Linux Admin Sendmail.Docx

[TYPE THE COMPANY NAME]

Sendmail

IT 302 Virtual Library

Michael Gigliotti

8/8/2012

Virtual library assignment, covering sendmail and alternatives.

Sendmail is the program used by UNIX, and some of its offshoots like BSD, Linux, SunOS, ULTRIX to handle email. Sendmail was created by Eric Allman (Vixie and Aviolo) to solve the problem of address mapping between the email system and the network. Sendmail routes mail between a UA-mail user agent, a program used to read and send email, and an MTA-message transfer agent, program used to move mail between hosts using a particular network language/protocol. A design goal of sendmail is to accommodate the addition of new UAs and MTAs with only minor configuration changes. (Vixie and Aviolo) Sendmail supports distribution lists in the form of aliases for people or sets of people, the use of individual user .forward files to allow the forwarding of incoming e-mail to programs or other mailboxes. Sendmail also facilitates the rewriting of e-mail addresses to allow for a gateway to deliver mail between different kinds of mail networks and provide a mechanism for bridging between different systems. Sendmail provides for message queuing when a retry able error is encountered, plus automatic routing and returning the e-mail to the sender when an unrecoverable error is encountered. (Vixie and Aviolo) The software used by sendmail to locate domains on the DNS server is the resolver. The resolver is built into C libraries as a directly callable function and as stubs hidden behind the gethostbyname and gethostbyaddr functions. (Vixie and Aviolo) Most of the options of the resolver are turned on by default. One option is DNSRCH, this option tells the resolver to try partial name matches by adding the local domain to the requested domain. When sendmail tries to deliver mail to a domain it first searches for the mail exchanger domain resource records for the domain name. If there are not any mail exchanger domain resource records sendmail searches for address domain resource records. If sendmail finds an address resource records, it responds as if there is a single mail exchange domain resource record for the domain, pointing at the domain at priority zero proceeding as if the mail exchange domain resource record had been found in the DNS. (Vixie and Aviolo) When sendmail has mail exchanger resource records for a domain it sorts them by priority from low to high. Then it scans the list for its own name. If it finds a mail exchange host matching its own name it removes the mail exchange domain resource records and all other records with an equal or lower(equal or higher number) mail exchange priority. This is how sendmail does not see itself on a mail exchange domain resource record and route mail through the mail exchange resource records. (Vixie and Aviolo) Once sendmail has a sorted mail exchange domain resource record list, sendmail delivers the mail using the highest priority (lowest numbered) mail exchange domain resource record first, then continuing down the list. Sendmail will load balance if several mail exchange resource records have the same priority by reordering at random. Sendmail is meant to be configurable because no one configuration can work for every possible host, site or network. Issues when planning a sendmail configuration include network connectivity, mail protocols, error handling, and administration. (Vixie and Aviolo) When designing a sendmail configuration take into account the overall design of a company’s email system. There are five main types of mail configurations. (Vixie and Aviolo) In the mail hub, a host is a relay between gateway hosts and other mail hubs. Mail hubs are concentration points in the flow of email distributed geographically based upon network population. Hubs gather mail from client hosts and forward it to other hubs closer to the destination or mail gateway. In the mail gateway, a host or a process is between one environment and at least one other environment. This host or process relays the mail as its primary job. Today all internet email passes through email gateways. (Vixie and Aviolo) Email gateways provide many services. An email gateway serves as a connector through the internet firewall. Mail gateways act as mail exchangers for their own or other domains. A virtual domain is a domain not actually mapping to IP host or network addresses. Gateways can handle mail for existing domains and virtual domains. A mail gateway can be used for header translation. If a private network is isolated from the internet the mail gateway is the mail exchange service for the hosts in its domain. In a simple client configuration, a client handles local mail. All other mail is sent without processing to a mail hub. Incoming mail is received by a hub offering mail to the simple client using NFS of POP. In smart client, an end host must be able to speak at least one network protocol, at least one mail protocol, and be connected to at least one physical network. A smart client may deliver some mail directly by itself, the rest is sent to a hub. A smart client can handle mail to a subset of the email network. It will send mail directly to all mailboxes within its domain and use a hub for mail outside of its domain and external mail. In a mail cluster a group of mail hosts share a common user name space and a common aliases database. Mail sent to a user on any of the hosts in the cluster will get to the proper mailbox. In a mail cluster a provision can be made for nonglobal mail addresses. Most groups of hosts today are aggregated into mail clusters. Before sitting down to write or modify a sendmail.cf file, we have to ask ourselves some questions and gather some data. This includes our parent domain name for the sendmail configuration. This is usually everything following the first dot (.) in our own fully qualified host name. The parent domain name will usually be the same for most of our hosts, or at least most hosts of a given mail hub. If this host is known by any other name, or if this host should treat any other host names as local, these names are our pseudonyms. These are taken into account as we configure sendmail. We might have pseudonyms because of the consolidation of hosts and need old addresses to continue to work, or a mail hub needs to accept mail addressed to its generic domain name or names. (Vixie and Aviolo) The sendmail configuration file is sendmail.cf, it tells sendmail how to parse mail addresses, rewrite mail addresses, what MTAs sendmail should know about, how to route mail, and to set options and other values. The directory /etc/mail contains all the sendmail configuration files. There are four files on the server to be of concern. /etc/mail/access set per host and per domain access controls for the mail server. /etc/mail/aliases contains a map of email redirections for the local host. /etc/mail/mailertable allows the override of MX records for the mail server. /etc/mail/relay-domains lists domain names and addresses the server will relay email for. (Lucas) A line type is determined by the first character. Blank lines are ignored and are used for readability. Lines beginning with a tab are continuations from the preceding line. # is a comment line ignored by sendmail. C is class definitions. Classes are sets of tokens used for matching the left hand side/pattern side of a rule. (Vixie and Aviolo) Classes are used to test if part of an address matches one of a set of words or tokens. D is for macro definitions, variables when defined and used are treated like string constants in the form of DXvalue. Where X is a single character and value is a character string without blanks or tabs.

These are some of the macro definitions defined internally by Sendmail: a The Date: in Arpanet format (e.g., "Tue, 14 Jan 92 10:39:35 -0500"). b The current date in Arpanet format. c The hop count. Essentially the number of Received: headers. d The time in ctime format (e.g., "Tue Jan 14 10:39:35 1992"). f The sender (from) address. g The sender address relative to the recipient (a path). h The recipient host. i The queue identifier (usually built from the pid). p The Sendmail pid. r The protocol used. s The sender's host name. t The current time (e.g., "920114103935"). u The recipient user. v The version number of the compiled Sendmail. w The name of this host (might be fully qualified, or not).[a] x The full name of the sender (e.g., "Bullwinkle T. Moose"). y The name of the sender's tty port (e.g., 09 for /dev/tty09). z The home directory of the recipient. (Vixie and Aviolo) Rules are the executable lines of the configuration file. Rules start with R, have a left hand side (LHS), a right hand side (RHS) and comment lines. A line is separated by tabs, not spaces. A delimiter is a special character considered to be place indicators or operators. The @ and . in sales.cars@fuccillo.com are delimiters. Delimiters are set in sendmail.cf using the O OperatorChars= directive. (Vixie and Aviolo) A token is a word or string not used as a delimiter. In the above example, sales, cars, fuccillo and com are tokens. The $ is used to introduce special characters. Special symbols used on the LHS:
$* Zero or more tokens plus all delimiters between or around them.
$+ One or more tokens plus all delimiters between and or around them.
$- Exactly one token.
$=X Any word in class X.
$~X Any word not in class X. $X The exact string defined by macro X. The RHS has special symbols as well:
$: Apply this transformation exactly once, then go to the next rule
$@ After applying this transformation, exit from the ruleset
$n token number n matched on the LHS by a pattern variable
$>m Call ruleset m. This is like a function call
$[ Send everything before the next $] to the DNS resolver, and use result of that lookup as the transformation.
$] similar to $[
$: This introduces an "Else" if used between a $[ and $] This is an example of a configuration file: (Vixie and Aviolo)
# Thanks to Peter Churchyard, 0x8
# Imperial College, London. 0X12
# Pfirst-class=0
# Your local domain. Pspecial-delivery=100
DDdco.frobozz.com Pjunk=-100 Troot daemon uucp
# Your full hostname H?F?From: $q
Dj$w H?D?Date: $a
#Dj$w.$D H?M?Message-Id:
DRrelayhost.dco.frobozz.com HSubject:
DVsimple
Dnmailer-daemon S0
DlFrom $g $d remote from $U R$*@$j $#local$:$l optional
Do@.% R$*@$w $#local$:$1 optional
Dq$?x$x $|$g$. R$- $#local$:$1 optional
De$j Sendmail $v/$V ready at $b R$* $#remote$@$R$:$1
Odbackground S1
Om S2
OF0644 S3
Og1 R$*$* $2
OH/etc/sendmail.hf S4
OL6 Mremote, P=[IPC], F=nsmFDMuXC, \
Oo S=10, R=10, A=IPC $h
OQ/var/spool/mqueue Mlocal, P=/bin/mail, F=lsDFrmn, \
Or1h S=10, R=10, A=mail -r $f -d $u
OS/etc/sendmail.st Mprog, P=/bin/echo, F=lsDFMmn, \
OT3d S=10, R=10, A=mail $u
Ou1 S10 To operate properly Sendmail has to run in privileged mode as root user. In listener mode sendmail must binds to port 25. To do that it must run as root. When sendmail is about to invoke an MUA for final local delivery it changes its effective user id to be the recipient, and then writes the e-mail message into the user-owned file or directory. Sendmail can run as a less-privileged user. This option is provided for systems where there will be no local delivery like email gateways such as firewalls. As soon as sendmail binds to the SMTP port, the running sendmail process changes its effective user id to the less privileged user specified. The running sendmail daemon and all created processes run as the RunAsUser. (Vixie and Aviolo) There have been buffer-overflow attacks using long MIME headers against e-mail clients. They have not been against Sendmail. While people should patch their e-mail clients, sendmail allows the installer to put a limit on the size of MIME headers passing through the e-mail gateway to help lower the risk. Setting MaxMimeHeaderLength to the suggested 512 not very large, yet this is big for a MIME header. Sendmail provides a feature allowing email to be sent or redirected to a program for delivery automating the email process. Users or email administrators can send email messages through the procmail program to automate tasks like message filing and forwarding to the vacation program to selectively return an "I am away from my e-mail" message. Hackers have exploited filters like this in sendmail to their advantage. Restrictions placed on the execution of programs used as email filters will protect this vulnerability. Setting this option instructs sendmail to use the Sendmail Restricted Shell, smrsh, instead of the default command interpreter usually the UNIX command line interpreter /bin/sh. smrsh only executes programs in a configuration specified directory, /usr/adm/sm.bin/ is an example. If a user attempts to use a program not in a configuration specified directory as an email filter, sendmail returns an error message and does not complete the delivery. (Vixie and Aviolo) Sendmail defines a set of Privacy Flags. The option to set in the configuration file is PrivacyOptions. Some of the privacy flags control the use of the SMTP commands EXPN and VRFY. These commands are useful for debugging. VRFY verifies an address is valid. Issue the VRFY command:
VRFY name
Where name is hostname you want to verify. EXPN expands addresses into the list of mailboxes sendmail will attempt delivery to. If you want to see the individual email addresses hostname expands to, issue the following command:
EXPN hostname
Where hostname is the host you want information about. Sendmail allows you to disable these services for the sake of concealing private information from intruders. It is best to set these flags to disallow these functions. Select the authwarnings flag. Anytime the email exchange misfires, the IP address doesn't match the domain name, the name in the SMTP HELO command doesn't match the IP address, the discrepancy is noted in the addition of an X-Authentication-Warning: header line. Require a HELO command before allowing EXPN, VRFY or a MAIL command. The option flags to set would be needexpnhelo, needvrfyhelo, and needmailhelo. This will allow the mail to go through and log the activity. (Vixie and Aviolo) The dovecot IMAP server provides IMAP and POP3 services. Dovecot is located in /usr/ports/mail/dovecot. Dovecot can interoperate with LDAP servers, databases, authentication systems, and supports many configuration options. (Lucas) Dovecot installs documentation in /usr/local/share/doc/dovecot and example configuration files in /usr/local/etc. Copy the sample configuration file /usr/local/etc/dovecot-example.conf to /usr/local/etc/dovecot.conf and open in a text editor. By default dovecot does not encrypt IMAP and POP3 services. Change protocols entry by adding s to the end of the line for both services. Define where dovecot keeps its SSL certificates using ssl_cert_file and ssl_key_file variables. Default paths are provided. The directory /usr/local/share/dovecot contains the shell script and configuration file to create a dovecot SSL certificate. Find and change or enter the following, C=US, ST=NewYork, L=Schenectady, O is the organization, OU is organizational unit, common name is the reverse DNS name of the server clients get there mail from, emailAddress is the address of the person responsible for the server. Now run the mkcert.sh script:
# /usr/local/share/dovecot/mkcert.sh
Enable dovecot in /etc/rc.conf/ with dovecot_enable=”YES”
Then run /usr/local/etc/rc.d/dovecot start
/var/log/maillog will show dovecot starting and initializing SSL
THAT’S ALL FOLKS!!!!

Sendmail is implemented as a large program doing everything. One large program makes it easy to share mail, and easy to make a major error. Postfix is based on semi resident, mutually cooperating processes performing specific tasks without a preordained parent/child relationship. (www.akadia.com/services/postfix_mta.html) Postfix is implemented as a resident master server running the postfix daemon processes on demand. Postfix has four different queues. The maildrop queus is where localy posted mail is deposited and copied to the incoming queue after being cleaned up. The incoming queue is for still arriving mail or mail the queue manager is yet to look at. The active queue is a limited size queue for mail the queue manager has opened for delivery. The deferred queue is for mail unable to be delivered so it does not get in the way of deliverable mail. The queue manager, qmgr, keeps information in memory about the active queue. The active queue size is limited on purpose. The queue manager should never run out of working memory because of a peak message workload. (www.akadia.com/services/postfix_mta.html) Whenever there is space in the active queue, the queue manager lets in one message from the incoming queue and one from the deferred queue. This ensures new mail go through even when there is a large backlog. Instead of finding a complicated replacement for mail, you can replace the complicated sendmail with the simple alternative sSMTP. sSMTP simplifies the configuring of the SMTP options with a small configuration file allowing the specification of items like the name of the remote SMTP server, authorization and the domain for your outbound email similar to the configuration process of the mail reader. Installation of sSMTP can be done through the distribution package manager or can be built and installed from the source. To do a source installation, unpack the source, change into the source directory, and run the command ./configure --prefix=/usr/local/ssmtp --enable-ssl --enable-md5auth. Enabling SSL and MD5Auth allows you to communicate with an ISP requiring SMTP login. You can also enable IPv6 support if you need it. After configuration is completed, build and install the package using the normal make and sudo make install commands. When running the install command, the install will prompt for a few items. Follow the displayed instructions. Once installation completes find a directory called /usr/local/ssmtp with the sSMTP binary under the sbin subdirectory and the configuration file under the etc/ssmtp subdirectory. Now sendmail can be stopped and replaced with sSMTP. To stop Sendmail under Linux distributions using the System V init scripts: (archive09.linux.com/feature/132006) sudo service sendmail stop sudo chkconfig --levels 2345 sendmail off The first command stops the currently running instance of sendmail and the second prevents it from starting again on reboots. If using a version of Linux not using the SysVInit package, kill the sendmail process manually with the command sudo killall sendmail. To replace sendmail, copy it to another file then create a symbolic link from sSMTP to sendmail: (archive09.linux.com/feature/132006) sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.orig sudo ln -s /usr/local/ssmtp/sbin/ssmtp /usr/sbin/sendmail The first command moves the original sendmail out of the way, the second makes sSMTP the running program when a system command calls sendmail. This way is done because if problems occur using sSMTP, remove the symbolic link and move the sendmail copy back to its original name. The configuration file for sSMTP is based upon the --prefix option used with the configuration command building from the source code located in the /usr/local/ssmtp/etc/ssmtp/ssmtp.conf file. This file has only four common options plus some hidden options for authentication. (archive09.linux.com/feature/132006) After a sample build sSMTP created the following configuration file: # /etc/ssmtp.conf -- a config file for sSMTP sendmail. # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=postmaster # The place where the mail goes. The actual machine name is required # no MX records are consulted. Commonly mailhosts are named mail.domain.com # The example will fit if you are in domain.com and you mailhub is so named. mailhub=mail # Where will the mail seem to come from? #rewriteDomain=graphics-muse.org # The full hostname hostname=kepler.graphics-muse.org Change the root= value to an email address that will receive all system-generated email, such as output from cron jobs that encounter errors or log file analysis. I changed this line to my personal email address. mailhub= defines the SMTP server to which email should be sent. Set this line to the host you specify in your mail reader for the SMTP server. hostname= is the name of the mail host that you'd like recipients of your email to see it. Since I want responses to my email to be sent to back to my ISP domain so I can use my mail reader to retrieve it, I set this line to the ISP domain. This is the domain part of all outbound messages; all users on your system will appear to be coming from this domain.
You can use rewriteDomain= to spoof who you say you are. Since I'm already spoofing the server address with the hostname line, I leave this line commented out.
The initial configuration does not include information on how to log in to SMTP servers that require authentication. This information is the same information you must provide in your mail reader in order for it to send email through your ISP. To specify this information, you can add the following lines:
AuthUser=your username
AuthPass=your password AuthMethod=CRAM-MD5 With this configuration every time the system sends mail using /bin/mail sendmail gets called which is actually sSMTP. sSMTP uses the authentication provided in the configuration file to log into the ISP's SMTP server and deliver the outgoing email. (archive09.linux.com/feature/132006)

archive09.linux.com/feature/132006. n.d. 3 August 2012.
Lucas, Michael. Absolute FreeBSD: The Complete Guide to FreeBSD (2nd Edition). SanFrancisco, CA: No Starch Press, Incorporated, 2007.
Vixie, Paul A. and Frederick M. Aviolo. Sendmail: Theory and Practice. Digital Press, 2002. www.akadia.com/services/postfix_mta.html. n.d. 3 August 2012.

[TYPE THE COMPANY NAME]

Sendmail

IT 302 Virtual Library

Michael Gigliotti

8/8/2012

Virtual library assignment, covering sendmail and alternatives.

Sendmail is the program used by UNIX, and some of its offshoots like BSD, Linux, SunOS, ULTRIX to handle email. Sendmail was created by Eric Allman (Vixie and Aviolo) to solve the problem of address mapping between the email system and the network. Sendmail routes mail between a UA-mail user agent, a program used to read and send email, and an MTA-message transfer agent, program used to move mail between hosts using a particular network language/protocol. A design goal of sendmail is to accommodate the addition of new UAs and MTAs with only minor configuration changes. (Vixie and Aviolo) Sendmail supports distribution lists in the form of aliases for people or sets of people, the use of individual user .forward files to allow the forwarding of incoming e-mail to programs or other mailboxes. Sendmail also facilitates the rewriting of e-mail addresses to allow for a gateway to deliver mail between different kinds of mail networks and provide a mechanism for bridging between different systems. Sendmail provides for message queuing when a retry able error is encountered, plus automatic routing and returning the e-mail to the sender when an unrecoverable error is encountered. (Vixie and Aviolo) The software used by sendmail to locate domains on the DNS server is the resolver. The resolver is built into C libraries as a directly callable function and as stubs hidden behind the gethostbyname and gethostbyaddr functions. (Vixie and Aviolo) Most of the options of the resolver are turned on by default. One option is DNSRCH, this option tells the resolver to try partial name matches by adding the local domain to the requested domain. When sendmail tries to deliver mail to a domain it first searches for the mail exchanger domain resource records for the domain name. If there are not any mail exchanger domain resource records sendmail searches for address domain resource records. If sendmail finds an address resource records, it responds as if there is a single mail exchange domain resource record for the domain, pointing at the domain at priority zero proceeding as if the mail exchange domain resource record had been found in the DNS. (Vixie and Aviolo) When sendmail has mail exchanger resource records for a domain it sorts them by priority from low to high. Then it scans the list for its own name. If it finds a mail exchange host matching its own name it removes the mail exchange domain resource records and all other records with an equal or lower(equal or higher number) mail exchange priority. This is how sendmail does not see itself on a mail exchange domain resource record and route mail through the mail exchange resource records. (Vixie and Aviolo) Once sendmail has a sorted mail exchange domain resource record list, sendmail delivers the mail using the highest priority (lowest numbered) mail exchange domain resource record first, then continuing down the list. Sendmail will load balance if several mail exchange resource records have the same priority by reordering at random. Sendmail is meant to be configurable because no one configuration can work for every possible host, site or network. Issues when planning a sendmail configuration include network connectivity, mail protocols, error handling, and administration. (Vixie and Aviolo) When designing a sendmail configuration take into account the overall design of a company’s email system. There are five main types of mail configurations. (Vixie and Aviolo) In the mail hub, a host is a relay between gateway hosts and other mail hubs. Mail hubs are concentration points in the flow of email distributed geographically based upon network population. Hubs gather mail from client hosts and forward it to other hubs closer to the destination or mail gateway. In the mail gateway, a host or a process is between one environment and at least one other environment. This host or process relays the mail as its primary job. Today all internet email passes through email gateways. (Vixie and Aviolo) Email gateways provide many services. An email gateway serves as a connector through the internet firewall. Mail gateways act as mail exchangers for their own or other domains. A virtual domain is a domain not actually mapping to IP host or network addresses. Gateways can handle mail for existing domains and virtual domains. A mail gateway can be used for header translation. If a private network is isolated from the internet the mail gateway is the mail exchange service for the hosts in its domain. In a simple client configuration, a client handles local mail. All other mail is sent without processing to a mail hub. Incoming mail is received by a hub offering mail to the simple client using NFS of POP. In smart client, an end host must be able to speak at least one network protocol, at least one mail protocol, and be connected to at least one physical network. A smart client may deliver some mail directly by itself, the rest is sent to a hub. A smart client can handle mail to a subset of the email network. It will send mail directly to all mailboxes within its domain and use a hub for mail outside of its domain and external mail. In a mail cluster a group of mail hosts share a common user name space and a common aliases database. Mail sent to a user on any of the hosts in the cluster will get to the proper mailbox. In a mail cluster a provision can be made for nonglobal mail addresses. Most groups of hosts today are aggregated into mail clusters. Before sitting down to write or modify a sendmail.cf file, we have to ask ourselves some questions and gather some data. This includes our parent domain name for the sendmail configuration. This is usually everything following the first dot (.) in our own fully qualified host name. The parent domain name will usually be the same for most of our hosts, or at least most hosts of a given mail hub. If this host is known by any other name, or if this host should treat any other host names as local, these names are our pseudonyms. These are taken into account as we configure sendmail. We might have pseudonyms because of the consolidation of hosts and need old addresses to continue to work, or a mail hub needs to accept mail addressed to its generic domain name or names. (Vixie and Aviolo) The sendmail configuration file is sendmail.cf, it tells sendmail how to parse mail addresses, rewrite mail addresses, what MTAs sendmail should know about, how to route mail, and to set options and other values. The directory /etc/mail contains all the sendmail configuration files. There are four files on the server to be of concern. /etc/mail/access set per host and per domain access controls for the mail server. /etc/mail/aliases contains a map of email redirections for the local host. /etc/mail/mailertable allows the override of MX records for the mail server. /etc/mail/relay-domains lists domain names and addresses the server will relay email for. (Lucas) A line type is determined by the first character. Blank lines are ignored and are used for readability. Lines beginning with a tab are continuations from the preceding line. # is a comment line ignored by sendmail. C is class definitions. Classes are sets of tokens used for matching the left hand side/pattern side of a rule. (Vixie and Aviolo) Classes are used to test if part of an address matches one of a set of words or tokens. D is for macro definitions, variables when defined and used are treated like string constants in the form of DXvalue. Where X is a single character and value is a character string without blanks or tabs.

These are some of the macro definitions defined internally by Sendmail: a The Date: in Arpanet format (e.g., "Tue, 14 Jan 92 10:39:35 -0500"). b The current date in Arpanet format. c The hop count. Essentially the number of Received: headers. d The time in ctime format (e.g., "Tue Jan 14 10:39:35 1992"). f The sender (from) address. g The sender address relative to the recipient (a path). h The recipient host. i The queue identifier (usually built from the pid). p The Sendmail pid. r The protocol used. s The sender's host name. t The current time (e.g., "920114103935"). u The recipient user. v The version number of the compiled Sendmail. w The name of this host (might be fully qualified, or not).[a] x The full name of the sender (e.g., "Bullwinkle T. Moose"). y The name of the sender's tty port (e.g., 09 for /dev/tty09). z The home directory of the recipient. (Vixie and Aviolo) Rules are the executable lines of the configuration file. Rules start with R, have a left hand side (LHS), a right hand side (RHS) and comment lines. A line is separated by tabs, not spaces. A delimiter is a special character considered to be place indicators or operators. The @ and . in sales.cars@fuccillo.com are delimiters. Delimiters are set in sendmail.cf using the O OperatorChars= directive. (Vixie and Aviolo) A token is a word or string not used as a delimiter. In the above example, sales, cars, fuccillo and com are tokens. The $ is used to introduce special characters. Special symbols used on the LHS:
$* Zero or more tokens plus all delimiters between or around them.
$+ One or more tokens plus all delimiters between and or around them.
$- Exactly one token.
$=X Any word in class X.
$~X Any word not in class X. $X The exact string defined by macro X. The RHS has special symbols as well:
$: Apply this transformation exactly once, then go to the next rule
$@ After applying this transformation, exit from the ruleset
$n token number n matched on the LHS by a pattern variable
$>m Call ruleset m. This is like a function call
$[ Send everything before the next $] to the DNS resolver, and use result of that lookup as the transformation.
$] similar to $[
$: This introduces an "Else" if used between a $[ and $] This is an example of a configuration file: (Vixie and Aviolo)
# Thanks to Peter Churchyard, 0x8
# Imperial College, London. 0X12
# Pfirst-class=0
# Your local domain. Pspecial-delivery=100
DDdco.frobozz.com Pjunk=-100 Troot daemon uucp
# Your full hostname H?F?From: $q
Dj$w H?D?Date: $a
#Dj$w.$D H?M?Message-Id:
DRrelayhost.dco.frobozz.com HSubject:
DVsimple
Dnmailer-daemon S0
DlFrom $g $d remote from $U R$*@$j $#local$:$l optional
Do@.% R$*@$w $#local$:$1 optional
Dq$?x$x $|$g$. R$- $#local$:$1 optional
De$j Sendmail $v/$V ready at $b R$* $#remote$@$R$:$1
Odbackground S1
Om S2
OF0644 S3
Og1 R$*$* $2
OH/etc/sendmail.hf S4
OL6 Mremote, P=[IPC], F=nsmFDMuXC, \
Oo S=10, R=10, A=IPC $h
OQ/var/spool/mqueue Mlocal, P=/bin/mail, F=lsDFrmn, \
Or1h S=10, R=10, A=mail -r $f -d $u
OS/etc/sendmail.st Mprog, P=/bin/echo, F=lsDFMmn, \
OT3d S=10, R=10, A=mail $u
Ou1 S10 To operate properly Sendmail has to run in privileged mode as root user. In listener mode sendmail must binds to port 25. To do that it must run as root. When sendmail is about to invoke an MUA for final local delivery it changes its effective user id to be the recipient, and then writes the e-mail message into the user-owned file or directory. Sendmail can run as a less-privileged user. This option is provided for systems where there will be no local delivery like email gateways such as firewalls. As soon as sendmail binds to the SMTP port, the running sendmail process changes its effective user id to the less privileged user specified. The running sendmail daemon and all created processes run as the RunAsUser. (Vixie and Aviolo) There have been buffer-overflow attacks using long MIME headers against e-mail clients. They have not been against Sendmail. While people should patch their e-mail clients, sendmail allows the installer to put a limit on the size of MIME headers passing through the e-mail gateway to help lower the risk. Setting MaxMimeHeaderLength to the suggested 512 not very large, yet this is big for a MIME header. Sendmail provides a feature allowing email to be sent or redirected to a program for delivery automating the email process. Users or email administrators can send email messages through the procmail program to automate tasks like message filing and forwarding to the vacation program to selectively return an "I am away from my e-mail" message. Hackers have exploited filters like this in sendmail to their advantage. Restrictions placed on the execution of programs used as email filters will protect this vulnerability. Setting this option instructs sendmail to use the Sendmail Restricted Shell, smrsh, instead of the default command interpreter usually the UNIX command line interpreter /bin/sh. smrsh only executes programs in a configuration specified directory, /usr/adm/sm.bin/ is an example. If a user attempts to use a program not in a configuration specified directory as an email filter, sendmail returns an error message and does not complete the delivery. (Vixie and Aviolo) Sendmail defines a set of Privacy Flags. The option to set in the configuration file is PrivacyOptions. Some of the privacy flags control the use of the SMTP commands EXPN and VRFY. These commands are useful for debugging. VRFY verifies an address is valid. Issue the VRFY command:
VRFY name
Where name is hostname you want to verify. EXPN expands addresses into the list of mailboxes sendmail will attempt delivery to. If you want to see the individual email addresses hostname expands to, issue the following command:
EXPN hostname
Where hostname is the host you want information about. Sendmail allows you to disable these services for the sake of concealing private information from intruders. It is best to set these flags to disallow these functions. Select the authwarnings flag. Anytime the email exchange misfires, the IP address doesn't match the domain name, the name in the SMTP HELO command doesn't match the IP address, the discrepancy is noted in the addition of an X-Authentication-Warning: header line. Require a HELO command before allowing EXPN, VRFY or a MAIL command. The option flags to set would be needexpnhelo, needvrfyhelo, and needmailhelo. This will allow the mail to go through and log the activity. (Vixie and Aviolo) The dovecot IMAP server provides IMAP and POP3 services. Dovecot is located in /usr/ports/mail/dovecot. Dovecot can interoperate with LDAP servers, databases, authentication systems, and supports many configuration options. (Lucas) Dovecot installs documentation in /usr/local/share/doc/dovecot and example configuration files in /usr/local/etc. Copy the sample configuration file /usr/local/etc/dovecot-example.conf to /usr/local/etc/dovecot.conf and open in a text editor. By default dovecot does not encrypt IMAP and POP3 services. Change protocols entry by adding s to the end of the line for both services. Define where dovecot keeps its SSL certificates using ssl_cert_file and ssl_key_file variables. Default paths are provided. The directory /usr/local/share/dovecot contains the shell script and configuration file to create a dovecot SSL certificate. Find and change or enter the following, C=US, ST=NewYork, L=Schenectady, O is the organization, OU is organizational unit, common name is the reverse DNS name of the server clients get there mail from, emailAddress is the address of the person responsible for the server. Now run the mkcert.sh script:
# /usr/local/share/dovecot/mkcert.sh
Enable dovecot in /etc/rc.conf/ with dovecot_enable=”YES”
Then run /usr/local/etc/rc.d/dovecot start
/var/log/maillog will show dovecot starting and initializing SSL
THAT’S ALL FOLKS!!!!

Sendmail is implemented as a large program doing everything. One large program makes it easy to share mail, and easy to make a major error. Postfix is based on semi resident, mutually cooperating processes performing specific tasks without a preordained parent/child relationship. (www.akadia.com/services/postfix_mta.html) Postfix is implemented as a resident master server running the postfix daemon processes on demand. Postfix has four different queues. The maildrop queus is where localy posted mail is deposited and copied to the incoming queue after being cleaned up. The incoming queue is for still arriving mail or mail the queue manager is yet to look at. The active queue is a limited size queue for mail the queue manager has opened for delivery. The deferred queue is for mail unable to be delivered so it does not get in the way of deliverable mail. The queue manager, qmgr, keeps information in memory about the active queue. The active queue size is limited on purpose. The queue manager should never run out of working memory because of a peak message workload. (www.akadia.com/services/postfix_mta.html) Whenever there is space in the active queue, the queue manager lets in one message from the incoming queue and one from the deferred queue. This ensures new mail go through even when there is a large backlog. Instead of finding a complicated replacement for mail, you can replace the complicated sendmail with the simple alternative sSMTP. sSMTP simplifies the configuring of the SMTP options with a small configuration file allowing the specification of items like the name of the remote SMTP server, authorization and the domain for your outbound email similar to the configuration process of the mail reader. Installation of sSMTP can be done through the distribution package manager or can be built and installed from the source. To do a source installation, unpack the source, change into the source directory, and run the command ./configure --prefix=/usr/local/ssmtp --enable-ssl --enable-md5auth. Enabling SSL and MD5Auth allows you to communicate with an ISP requiring SMTP login. You can also enable IPv6 support if you need it. After configuration is completed, build and install the package using the normal make and sudo make install commands. When running the install command, the install will prompt for a few items. Follow the displayed instructions. Once installation completes find a directory called /usr/local/ssmtp with the sSMTP binary under the sbin subdirectory and the configuration file under the etc/ssmtp subdirectory. Now sendmail can be stopped and replaced with sSMTP. To stop Sendmail under Linux distributions using the System V init scripts: (archive09.linux.com/feature/132006) sudo service sendmail stop sudo chkconfig --levels 2345 sendmail off The first command stops the currently running instance of sendmail and the second prevents it from starting again on reboots. If using a version of Linux not using the SysVInit package, kill the sendmail process manually with the command sudo killall sendmail. To replace sendmail, copy it to another file then create a symbolic link from sSMTP to sendmail: (archive09.linux.com/feature/132006) sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.orig sudo ln -s /usr/local/ssmtp/sbin/ssmtp /usr/sbin/sendmail The first command moves the original sendmail out of the way, the second makes sSMTP the running program when a system command calls sendmail. This way is done because if problems occur using sSMTP, remove the symbolic link and move the sendmail copy back to its original name. The configuration file for sSMTP is based upon the --prefix option used with the configuration command building from the source code located in the /usr/local/ssmtp/etc/ssmtp/ssmtp.conf file. This file has only four common options plus some hidden options for authentication. (archive09.linux.com/feature/132006) After a sample build sSMTP created the following configuration file: # /etc/ssmtp.conf -- a config file for sSMTP sendmail. # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=postmaster # The place where the mail goes. The actual machine name is required # no MX records are consulted. Commonly mailhosts are named mail.domain.com # The example will fit if you are in domain.com and you mailhub is so named. mailhub=mail # Where will the mail seem to come from? #rewriteDomain=graphics-muse.org # The full hostname hostname=kepler.graphics-muse.org Change the root= value to an email address that will receive all system-generated email, such as output from cron jobs that encounter errors or log file analysis. I changed this line to my personal email address. mailhub= defines the SMTP server to which email should be sent. Set this line to the host you specify in your mail reader for the SMTP server. hostname= is the name of the mail host that you'd like recipients of your email to see it. Since I want responses to my email to be sent to back to my ISP domain so I can use my mail reader to retrieve it, I set this line to the ISP domain. This is the domain part of all outbound messages; all users on your system will appear to be coming from this domain.
You can use rewriteDomain= to spoof who you say you are. Since I'm already spoofing the server address with the hostname line, I leave this line commented out.
The initial configuration does not include information on how to log in to SMTP servers that require authentication. This information is the same information you must provide in your mail reader in order for it to send email through your ISP. To specify this information, you can add the following lines:
AuthUser=your username
AuthPass=your password AuthMethod=CRAM-MD5 With this configuration every time the system sends mail using /bin/mail sendmail gets called which is actually sSMTP. sSMTP uses the authentication provided in the configuration file to log into the ISP's SMTP server and deliver the outgoing email. (archive09.linux.com/feature/132006)

archive09.linux.com/feature/132006. n.d. 3 August 2012.
Lucas, Michael. Absolute FreeBSD: The Complete Guide to FreeBSD (2nd Edition). SanFrancisco, CA: No Starch Press, Incorporated, 2007.
Vixie, Paul A. and Frederick M. Aviolo. Sendmail: Theory and Practice. Digital Press, 2002. www.akadia.com/services/postfix_mta.html. n.d. 3 August 2012.

[TYPE THE COMPANY NAME]

Sendmail

IT 302 Virtual Library

Michael Gigliotti

8/8/2012

Virtual library assignment, covering sendmail and alternatives.

Sendmail is the program used by UNIX, and some of its offshoots like BSD, Linux, SunOS, ULTRIX to handle email. Sendmail was created by Eric Allman (Vixie and Aviolo) to solve the problem of address mapping between the email system and the network. Sendmail routes mail between a UA-mail user agent, a program used to read and send email, and an MTA-message transfer agent, program used to move mail between hosts using a particular network language/protocol. A design goal of sendmail is to accommodate the addition of new UAs and MTAs with only minor configuration changes. (Vixie and Aviolo) Sendmail supports distribution lists in the form of aliases for people or sets of people, the use of individual user .forward files to allow the forwarding of incoming e-mail to programs or other mailboxes. Sendmail also facilitates the rewriting of e-mail addresses to allow for a gateway to deliver mail between different kinds of mail networks and provide a mechanism for bridging between different systems. Sendmail provides for message queuing when a retry able error is encountered, plus automatic routing and returning the e-mail to the sender when an unrecoverable error is encountered. (Vixie and Aviolo) The software used by sendmail to locate domains on the DNS server is the resolver. The resolver is built into C libraries as a directly callable function and as stubs hidden behind the gethostbyname and gethostbyaddr functions. (Vixie and Aviolo) Most of the options of the resolver are turned on by default. One option is DNSRCH, this option tells the resolver to try partial name matches by adding the local domain to the requested domain. When sendmail tries to deliver mail to a domain it first searches for the mail exchanger domain resource records for the domain name. If there are not any mail exchanger domain resource records sendmail searches for address domain resource records. If sendmail finds an address resource records, it responds as if there is a single mail exchange domain resource record for the domain, pointing at the domain at priority zero proceeding as if the mail exchange domain resource record had been found in the DNS. (Vixie and Aviolo) When sendmail has mail exchanger resource records for a domain it sorts them by priority from low to high. Then it scans the list for its own name. If it finds a mail exchange host matching its own name it removes the mail exchange domain resource records and all other records with an equal or lower(equal or higher number) mail exchange priority. This is how sendmail does not see itself on a mail exchange domain resource record and route mail through the mail exchange resource records. (Vixie and Aviolo) Once sendmail has a sorted mail exchange domain resource record list, sendmail delivers the mail using the highest priority (lowest numbered) mail exchange domain resource record first, then continuing down the list. Sendmail will load balance if several mail exchange resource records have the same priority by reordering at random. Sendmail is meant to be configurable because no one configuration can work for every possible host, site or network. Issues when planning a sendmail configuration include network connectivity, mail protocols, error handling, and administration. (Vixie and Aviolo) When designing a sendmail configuration take into account the overall design of a company’s email system. There are five main types of mail configurations. (Vixie and Aviolo) In the mail hub, a host is a relay between gateway hosts and other mail hubs. Mail hubs are concentration points in the flow of email distributed geographically based upon network population. Hubs gather mail from client hosts and forward it to other hubs closer to the destination or mail gateway. In the mail gateway, a host or a process is between one environment and at least one other environment. This host or process relays the mail as its primary job. Today all internet email passes through email gateways. (Vixie and Aviolo) Email gateways provide many services. An email gateway serves as a connector through the internet firewall. Mail gateways act as mail exchangers for their own or other domains. A virtual domain is a domain not actually mapping to IP host or network addresses. Gateways can handle mail for existing domains and virtual domains. A mail gateway can be used for header translation. If a private network is isolated from the internet the mail gateway is the mail exchange service for the hosts in its domain. In a simple client configuration, a client handles local mail. All other mail is sent without processing to a mail hub. Incoming mail is received by a hub offering mail to the simple client using NFS of POP. In smart client, an end host must be able to speak at least one network protocol, at least one mail protocol, and be connected to at least one physical network. A smart client may deliver some mail directly by itself, the rest is sent to a hub. A smart client can handle mail to a subset of the email network. It will send mail directly to all mailboxes within its domain and use a hub for mail outside of its domain and external mail. In a mail cluster a group of mail hosts share a common user name space and a common aliases database. Mail sent to a user on any of the hosts in the cluster will get to the proper mailbox. In a mail cluster a provision can be made for nonglobal mail addresses. Most groups of hosts today are aggregated into mail clusters. Before sitting down to write or modify a sendmail.cf file, we have to ask ourselves some questions and gather some data. This includes our parent domain name for the sendmail configuration. This is usually everything following the first dot (.) in our own fully qualified host name. The parent domain name will usually be the same for most of our hosts, or at least most hosts of a given mail hub. If this host is known by any other name, or if this host should treat any other host names as local, these names are our pseudonyms. These are taken into account as we configure sendmail. We might have pseudonyms because of the consolidation of hosts and need old addresses to continue to work, or a mail hub needs to accept mail addressed to its generic domain name or names. (Vixie and Aviolo) The sendmail configuration file is sendmail.cf, it tells sendmail how to parse mail addresses, rewrite mail addresses, what MTAs sendmail should know about, how to route mail, and to set options and other values. The directory /etc/mail contains all the sendmail configuration files. There are four files on the server to be of concern. /etc/mail/access set per host and per domain access controls for the mail server. /etc/mail/aliases contains a map of email redirections for the local host. /etc/mail/mailertable allows the override of MX records for the mail server. /etc/mail/relay-domains lists domain names and addresses the server will relay email for. (Lucas) A line type is determined by the first character. Blank lines are ignored and are used for readability. Lines beginning with a tab are continuations from the preceding line. # is a comment line ignored by sendmail. C is class definitions. Classes are sets of tokens used for matching the left hand side/pattern side of a rule. (Vixie and Aviolo) Classes are used to test if part of an address matches one of a set of words or tokens. D is for macro definitions, variables when defined and used are treated like string constants in the form of DXvalue. Where X is a single character and value is a character string without blanks or tabs.

These are some of the macro definitions defined internally by Sendmail: a The Date: in Arpanet format (e.g., "Tue, 14 Jan 92 10:39:35 -0500"). b The current date in Arpanet format. c The hop count. Essentially the number of Received: headers. d The time in ctime format (e.g., "Tue Jan 14 10:39:35 1992"). f The sender (from) address. g The sender address relative to the recipient (a path). h The recipient host. i The queue identifier (usually built from the pid). p The Sendmail pid. r The protocol used. s The sender's host name. t The current time (e.g., "920114103935"). u The recipient user. v The version number of the compiled Sendmail. w The name of this host (might be fully qualified, or not).[a] x The full name of the sender (e.g., "Bullwinkle T. Moose"). y The name of the sender's tty port (e.g., 09 for /dev/tty09). z The home directory of the recipient. (Vixie and Aviolo) Rules are the executable lines of the configuration file. Rules start with R, have a left hand side (LHS), a right hand side (RHS) and comment lines. A line is separated by tabs, not spaces. A delimiter is a special character considered to be place indicators or operators. The @ and . in sales.cars@fuccillo.com are delimiters. Delimiters are set in sendmail.cf using the O OperatorChars= directive. (Vixie and Aviolo) A token is a word or string not used as a delimiter. In the above example, sales, cars, fuccillo and com are tokens. The $ is used to introduce special characters. Special symbols used on the LHS:
$* Zero or more tokens plus all delimiters between or around them.
$+ One or more tokens plus all delimiters between and or around them.
$- Exactly one token.
$=X Any word in class X.
$~X Any word not in class X. $X The exact string defined by macro X. The RHS has special symbols as well:
$: Apply this transformation exactly once, then go to the next rule
$@ After applying this transformation, exit from the ruleset
$n token number n matched on the LHS by a pattern variable
$>m Call ruleset m. This is like a function call
$[ Send everything before the next $] to the DNS resolver, and use result of that lookup as the transformation.
$] similar to $[
$: This introduces an "Else" if used between a $[ and $] This is an example of a configuration file: (Vixie and Aviolo)
# Thanks to Peter Churchyard, 0x8
# Imperial College, London. 0X12
# Pfirst-class=0
# Your local domain. Pspecial-delivery=100
DDdco.frobozz.com Pjunk=-100 Troot daemon uucp
# Your full hostname H?F?From: $q
Dj$w H?D?Date: $a
#Dj$w.$D H?M?Message-Id:
DRrelayhost.dco.frobozz.com HSubject:
DVsimple
Dnmailer-daemon S0
DlFrom $g $d remote from $U R$*@$j $#local$:$l optional
Do@.% R$*@$w $#local$:$1 optional
Dq$?x$x $|$g$. R$- $#local$:$1 optional
De$j Sendmail $v/$V ready at $b R$* $#remote$@$R$:$1
Odbackground S1
Om S2
OF0644 S3
Og1 R$*$* $2
OH/etc/sendmail.hf S4
OL6 Mremote, P=[IPC], F=nsmFDMuXC, \
Oo S=10, R=10, A=IPC $h
OQ/var/spool/mqueue Mlocal, P=/bin/mail, F=lsDFrmn, \
Or1h S=10, R=10, A=mail -r $f -d $u
OS/etc/sendmail.st Mprog, P=/bin/echo, F=lsDFMmn, \
OT3d S=10, R=10, A=mail $u
Ou1 S10 To operate properly Sendmail has to run in privileged mode as root user. In listener mode sendmail must binds to port 25. To do that it must run as root. When sendmail is about to invoke an MUA for final local delivery it changes its effective user id to be the recipient, and then writes the e-mail message into the user-owned file or directory. Sendmail can run as a less-privileged user. This option is provided for systems where there will be no local delivery like email gateways such as firewalls. As soon as sendmail binds to the SMTP port, the running sendmail process changes its effective user id to the less privileged user specified. The running sendmail daemon and all created processes run as the RunAsUser. (Vixie and Aviolo) There have been buffer-overflow attacks using long MIME headers against e-mail clients. They have not been against Sendmail. While people should patch their e-mail clients, sendmail allows the installer to put a limit on the size of MIME headers passing through the e-mail gateway to help lower the risk. Setting MaxMimeHeaderLength to the suggested 512 not very large, yet this is big for a MIME header. Sendmail provides a feature allowing email to be sent or redirected to a program for delivery automating the email process. Users or email administrators can send email messages through the procmail program to automate tasks like message filing and forwarding to the vacation program to selectively return an "I am away from my e-mail" message. Hackers have exploited filters like this in sendmail to their advantage. Restrictions placed on the execution of programs used as email filters will protect this vulnerability. Setting this option instructs sendmail to use the Sendmail Restricted Shell, smrsh, instead of the default command interpreter usually the UNIX command line interpreter /bin/sh. smrsh only executes programs in a configuration specified directory, /usr/adm/sm.bin/ is an example. If a user attempts to use a program not in a configuration specified directory as an email filter, sendmail returns an error message and does not complete the delivery. (Vixie and Aviolo) Sendmail defines a set of Privacy Flags. The option to set in the configuration file is PrivacyOptions. Some of the privacy flags control the use of the SMTP commands EXPN and VRFY. These commands are useful for debugging. VRFY verifies an address is valid. Issue the VRFY command:
VRFY name
Where name is hostname you want to verify. EXPN expands addresses into the list of mailboxes sendmail will attempt delivery to. If you want to see the individual email addresses hostname expands to, issue the following command:
EXPN hostname
Where hostname is the host you want information about. Sendmail allows you to disable these services for the sake of concealing private information from intruders. It is best to set these flags to disallow these functions. Select the authwarnings flag. Anytime the email exchange misfires, the IP address doesn't match the domain name, the name in the SMTP HELO command doesn't match the IP address, the discrepancy is noted in the addition of an X-Authentication-Warning: header line. Require a HELO command before allowing EXPN, VRFY or a MAIL command. The option flags to set would be needexpnhelo, needvrfyhelo, and needmailhelo. This will allow the mail to go through and log the activity. (Vixie and Aviolo) The dovecot IMAP server provides IMAP and POP3 services. Dovecot is located in /usr/ports/mail/dovecot. Dovecot can interoperate with LDAP servers, databases, authentication systems, and supports many configuration options. (Lucas) Dovecot installs documentation in /usr/local/share/doc/dovecot and example configuration files in /usr/local/etc. Copy the sample configuration file /usr/local/etc/dovecot-example.conf to /usr/local/etc/dovecot.conf and open in a text editor. By default dovecot does not encrypt IMAP and POP3 services. Change protocols entry by adding s to the end of the line for both services. Define where dovecot keeps its SSL certificates using ssl_cert_file and ssl_key_file variables. Default paths are provided. The directory /usr/local/share/dovecot contains the shell script and configuration file to create a dovecot SSL certificate. Find and change or enter the following, C=US, ST=NewYork, L=Schenectady, O is the organization, OU is organizational unit, common name is the reverse DNS name of the server clients get there mail from, emailAddress is the address of the person responsible for the server. Now run the mkcert.sh script:
# /usr/local/share/dovecot/mkcert.sh
Enable dovecot in /etc/rc.conf/ with dovecot_enable=”YES”
Then run /usr/local/etc/rc.d/dovecot start
/var/log/maillog will show dovecot starting and initializing SSL
THAT’S ALL FOLKS!!!!

Sendmail is implemented as a large program doing everything. One large program makes it easy to share mail, and easy to make a major error. Postfix is based on semi resident, mutually cooperating processes performing specific tasks without a preordained parent/child relationship. (www.akadia.com/services/postfix_mta.html) Postfix is implemented as a resident master server running the postfix daemon processes on demand. Postfix has four different queues. The maildrop queus is where localy posted mail is deposited and copied to the incoming queue after being cleaned up. The incoming queue is for still arriving mail or mail the queue manager is yet to look at. The active queue is a limited size queue for mail the queue manager has opened for delivery. The deferred queue is for mail unable to be delivered so it does not get in the way of deliverable mail. The queue manager, qmgr, keeps information in memory about the active queue. The active queue size is limited on purpose. The queue manager should never run out of working memory because of a peak message workload. (www.akadia.com/services/postfix_mta.html) Whenever there is space in the active queue, the queue manager lets in one message from the incoming queue and one from the deferred queue. This ensures new mail go through even when there is a large backlog. Instead of finding a complicated replacement for mail, you can replace the complicated sendmail with the simple alternative sSMTP. sSMTP simplifies the configuring of the SMTP options with a small configuration file allowing the specification of items like the name of the remote SMTP server, authorization and the domain for your outbound email similar to the configuration process of the mail reader. Installation of sSMTP can be done through the distribution package manager or can be built and installed from the source. To do a source installation, unpack the source, change into the source directory, and run the command ./configure --prefix=/usr/local/ssmtp --enable-ssl --enable-md5auth. Enabling SSL and MD5Auth allows you to communicate with an ISP requiring SMTP login. You can also enable IPv6 support if you need it. After configuration is completed, build and install the package using the normal make and sudo make install commands. When running the install command, the install will prompt for a few items. Follow the displayed instructions. Once installation completes find a directory called /usr/local/ssmtp with the sSMTP binary under the sbin subdirectory and the configuration file under the etc/ssmtp subdirectory. Now sendmail can be stopped and replaced with sSMTP. To stop Sendmail under Linux distributions using the System V init scripts: (archive09.linux.com/feature/132006) sudo service sendmail stop sudo chkconfig --levels 2345 sendmail off The first command stops the currently running instance of sendmail and the second prevents it from starting again on reboots. If using a version of Linux not using the SysVInit package, kill the sendmail process manually with the command sudo killall sendmail. To replace sendmail, copy it to another file then create a symbolic link from sSMTP to sendmail: (archive09.linux.com/feature/132006) sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.orig sudo ln -s /usr/local/ssmtp/sbin/ssmtp /usr/sbin/sendmail The first command moves the original sendmail out of the way, the second makes sSMTP the running program when a system command calls sendmail. This way is done because if problems occur using sSMTP, remove the symbolic link and move the sendmail copy back to its original name. The configuration file for sSMTP is based upon the --prefix option used with the configuration command building from the source code located in the /usr/local/ssmtp/etc/ssmtp/ssmtp.conf file. This file has only four common options plus some hidden options for authentication. (archive09.linux.com/feature/132006) After a sample build sSMTP created the following configuration file: # /etc/ssmtp.conf -- a config file for sSMTP sendmail. # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=postmaster # The place where the mail goes. The actual machine name is required # no MX records are consulted. Commonly mailhosts are named mail.domain.com # The example will fit if you are in domain.com and you mailhub is so named. mailhub=mail # Where will the mail seem to come from? #rewriteDomain=graphics-muse.org # The full hostname hostname=kepler.graphics-muse.org Change the root= value to an email address that will receive all system-generated email, such as output from cron jobs that encounter errors or log file analysis. I changed this line to my personal email address. mailhub= defines the SMTP server to which email should be sent. Set this line to the host you specify in your mail reader for the SMTP server. hostname= is the name of the mail host that you'd like recipients of your email to see it. Since I want responses to my email to be sent to back to my ISP domain so I can use my mail reader to retrieve it, I set this line to the ISP domain. This is the domain part of all outbound messages; all users on your system will appear to be coming from this domain.
You can use rewriteDomain= to spoof who you say you are. Since I'm already spoofing the server address with the hostname line, I leave this line commented out.
The initial configuration does not include information on how to log in to SMTP servers that require authentication. This information is the same information you must provide in your mail reader in order for it to send email through your ISP. To specify this information, you can add the following lines:
AuthUser=your username
AuthPass=your password AuthMethod=CRAM-MD5 With this configuration every time the system sends mail using /bin/mail sendmail gets called which is actually sSMTP. sSMTP uses the authentication provided in the configuration file to log into the ISP's SMTP server and deliver the outgoing email. (archive09.linux.com/feature/132006)

archive09.linux.com/feature/132006. n.d. 3 August 2012.
Lucas, Michael. Absolute FreeBSD: The Complete Guide to FreeBSD (2nd Edition). SanFrancisco, CA: No Starch Press, Incorporated, 2007.
Vixie, Paul A. and Frederick M. Aviolo. Sendmail: Theory and Practice. Digital Press, 2002. www.akadia.com/services/postfix_mta.html. n.d. 3 August 2012.

Linux Admin Sendmail.Docx

Similar Documents

Popular Essays