Home

Providing E-mail Services for a Small Office

Issue 84

From Issue #84
April 2001

Apr 01, 2001  By Stew Benedict
 in
If your company isn't ready to dive head first into DSL or full-service Internet and e-mail service, a system like this might be a good solution.
Local Mail Handling

Let's get the Sun/Linux mail passing out of the way first, so if you don't need the second server, you can ignore it and move on.

The Sun box's /etc/mail/sendmail.cf is standard. When I set this up, I was still new to Solaris and hesitant to fool too much with a system running our whole plant, so I did this to pass mail out /etc/mail/sendmail.cf entry:

DRmailhost
CRmailhost

/etc/hosts/entry: 

192.9.200.2     linuxserver mailhost
Before I made the change, /etc/hosts had the mailhost entry after the Sun's IP address: 
192.9.200.1 mrpserver mailhost
This seemed to do the trick to get outgoing mail over to the Linux box.

On the Linux box, we want all local mail to go to the Sun box, where the users' mail folders reside. None of my users, aside from me, directly log in to the Linux box. They use files shared through Samba. Telnet and FTP access is closed off:

DHrelay:mrpserver.thriftycompany.com

The exceptions to this are root and the thriftycompany user, whom I'd like to stay on this box: 

CL root thriftycompany
That about covers the interaction between the two local UNIX boxes. Local mail stays on the Sun, internet mail gets passed to Linux and then queued for the next connection. Incoming internet mail will get re-addressed to local users and then relayed to the Sun box. The root and thriftycompany accounts on the Linux box stay put, and I check those as part of my daily routine.

Internet Mail, Outgoing

Some of this setup was taken from various HOWTOs over the years; other parts I gleaned from scouring Usenet and the O'Reilly sendmail book.

sendmail startup: for a demand dial scenario, we don't want sendmail initiating the connection each time there is mail in the queue, so you need to edit your sendmail startup line to hold off on “expensive” mail:

old entry: /usr/sbin/sendmail -bd -q15m
new entry: /usr/sbin/sendmail -bd -os

On a Red Hat-based system, this would be set up in /etc/sysconfig/sendmail and/or /etc/rc.d/init.d/sendmail.

You'll be defining which mail is expensive within the /etc/sendmail.cf file in Listing 1, as well as telling sendmail to hold this type of mail.

Listing 1. Defining and Holding Expensive Mail

Notice the “e” in the “F=” portion for smtp, esmtp and smtp8. This is the “expensive” flag, and we leave it off the local relay. Also the Mlocal and Mprog should not have this flag so that local system mail gets delivered immediately.

A cron job connects to the Internet twice an hour, and as part of that job, we will send out all the queued mail once the internet connection is in place:

/usr/sbin/sendmail -q -v

Now to get the outgoing mail delivered and not rejected by domains on the Internet. Since we do not have a valid domain name, we need to do some work on the return address. We need to masquerade the return address, as well as the envelope, and to get any replies back to the original sender, we need to rewrite the “From:” address.

Masquerading

If you are building up your sendmail.cf from m4 sources, then your local .mc file needs to contain the following:

MASQUERADE_AS(someisp.com)
FEATURE(masquerade_envelope)
FEATURE(limited_masquerade)
FEATURE(genericstable)

We are using limited masquerading so only hosts defined in CM get masquerade. If you are just editing /etc/sendmail.cf, then the following lines need to be modified as shown: 

# who I masquerade as (null for no masquerading)
  (see also $=M)
DMsomeisp.com
You will probably also want to relay the mail through your ISP so that any downstream mail servers see the mail as coming from a valid domain: 
# "Smart" relay host (may be null)
DSsmtp:smtp.someisp.com
Define the domain names that should be converted to the masqueraded address: 
CG mrpserver.thriftycompany.com
CM mrpserver.thriftycompany.com
(If you've got just the one box, this would be linuxserver.thriftycompany.com.)

Now, the sendmail.cf lines to masquerade the contents and the envelope get a bit messy. You would probably be better off building a sendmail.cf from the m4 sources as shown in Listing 2.

Listing 2. Building sendmail from M4 Sources

The final piece of the outgoing puzzle is to get the user's return address rewritten. If I were to compose a message on the Sun box, Pine would put together a return address that looks something like this:

Stew Benedict <stew@mrpserver.thriftycompany.com>

Looks good enough, except that it is not a real address out on the Internet, and I would never get a reply to my message. Plus, most mail systems would reject it coming in as a nonexistent domain address.

What I want it to look like is this:

Stew Benedict <thriftycompany@someisp.com>

This is where sendmail's “genericstable” feature will finish up the job. Again, if you are building up your sendmail.cf from m4 sources, the following line will do the trick: 

FEATURE(genericstable)
In the sendmail.cf file, if you are hand editing it: 
# Generics table (mapping outgoing addresses)
Kgenerics hash -o /etc/genericstable
(The -o means “optional”, so sendmail will not halt on startup for lack of the file.) This addition to your local .mc file generates the block shown in Listing 3 in sendmail.cf.

Listing 3. sendmail.cf

The genericstable.db file is built up from a text file of the following format:

stew      thriftycompany@someisp.com
joe     thriftycompany@someisp.com

This file is then fed to the makemap program to create the db file: 

makemap hash genericstable.db < genericstable
That does it for outgoing mail. Once you have finished creating/modifying sendmail.cf and creating the genericstable.db file, you will need to restart sendmail. On a Red Hat-based system, this is done with: 
/etc/rc.d/init.d/sendmail restart

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions