Providing E-mail Services for a Small Office

If your company isn't ready to dive head first into DSL or full-service Internet and e-mail service, a system like this might be a good solution.
Local Mail Handling

Let's get the Sun/Linux mail passing out of the way first, so if you don't need the second server, you can ignore it and move on.

The Sun box's /etc/mail/sendmail.cf is standard. When I set this up, I was still new to Solaris and hesitant to fool too much with a system running our whole plant, so I did this to pass mail out /etc/mail/sendmail.cf entry:

DRmailhost
CRmailhost

/etc/hosts/entry:

192.9.200.2     linuxserver mailhost
Before I made the change, /etc/hosts had the mailhost entry after the Sun's IP address:
192.9.200.1 mrpserver mailhost
This seemed to do the trick to get outgoing mail over to the Linux box.

On the Linux box, we want all local mail to go to the Sun box, where the users' mail folders reside. None of my users, aside from me, directly log in to the Linux box. They use files shared through Samba. Telnet and FTP access is closed off:

DHrelay:mrpserver.thriftycompany.com

The exceptions to this are root and the thriftycompany user, whom I'd like to stay on this box:

CL root thriftycompany
That about covers the interaction between the two local UNIX boxes. Local mail stays on the Sun, internet mail gets passed to Linux and then queued for the next connection. Incoming internet mail will get re-addressed to local users and then relayed to the Sun box. The root and thriftycompany accounts on the Linux box stay put, and I check those as part of my daily routine.

Internet Mail, Outgoing

Some of this setup was taken from various HOWTOs over the years; other parts I gleaned from scouring Usenet and the O'Reilly sendmail book.

sendmail startup: for a demand dial scenario, we don't want sendmail initiating the connection each time there is mail in the queue, so you need to edit your sendmail startup line to hold off on “expensive” mail:

old entry: /usr/sbin/sendmail -bd -q15m
new entry: /usr/sbin/sendmail -bd -os

On a Red Hat-based system, this would be set up in /etc/sysconfig/sendmail and/or /etc/rc.d/init.d/sendmail.

You'll be defining which mail is expensive within the /etc/sendmail.cf file in Listing 1, as well as telling sendmail to hold this type of mail.

Listing 1. Defining and Holding Expensive Mail

Notice the “e” in the “F=” portion for smtp, esmtp and smtp8. This is the “expensive” flag, and we leave it off the local relay. Also the Mlocal and Mprog should not have this flag so that local system mail gets delivered immediately.

A cron job connects to the Internet twice an hour, and as part of that job, we will send out all the queued mail once the internet connection is in place:

/usr/sbin/sendmail -q -v

Now to get the outgoing mail delivered and not rejected by domains on the Internet. Since we do not have a valid domain name, we need to do some work on the return address. We need to masquerade the return address, as well as the envelope, and to get any replies back to the original sender, we need to rewrite the “From:” address.

Masquerading

If you are building up your sendmail.cf from m4 sources, then your local .mc file needs to contain the following:

MASQUERADE_AS(someisp.com)
FEATURE(masquerade_envelope)
FEATURE(limited_masquerade)
FEATURE(genericstable)

We are using limited masquerading so only hosts defined in CM get masquerade. If you are just editing /etc/sendmail.cf, then the following lines need to be modified as shown:

# who I masquerade as (null for no masquerading)
  (see also $=M)
DMsomeisp.com
You will probably also want to relay the mail through your ISP so that any downstream mail servers see the mail as coming from a valid domain:
# "Smart" relay host (may be null)
DSsmtp:smtp.someisp.com
Define the domain names that should be converted to the masqueraded address:
CG mrpserver.thriftycompany.com
CM mrpserver.thriftycompany.com
(If you've got just the one box, this would be linuxserver.thriftycompany.com.)

Now, the sendmail.cf lines to masquerade the contents and the envelope get a bit messy. You would probably be better off building a sendmail.cf from the m4 sources as shown in Listing 2.

Listing 2. Building sendmail from M4 Sources

The final piece of the outgoing puzzle is to get the user's return address rewritten. If I were to compose a message on the Sun box, Pine would put together a return address that looks something like this:

Stew Benedict <stew@mrpserver.thriftycompany.com>

Looks good enough, except that it is not a real address out on the Internet, and I would never get a reply to my message. Plus, most mail systems would reject it coming in as a nonexistent domain address.

What I want it to look like is this:

Stew Benedict <thriftycompany@someisp.com>

This is where sendmail's “genericstable” feature will finish up the job. Again, if you are building up your sendmail.cf from m4 sources, the following line will do the trick:

FEATURE(genericstable)
In the sendmail.cf file, if you are hand editing it:
# Generics table (mapping outgoing addresses)
Kgenerics hash -o /etc/genericstable
(The -o means “optional”, so sendmail will not halt on startup for lack of the file.) This addition to your local .mc file generates the block shown in Listing 3 in sendmail.cf.

Listing 3. sendmail.cf

The genericstable.db file is built up from a text file of the following format:

stew      thriftycompany@someisp.com
joe     thriftycompany@someisp.com

This file is then fed to the makemap program to create the db file:

makemap hash genericstable.db < genericstable
That does it for outgoing mail. Once you have finished creating/modifying sendmail.cf and creating the genericstable.db file, you will need to restart sendmail. On a Red Hat-based system, this is done with:
/etc/rc.d/init.d/sendmail restart

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState