Sendmail Setup for Your Home Network

Sendmail is one of the oldest and most used programs that makes the Internet works. Its function is to transport electronic mail from one machine (usually the message sender's machine) to another, until the message reaches his final destination.

Sendmail is an extraordinary piece of software, adaptable for complex to modest installations with different needs. Almost every UNIX administrator has faced the installation and configuration procedures of Sendmail and learned that the available options are extensive and, sometimes, frustrating.

In this article we will address a basic installation procedure (sort of a recipe for a quick set up of your mail server) for the average user. Assuming the system is a home or small company network with a Linux machine running Sendmail as the mail server, Sendmail's functions will be to receive mail messages from machines on the internal network, deliver local messages to their respective users and deliver to the Internet messages for external destinations. Additionally, the server will receive mail from the Internet.

I assume an internal network domain with the name intranet.mydomain.com, and the machines in this network use non-public IP numbers of the form 192.168.XXX.XXX. The mail server has an interface connected to the Internet with a real IP number needed for external mail reception using the domain mydomain.com.

In my experience I have found having different domains for internal and external networks makes it easier to have other types of setups, like DNS (domain name services), separate traffic and privacy.

Obtaining and Installing Sendmail

Every Linux distribution includes Sendmail as one of the basic programs and some default configuration files that work well. However, if you are concerned about security or you are a do-it-yourself person, it is advisable to install the latest version of Sendmail. The procedure is straightforward, and you can use an updated RPM or download the source code from www.sendmail.org (I prefer the last method). Next, extract the sources and compile the program using the predefined scripts.

The following is a listing of the commands I used to unzip the tar file and build the code on my machine, which runs a Red Hat Linux 6.2 distribution.

$ tar -zxvf sendmail.8.11.2.tar.gz
$ cd sendmail-8.11.2
$ ./Build
$ su
# ./Build install
Creating a Customized Configuration File

Now you must set up the configuration files. If you have compiled the source version without modifications, all the required files will live in /etc/mail/. The most important file is /etc/mail/sendmail.cf; this file holds the options necessary for Sendmail to work and is a text file. In the old days, you would have had to edit this by hand to change the configuration, and if you look at the text, it is somewhat confusing.

Fortunately newer versions of Sendmail come with an easier setup procedure based on predefined blocks and macros that hide the details of the configuration--think of it as compiling a configuration file for Sendmail.

The following commands can be used to generate a valid Sendmail configuration file from the cf/cf subdirectory of the source directory.

$ cd sendmail-8.11.2
$ cd cf/cf
$ cp generic-linux.mc myconfig.mc
$ m4 ../m4/cf.m4 myconfig.mc > sendmail.cf

The resulting sendmail.cf file can be installed in /etc/mail and used to run the Sendmail server. You must restart the service to activate the new options. For Red Hat, this can be done with a command like:

# /etc/rc.d/init/sendmail restart

Creating a Configuration File for a Mail Server

Now that you have generated a standard setup file for Sendmail, the next step is to build a file for the main mail server, the one that manages e-mail both internal and external on your network.

Listing 1 shows the complete source file for the configuration. I will now cover each of the features in more detail.

Listing 1. Source File for Sendmail Configuration

The combination of the allmasquerade, masquerade_envelope and MASQUERADE_AS features and directives are used to hide the names of the hosts in your internal network and make the mail messages appear to come from mydomain.com. This way you have a more uniform address across your organization, regardless of the internal machine used to send the e-mail.

The other section added to this file rewrites the recipient's address. This kind of rewrite generally occurs when an internal machine or a local program is used to send e-mail (pine on the mail server, for example). In that case the recipient address may contain the server name and intranet domain. What this rewrites does is catch this type of recipient address and rewrite it to a uniform address.

Creating a Configuration File for a Linux Client Machine

For the internal Linux machines on our network, we can create a configuration file because the client machines use the mail server (mailhub) to send the e-mail. In this form, all of the rewrites and masquerading rules already discussed before are applied to the mail sent from these machines. The contents of the file are:

OSTYPE(linux)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
FEATURE(nullclient, mailhub)dnl

The magic comes from the last line of this file. FEATURE(nullcient, mailhub) indicates we are using "mailhub" as our mail server. The Sendmail process on the client machines simply sent the e-mail to this server.

The procedure for generating the final sendmail.cf file is the same as specified in the previous section.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix