These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX02/Sendmail Configuration

Classnotes | UNIX02 | RecentChanges | Preferences

Sendmail's configuration files are generally located in /etc/mail. Taking a look at this directory, you may see something similar to the following:

 [root@pagewind mail]# ls -la
 total 236
 drwxr-xr-x    2 root     root     4096 Aug 28 12:16 .
 drwxr-xr-x   55 root     root     4096 Aug 27 14:34 ..
 -rw-r--r--    1 root     root      331 Mar 26 04:19 access
 -rw-r-----    1 smmsp    root    12288 Aug 22 15:36 access.db
 -rw-r--r--    1 root     root      231 Aug 27 12:47 aliases
 -rw-r--r--    1 root     root        0 Mar 26 04:19 domaintable
 -rw-r-----    1 smmsp    root    12288 Aug 22 15:36 domaintable.db
 -rw-r--r--    1 root     root     5588 Mar 26 04:19 helpfile
 -rw-r--r--    1 root     root       78 Aug 22 10:40 local-host-names
 -rw-r--r--    1 root     root         0 Mar 26 04:19 mailertable
 -rw-r-----    1 smmsp    root    12288 Aug 22 15:36 mailertable.db
 -rw-r--r--    1 root     root      843 Mar 26 04:19 Makefile
 -rw-r--r--    1 root     root     61700 Aug 28 12:16 sendmail.cf
 -rw-r--r--    1 root     root     5854 Aug 28 12:16 sendmail.mc
 -rw-------    1 root     root      628 Aug 29 21:52 statistics
 -rw-r--r--    1 root     root    39034 Aug 22 10:42 submit.cf
 -rw-r--r--    1 root     root      953 Mar 26 04:19 submit.mc
 -rw-r--r--    1 root     root      127 Mar 26 04:19 trusted-users
 -rw-r--r--    1 root     root        0 Mar 26 04:19 virtusertable
 -rw-r-----    1 smmsp    root     12288 Aug 22 15:36 virtusertable.db

The first thing you'll notice is that many files have duplicate names with different extensions. This is because many of Sendmail's files are in a binary (or even "byte-code"-like) format that is not human readable. As you can see from our activities thus far, this does deviate from most other UNIX servers which deal with plain-text configuration files.

With Sendmail, you usually edit a plain-text file of a given format as you do any other UNIX daemon's configuration file, and then you apply some sort of compiler or "hash-generator" to that file to create the actual file Sendmail uses.

For example, you edit the sendmail.mc file to configure Sendmail, but you compile that file into the sendmail.cf file for Sendmail to use.

access

This file dictates the access rights for relaying through this host. Unless you wish to have some alternative hosts set up for relaying, most of the time you will only want this to be the localhost:
 localhost.localdomain           RELAY
 localhost                       RELAY
 127.0.0.1                       RELAY

aliases

This is the alias file for Sendmail. With it, you can have mappings from addresses to addresses. The format for this file is very straight-forward, and is very similar to the format for Postfix's aliases file. See the aliases man page for more information

sendmail.mc

This is the default configuration file for Sendmail. The format is rather complex and may seem very bizarre, however, do pay special attention to the comments as they can be helpful. Here some example sendmail.mc settings

 divert(-1)dnl
 include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
 VERSIONID(`setup for Red Hat Linux')dnl
 OSTYPE(`linux')dnl

This is usually how your sendmail.mc file starts. It includes definitions about the server OS. You may wish to obfuscate this for some small security increase (though, anything obfuscated here can easily be determined by other means).

 dnl #
 dnl # Uncomment and edit the following line if your outgoing mail needs to
 dnl # be sent out through an external mail server:
 dnl #
 dnl define(`SMART_HOST',`smtp.your.provider')

If you need to relay your mail through an external SMTP, then you define it here.

 dnl #
 dnl # The following allows relaying if the user authenticates, and disallows
 dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
 dnl #
 dnl define(`confAUTH_OPTIONS', `A p')dnl

This can be useful if you are requiring authentication for relaying. It can be beaten and might not be advisable (often, it is more effective to only relay those inside your own domain or sub-domain).

 dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
 dnl # slapd, which requires the file to be readble by group ldap
 dnl #
 dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl

If you use LDAP for authentication and mail services, then you will need to enable this.

 FEATURE(redirect)dnl
 FEATURE(always_add_domain)dnl

These two have to do with allowing redirects (via aliases file and virtual users), and tells Sendmail to add local domains to those messages lacking destination domains.

 dnl #
 dnl # The -t option will retry delivery if e.g. the user runs over his quota.
 dnl #
 FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

If you are using Procmail for your LDA, then you can tweak the settings here.

 FEATURE(`accept_unresolvable_domains')dnl

This feature is not recommended as it can allow spam into your network. However, there are many persons who will be originating their completely valid messages from cable-modem or DSL accounts which use NAT and will be unresolvable domains. So, it is really up to you if you want to enable this or not.

 dnl # 
 dnl # Also accept email sent to "localhost.localdomain" as local email.
 dnl # 
 LOCAL_DOMAIN(`localhost.localdomain')dnl

You will generally want this enabled. Otherwise local mail may not deliver properly.

 MAILER(local)dnl
 MAILER(smtp)dnl
 MAILER(procmail)dnl
 MAILER(pop)dnl
 MAILER(imap)dnl

Near the end of the file, you will find various mailer plugins. These enable various things such as POP3 and IMAP support, SMTP support, local delivery, etc.

Compiling sendmail.mc

Sendmail's configuration files are written in a macro language known as M4. This gives them a great deal of configurability (arguably more so than any other MTA), but makes them very complicated and hard to "get right".

Once you have configured sendmail.mc to your liking, you must compile it down to sendmail.cf. There are a number of ways to do this, and depending upon who you ask you may get wildly different answers, but I usually prefer the following:

First, I compile the sendmail.mc file to a temporary file:

 # m4 sendmail.mc > _sendmail.cf

I do this to prevent accidentally breaking Sendmail's functionality during the compile. After this, I simply move the temporary file onto the permanent one:

 # mv _sendmail.cf sendmail.cf 

This is typically a pretty safe thing to do, and should not disrupt a running Sendmail system.



Classnotes | UNIX02 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited August 30, 2003 3:22 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.