networkdnl devices. Comment this out if you wantdnl to accept email over the network.dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl.........dnldnl We strongly recommend to comment this one out if you wantdnl to protect yourself from spam. However, the laptop anddnl users on computers that dodnl not have 24x7 DNS do need this.dnl FEATURE(`accept_unresolvable_domains')dnldnl FEATURE(`relay_based_on_MX')dnldnl
Note: You need to be careful with the accept_unresolvable_names feature. In the sample network, bigboy the mail server does not accept e-mail relayed from any of the other PCs on your network if they are not in DNS. Chapter 18, "Configuring DNS", shows how to create your own internal domain just for this purpose.
Note: If your server has multiple NICs and you want it to listen to one of them, then you can uncomment the localhost DAEMON_OPTIONS entry and add another one for the IP address of the NIC on which to wish to accept SMTP traffic.
4) Regenerate the sendmail.cf file, and restart sendmail. Again, you can do this with the activate-sendmail.sh script from the beginning of the chapter.
5) Make sure sendmail is listening on all interfaces (0.0.0.0).
[root@bigboy tmp]# netstat -an | grep :25 | grep tcptcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN[root@bigboy tmp]#
You have now completed the first phase of converting your Linux server into a sendmail server by enabling it to listen to SMTP traffic on its interfaces. The following sections will show you how to define what type of mail it should handle and the various ways this mail can be processed.
A General Guide To Using The sendmail.mc File
The sendmail.mc file can seem jumbled. To make it less cluttered I usually create two easily identifiable sections in it with all the custom commands I've ever added.
The first section is near the top where the FEATURE statements usually are, and the second section is at the very bottom.
Sometimes sendmail will archive this file when you do a version upgrade. Having easily identifiable modifications in the file will make post upgrade reconfiguration much easier. Here is a sample:
dnl ***** Customised section 1 start *****dnldnlFEATURE(delay_checks)dnlFEATURE(masquerade_envelope)dnlFEATURE(allmasquerade)dnlFEATURE(masquerade_entire_domain)dnldnldnldnl ***** Customised section 1 end *****
The /etc/mail/relay-domains File
The /etc/mail/relay-domains file is used to determine domains from which it will relay mail. The contents of the relay-domains file should be limited to those domains that can be trusted not to originate spam. By default, this file does not exist in a standard RedHat / Fedora install. In this case, all mail sent from my-super-duper-site.com and not destined for this mail server will be forwarded:
One disadvantage of this file is that controls mail based on the source domain only, and source domains can be spoofed by spam e-mail servers. The /etc/mail/access file has more capabilities, such as restricting relaying by IP address or network range and is more commonly used. If you delete /etc/mail/relay-domains, then relay access is fully determined by the /etc/mail/access file.
Note: Be sure to run activate-sendmail.sh script from the beginning of the chapter for these changes to take effect.