Providing E-mail Services for a Small Office

If your company isn't ready to dive head first into DSL or full-service Internet and e-mail service, a system like this might be a good solution.
Local Mail Handling

Let's get the Sun/Linux mail passing out of the way first, so if you don't need the second server, you can ignore it and move on.

The Sun box's /etc/mail/sendmail.cf is standard. When I set this up, I was still new to Solaris and hesitant to fool too much with a system running our whole plant, so I did this to pass mail out /etc/mail/sendmail.cf entry:

DRmailhost
CRmailhost

/etc/hosts/entry:

192.9.200.2     linuxserver mailhost
Before I made the change, /etc/hosts had the mailhost entry after the Sun's IP address:
192.9.200.1 mrpserver mailhost
This seemed to do the trick to get outgoing mail over to the Linux box.

On the Linux box, we want all local mail to go to the Sun box, where the users' mail folders reside. None of my users, aside from me, directly log in to the Linux box. They use files shared through Samba. Telnet and FTP access is closed off:

DHrelay:mrpserver.thriftycompany.com

The exceptions to this are root and the thriftycompany user, whom I'd like to stay on this box:

CL root thriftycompany
That about covers the interaction between the two local UNIX boxes. Local mail stays on the Sun, internet mail gets passed to Linux and then queued for the next connection. Incoming internet mail will get re-addressed to local users and then relayed to the Sun box. The root and thriftycompany accounts on the Linux box stay put, and I check those as part of my daily routine.

Internet Mail, Outgoing

Some of this setup was taken from various HOWTOs over the years; other parts I gleaned from scouring Usenet and the O'Reilly sendmail book.

sendmail startup: for a demand dial scenario, we don't want sendmail initiating the connection each time there is mail in the queue, so you need to edit your sendmail startup line to hold off on “expensive” mail:

old entry: /usr/sbin/sendmail -bd -q15m
new entry: /usr/sbin/sendmail -bd -os

On a Red Hat-based system, this would be set up in /etc/sysconfig/sendmail and/or /etc/rc.d/init.d/sendmail.

You'll be defining which mail is expensive within the /etc/sendmail.cf file in Listing 1, as well as telling sendmail to hold this type of mail.

Listing 1. Defining and Holding Expensive Mail

Notice the “e” in the “F=” portion for smtp, esmtp and smtp8. This is the “expensive” flag, and we leave it off the local relay. Also the Mlocal and Mprog should not have this flag so that local system mail gets delivered immediately.

A cron job connects to the Internet twice an hour, and as part of that job, we will send out all the queued mail once the internet connection is in place:

/usr/sbin/sendmail -q -v

Now to get the outgoing mail delivered and not rejected by domains on the Internet. Since we do not have a valid domain name, we need to do some work on the return address. We need to masquerade the return address, as well as the envelope, and to get any replies back to the original sender, we need to rewrite the “From:” address.

Masquerading

If you are building up your sendmail.cf from m4 sources, then your local .mc file needs to contain the following:

MASQUERADE_AS(someisp.com)
FEATURE(masquerade_envelope)
FEATURE(limited_masquerade)
FEATURE(genericstable)

We are using limited masquerading so only hosts defined in CM get masquerade. If you are just editing /etc/sendmail.cf, then the following lines need to be modified as shown:

# who I masquerade as (null for no masquerading)
  (see also $=M)
DMsomeisp.com
You will probably also want to relay the mail through your ISP so that any downstream mail servers see the mail as coming from a valid domain:
# "Smart" relay host (may be null)
DSsmtp:smtp.someisp.com
Define the domain names that should be converted to the masqueraded address:
CG mrpserver.thriftycompany.com
CM mrpserver.thriftycompany.com
(If you've got just the one box, this would be linuxserver.thriftycompany.com.)

Now, the sendmail.cf lines to masquerade the contents and the envelope get a bit messy. You would probably be better off building a sendmail.cf from the m4 sources as shown in Listing 2.

Listing 2. Building sendmail from M4 Sources

The final piece of the outgoing puzzle is to get the user's return address rewritten. If I were to compose a message on the Sun box, Pine would put together a return address that looks something like this:

Stew Benedict <stew@mrpserver.thriftycompany.com>

Looks good enough, except that it is not a real address out on the Internet, and I would never get a reply to my message. Plus, most mail systems would reject it coming in as a nonexistent domain address.

What I want it to look like is this:

Stew Benedict <thriftycompany@someisp.com>

This is where sendmail's “genericstable” feature will finish up the job. Again, if you are building up your sendmail.cf from m4 sources, the following line will do the trick:

FEATURE(genericstable)
In the sendmail.cf file, if you are hand editing it:
# Generics table (mapping outgoing addresses)
Kgenerics hash -o /etc/genericstable
(The -o means “optional”, so sendmail will not halt on startup for lack of the file.) This addition to your local .mc file generates the block shown in Listing 3 in sendmail.cf.

Listing 3. sendmail.cf

The genericstable.db file is built up from a text file of the following format:

stew      thriftycompany@someisp.com
joe     thriftycompany@someisp.com

This file is then fed to the makemap program to create the db file:

makemap hash genericstable.db < genericstable
That does it for outgoing mail. Once you have finished creating/modifying sendmail.cf and creating the genericstable.db file, you will need to restart sendmail. On a Red Hat-based system, this is done with:
/etc/rc.d/init.d/sendmail restart

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix