이 콘텐츠는 선택한 언어로 제공되지 않습니다.
19.3.2. Sendmail
Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the
SMTP
protocol. However, Sendmail is highly configurable, allowing control over almost every aspect of how email is handled, including the protocol used. Many system administrators elect to use Sendmail as their MTA due to its power and scalability.
19.3.2.1. Purpose and Limitations
It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses
POP
or IMAP
, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another.
It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. See the Section 19.6, “Additional Resources” for a list of Sendmail resources.
This section reviews the files installed with Sendmail by default and reviews basic configuration changes, including how to stop unwanted email (spam) and how to extend Sendmail with the Lightweight Directory Access Protocol (LDAP).
19.3.2.2. The Default Sendmail Installation
In order to use Sendmail, first ensure the sendmail package is installed on your system by running, as
root
:
~]# yum install sendmail
In order to configure Sendmail, ensure the sendmail-cf package is installed on your system by running, as
root
:
~]# yum install sendmail-cf
For more information on installing packages with Yum, see Section 8.2.4, “Installing Packages”.
Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA see Section 19.3, “Mail Transport Agents”.
The Sendmail executable is
/usr/sbin/sendmail
.
Sendmail's lengthy and detailed configuration file is
/etc/mail/sendmail.cf
. Avoid editing the sendmail.cf
file directly. To make configuration changes to Sendmail, edit the /etc/mail/sendmail.mc
file, back up the original /etc/mail/sendmail.cf
file, and use the following alternatives to generate a new configuration file:
- Use the included makefile in
/etc/mail/
to create a new/etc/mail/sendmail.cf
configuration file:~]#
make all -C /etc/mail/
All other generated files in/etc/mail
(db files) will be regenerated if needed. The old makemap commands are still usable. The make command is automatically used whenever you start or restart thesendmail
service. - Alternatively you may use the
m4
macro processor to create a new/etc/mail/sendmail.cf
. Them4
macro processor is not installed by default. Before using it to create/etc/mail/sendmail.cf
, install the m4 package as root:~]#
yum install m4
More information on configuring Sendmail can be found in Section 19.3.2.3, “Common Sendmail Configuration Changes”.
Various Sendmail configuration files are installed in the
/etc/mail/
directory including:
access
— Specifies which systems can use Sendmail for outbound email.domaintable
— Specifies domain name mapping.local-host-names
— Specifies aliases for the host.mailertable
— Specifies instructions that override routing for particular domains.virtusertable
— Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine.
Several of the configuration files in
/etc/mail/
, such as access
, domaintable
, mailertable
and virtusertable
, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command, as root
:
~]# makemap hash /etc/mail/<name> < /etc/mail/<name>
where <name> represents the name of the configuration file to be updated. You may also restart the
sendmail
service for the changes to take effect by running:
~]# service sendmail restart
For example, to have all emails addressed to the
example.com
domain delivered to bob@other-example.com
, add the following line to the virtusertable
file:
@example.com bob@other-example.com
To finalize the change, the
virtusertable.db
file must be updated:
~]# makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
Sendmail will create an updated
virtusertable.db
file containing the new configuration.
19.3.2.3. Common Sendmail Configuration Changes
When altering the Sendmail configuration file, it is best not to edit an existing file, but to generate an entirely new
/etc/mail/sendmail.cf
file.
Warning
Before replacing or making any changes to the
sendmail.cf
file, create a backup copy.
To add the desired functionality to Sendmail, edit the
/etc/mail/sendmail.mc
file as root. Once you are finished, restart the sendmail
service and, if the m4 package is installed, the m4
macro processor will automatically generate a new sendmail.cf
configuration file:
~]# service sendmail restart
Important
The default
sendmail.cf
file does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the /etc/mail/sendmail.mc
file, and either change the address specified in the Addr=
option of the DAEMON_OPTIONS
directive from 127.0.0.1
to the IP address of an active network device or comment out the DAEMON_OPTIONS
directive all together by placing dnl
at the beginning of the line. When finished, regenerate /etc/mail/sendmail.cf
by restarting the service
~]# service sendmail restart
The default configuration in Red Hat Enterprise Linux works for most
SMTP
-only sites. However, it does not work for UUCP (UNIX-to-UNIX Copy Protocol) sites. If using UUCP mail transfers, the /etc/mail/sendmail.mc
file must be reconfigured and a new /etc/mail/sendmail.cf
file must be generated.
Consult the
/usr/share/sendmail-cf/README
file before editing any files in the directories under the /usr/share/sendmail-cf
directory, as they can affect the future configuration of the /etc/mail/sendmail.cf
file.
19.3.2.4. Masquerading
One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For example, a company may want to have a machine called
mail.example.com
that handles all of their email and assigns a consistent return address to all outgoing mail.
In this situation, the Sendmail server must masquerade the machine names on the company network so that their return address is
user@example.com
instead of user@host.example.com
.
To do this, add the following lines to
/etc/mail/sendmail.mc
:
FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`example.com.')dnl MASQUERADE_DOMAIN(`example.com.')dnl MASQUERADE_AS(example.com)dnl
After generating a new
sendmail.cf
file using the m4
macro processor, this configuration makes all mail from inside the network appear as if it were sent from example.com
.
19.3.2.5. Stopping Spam
Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards.
Sendmail makes it relatively easy to block new spamming techniques being employed to send junk email. It even blocks many of the more usual spamming methods by default. Main anti-spam features available in sendmail are header checks, relaying denial (default from version 8.9), access database and sender information checks.
For example, forwarding of
SMTP
messages, also called relaying, has been disabled by default since Sendmail version 8.9. Before this change occurred, Sendmail directed the mail host (x.edu
) to accept messages from one party (y.com
) and sent them to a different party (z.net
). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the /etc/mail/relay-domains
file and restart Sendmail
~]# service sendmail restart
However users can also be sent spam from from servers on the Internet. In these instances, Sendmail's access control features available through the
/etc/mail/access
file can be used to prevent connections from unwanted hosts. The following example illustrates how this file can be used to both block and specifically allow access to the Sendmail server:
badspammer.com ERROR:550 "Go away and do not spam us anymore" tux.badspammer.com OK 10.0 RELAY
This example shows that any email sent from
badspammer.com
is blocked with a 550 RFC-821 compliant error code, with a message sent back. Email sent from the tux.badspammer.com
sub-domain, is accepted. The last line shows that any email sent from the 10.0.*.* network can be relayed through the mail server.
Because the
/etc/mail/access.db
file is a database, use the makemap
command to update any changes. Do this using the following command as root
:
~]# makemap hash /etc/mail/access < /etc/mail/access
Message header analysis allows you to reject mail based on header contents.
SMTP
servers store information about an email's journey in the message header. As the message travels from one MTA to another, each puts in a Received
header above all the other Received
headers. It is important to note that this information may be altered by spammers.
The above examples only represent a small part of what Sendmail can do in terms of allowing or blocking access. See the
/usr/share/sendmail-cf/README
file for more information and examples.
Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. See Section 19.4.2.6, “Spam Filters” for more information about using SpamAssassin.
19.3.2.6. Using Sendmail with LDAP
Using
LDAP
is a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an LDAP
server can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation, LDAP
is largely separate from Sendmail, with LDAP
storing the hierarchical user information and Sendmail only being given the result of LDAP
queries in pre-addressed email messages.
However, Sendmail supports a much greater integration with
LDAP
, where it uses LDAP
to replace separately maintained files, such as /etc/aliases
and /etc/mail/virtusertables
, on different mail servers that work together to support a medium- to enterprise-level organization. In short, LDAP
abstracts the mail routing level from Sendmail and its separate configuration files to a powerful LDAP
cluster that can be leveraged by many different applications.
The current version of Sendmail contains support for
LDAP
. To extend the Sendmail server using LDAP
, first get an LDAP
server, such as OpenLDAP, running and properly configured. Then edit the /etc/mail/sendmail.mc
to include the following:
LDAPROUTE_DOMAIN('yourdomain.com')dnl FEATURE('ldap_routing')dnl
Note
This is only for a very basic configuration of Sendmail with
LDAP
. The configuration can differ greatly from this depending on the implementation of LDAP
, especially when configuring several Sendmail machines to use a common LDAP
server.
Consult
/usr/share/sendmail-cf/README
for detailed LDAP
routing configuration instructions and examples.
Next, recreate the
/etc/mail/sendmail.cf
file by running the m4
macro processor and again restarting Sendmail. See Section 19.3.2.3, “Common Sendmail Configuration Changes” for instructions.
For more information on
LDAP
, see Section 20.1, “OpenLDAP”.