Библиотека сайта rus-linux.net
| Purchase | Copyright © 2002 Paul Sheer. Click here for copying permissions. | Home |
|
| |
Next: 31. lilo, initrd, and Up: rute Previous: 29. Services Running Under Contents
Subsections
- 30.1 Introduction
- 30.2
eximPackage Contents - 30.3
eximConfiguration File - 30.4 Full-blown Mail server
- 30.5 Shell Commands for
eximAdministration - 30.6 The Queue
- 30.7
/etc/aliasesfor Equivalent Addresses - 30.8 Real-Time Blocking List -- Combating Spam
- 30.9 Sendmail
30.
exim and
sendmail
This chapter effectively explains how to get LINUX up and running as a mail server. I have also included discussion on the process of mail delivery right through to retrieval of mail using POP and IMAP.
30.1 Introduction
exim and
sendmail are MTAs (mail
transfer agents). An MTA is just a daemon process that listens on
port 25 for incoming mail connections, spools [See page
![[*]](crossref.png)
about spooling in general.] that mail in a
queue (for
exim, the
/var/spool/exim/input/ directory,
for
sendmail, the
/var/spool/mqueue/
directory),
then resends that mail to some other MTA or
delivers it locally to some user's mailbox. In other
words, the MTA is the very package that handles all mail spooling,
routing, and delivery.
We saw in Section 10.2 how to
manually connect to an MTA with
telnet.
In that example,
sendmail
version 8.9.3 was the MTA running on machine
mail.cranzgot.co.za.
sendmail is the original and popular UNIX MTA. It is probably
necessary to learn how to configure it because so many organizations
standardize on it. However, because
exim is so easy to configure, it is
worthwhile replacing
sendmail wherever you see it--there
are at least three MTAs that are preferable to
sendmail.
I explain the minimum of what you need to know about
sendmail later on and explain
exim in detail.
30.1.1 How mail works
Before we get into MTA configuration, a background in mail delivery and
indexii
MX recordDNSMX record
handling is necessary. The sequence of events whereby a mail message (sent
by a typical interactive mail client) ends up on a
distant user's personal workstation is as follows:
- A user configures his mail client (Outlook Express, Netscape, etc.) to use a particular SMTP host (for outgoing mail, also called the SMTP gateway) and POP host (or IMAP host) for incoming mail.
- The user composes a message to, say,
rrabbit@toonland.netand then clicks on ``Send.'' - The mail client initiates an outgoing TCP
connection to port 25 of the SMTP host.
An MTA running on the SMTP host and listening on port 25 services the request.
The mail client uses the SMTP protocol exactly as in Section 10.2.
It fills in
rrabbit@toonland.netas the recipient address and transfers a properly composed header (hopefully) and message body to the MTA. The mail client then terminates the connection and reports any errors. - The MTA queues the message as a spool file, periodically considering whether to process the message further according to a retry schedule.
- Should the retry schedule permit, the MTA considers the
recipient address
rrabbit@toonland.net. It strips out the domain part of the email address--that is, everything after the@. It then performs a DNS MX query (or MX lookupindexiiMXrecordDNS) for the domaintoonland.net. DNS resolution fortoonland.netfollows the procedure listed in Section 27.2.2. In short, this means (approximately) that it looks for the name server that is authoritative for the domaintoonland.net. It queries that name server for the MX record of the domaintoonland.net. The name server returns a host name, say,mail.toonland.netwith corresponding IP address, say,197.21.135.82. [Section 27.7.1 shows you how you can manually lookup the MX record. Chapter 40 shows you how to set up your name server to return such an MX record.] - The MTA makes an SMTP connection to port 25 of
197.21.135.82. Another MTA running onmail.toonland.netservices the request. A recipient address, message header, and message body are transferred using the SMTP protocol. The MTA then terminates the connection. - The MTA running on
mail.toonland.netconsiders the recipient addressrrabbit@toonland.net. It recognizestoonland.netas a domain for which it hosts mail (that is, a local domain). It recognizesrrabbitas a user name within its own/etc/passwdfile. - The MTA running on
mail.toonland.netappends the message to the user's personal mailbox file, say,/var/spool/mail/rrabbitor/home/rrabbit/Maildir/. The delivery is now complete. How the email gets from the mailbox onmail.toonland.netto Mr Rabbit's personal workstation is not the responsibility of the MTA and does not happen through SMTP. - Mr Rabbit would have configured his mail client (running on his personal
workstation) to use a POP/IMAP host
mail.toonland.netfor incoming mail.mail.toonland.netruns a POP or IMAP service on port 110 or 143, respectively. - Mr Rabbit's mail client makes a TCP connection to port 110 (or 143) and communicates using the POP or IMAP protocol. The POP or IMAP service is responsible for feeding the message to the mail client and deleting it from the mailbox file.
- Mr Rabbit's mail client stores the message on his workstation using its own methods and displays the message as a ``new'' message.
30.1.2 Configuring a POP/IMAP server
POP and IMAP are invoked by
inetd or
xinetd--see Chapter 29.
Except for limiting the range of clients that are allowed
to connect (for
security reasons), no configuration is required.
Client connections authenticate themselves using the
normal UNIX login name and password. There are
specialized POP and IMAP packages for supporting
different mailbox types (like Maildir).
30.1.3 Why
exim?
The
exim home page <http://www.exim.org/> gives
you a full rundown. Here I will just say that
exim is the
simplest MTA to configure. Moreover, its configuration file works the same
way you imagine mail to work. It's really easy to customize the
exim
configuration to do some really weird things. The whole package fits
together cleanly, logically, and intuitively. This is in contrast to
sendmail's
sendmail.cf
file, which is widely considered
to be extremely cryptic and impractical.
exim also seems to
have been written with proper security considerations, although
many people argue that
postfix and
qmail are the last word in
secure mail.
30.2
exim Package Contents
You can get
exim as a
.rpm or
.deb file. After
installation, the file
/usr/share/doc/exim-?
.??
/doc/spec.txt [or
/usr/doc/]contains the complete
exim documentation; there is also an HTML version
on the
exim web page, whereas the man page contains only command-line information.
exim is a drop-in replacement for
sendmail, meaning that for every critical
sendmail command, there is an
exim command of the same name
that takes the same options, so that needy scripts won't know the
difference. These are:
5 |
/etc/aliases/usr/bin/mailq/usr/bin/newaliases/usr/bin/rmail/usr/lib/sendmail/usr/sbin/sendmail |
Finally, there is the
exim binary itself,
/usr/sbin/exim, and configuration file
/etc/exim/config,
/etc/exim.conf, or
/etc/exim/exim.conf,
depending on your LINUX distribution.
Then there are the usual start/stop scripts,
/etc/init.d/exim. [or
/etc/rc.d/init.d/exim]
30.3
exim Configuration File
As a preliminary example, here we create a simple spooling mail server
for a personal workstation,
cericon.cranzgot.co.za.
Client applications (especially non-UNIX ones) are usually
configured to connect to an MTA running on a remote machine, however,
using a remote SMTP host can be irritating if the host or network
go down. Running
exim on the local workstation enables all
applications to use
localhost as their SMTP gateway:
that is,
exim takes care of queuing
and periodic retries.
Here is the configuration. The difference between this and a full-blown mail server is actually very slight.
5 10 15 20 25 30 35 40 45 50 |
#################### MAIN CONFIGURATION SETTINGS #####################log_subjecterrors_address = postmasterfreeze_tell_mailmaster = yesqueue_list_requires_admin = falseprod_requires_admin = falsetrusted_users = psheerlocal_domains = localhost : ${primary_hostname}never_users = root# relay_domains = my.equivalent.domains : more.equivalent.domainshost_accept_relay = localhost : *.cranzgot.co.za : 192.168.0.0/16exim_user = mailexim_group = mailend ###################### TRANSPORTS CONFIGURATION ######################remote_smtp: driver = smtp hosts = 192.168.2.1 hosts_overridelocal_delivery: driver = appendfile file = /var/spool/mail/${local_part} delivery_date_add envelope_to_add return_path_add group = mail mode_fail_narrower = mode = 0660end ###################### DIRECTORS CONFIGURATION #######################localuser: driver = localuser transport = local_deliveryend ###################### ROUTERS CONFIGURATION #########################lookuphost: driver = lookuphost transport = remote_smtpliteral: driver = ipliteral transport = remote_smtpend ###################### RETRY CONFIGURATION ###########################* * F,2h,15m; G,16h,1h,1.5; F,4d,8hend ###################### REWRITE CONFIGURATION #########################*@cericon.cranzgot.co.za psheer@cranzgot.co.za |
30.3.1 Global settings
The
exim config file is divided into six logical sections
separated by the
end keyword. The top or
MAIN section
contains global settings. The global settings have the following meanings:
log_subject- Tells
eximto log the subject in the mail log file. For example,T="I LOVE YOU"will be added to the log file. errors_address- The mail address where errors are to be sent. It doesn't
matter what you put here, because all mail will get rewritten to
psheer@cranzgot.co.za, as we see later. freeze_tell_mailmaster- Tells
errors_addressabout frozen messages. frozen messages are messages that could not be delivered for some reason (like a permissions problem, or a failed message whose return address is invalid) and are flagged to sit idly in the mail queue, and not be processed any further. Note that frozen messages sometimes mean that something is wrong with your system or mail configuration. local_domains- Each mail message received is processed in one of
two ways: by either a local or remote delivery. A local delivery is one to a
user on the local machine, and a remote delivery is one to somewhere else on
the Internet.
local_domainsdistinguishes between these two. For example, according to the config line above, a message destined topsheer@localhostorpsheer@cericon.cranzgot.co.zais local, whereas a message topsheer@elsewhere.co.zais remote. Note that the list is colon delimited. never_users- Never become this user. Just for security.
exim_user- Specifies the user that
eximshould run as. exim_group- Specifies the group that
eximshould run as.
It is important to understand the
host_accept_relay and
relay_domains options for security.
|
host_accept_relay- This option specifies machines that are allowed to use
cericon.cranzgot.co.zaas a relay. A relay is a host that sends mail on another machine's behalf: that is, we are acting as a relay when we process a mail message that neither originated from our machine nor is destined for a user on our machine.We never want to relay from an untrusted host. Why? Because it may, for example, allow someone to send 100,000 messages to 100,000 different addresses, each with us in the message header.
host_accept_relayspecifies a list of trusted hosts that are allowed to send such arbitrary messages through us. Note again that the list is colon delimited. In this example, we don't even need to put in addresses of other machines on our LAN, except if we are feeling friendly. relay_domainsrelay_domainsgives an additional condition for which an arbitrary host is allowed to use us as a relay. Consider that we are a backup mail server for a particular domain; mail to the domain does not originate from us nor is destined for us yet must be allowed only if the destination address matches the domains for which we are a backup. We put such domains underrelay_domains.
30.3.2 Transports
The transport section comes immediately after the main configuration
options. It defines various methods of delivering mail. We are
going to refer to these methods later in the configuration file. Our manual
telneting to port 25 was transporting a mail message by
SMTP. Appending a mail message to the end of a mail folder is also
a transport method. These are represented by the
remote_smtp: and
local_delivery: labels, respectively.
remote_smtp:- This transport has the following suboptions:
driver- The actual method of delivery.
driver =always specifies the kind of transport, director, or router. hosts_overrideandhosts- Using these two options together overrides any list of hosts that may have
been looked up by DNS MX queries. By ``list of hosts'' we mean
machines established from the recipients email address to
which we might like to make an SMTP delivery, but which we are
not going to use. Instead we send all mail to
192.168.2.1, which is this company's internal mail server.
local_delivery:- This transport has the following suboptions:
driver- The actual method of delivery.
driver =always specifies the kind of transport, director, or router. file- The file to append the mail message to.
${local_part}is replaced with everything before the@character of the recipient's address. delivery_date_add,envelope_to_add, andreturn_path_add- Various things to add to the header.
group,mode_fail_narrowerandmode- Various permission settings.
(It should be obvious at this stage what these two transports are going to be used for. As far as MTAs are concerned, the only two things that ever happen to an email message are that it either (a) gets sent through SMTP to another host or (b) gets appended to a file.)
30.3.3 Directors
If a message arrives and it is listed in
local_domains,
exim will attempt a local delivery. This means
exim works through
the list of directors until it finds one that does not fail. The
only director listed here is the one labeled
localuser: with
local_delivery as its transport. So quite simply, email messages
having recipient addresses that are listed under
local_domains are
appended to a user's mailbox file--not very complicated.
A director directs mail to a mailbox.
30.3.4 Routers
If a message arrives and it is not listed in
local_domains,
exim attempts a remote delivery. Similarly, this means
exim
works through the list of routers until it finds one that does not fail.
Two routers are listed here. The first is for common
email addresses. It uses the
lookuphost driver, which
does a DNS MX query on the domain part of the email address
(i.e., everything after the
@). The MX records found are
then passed to the
remote_smtp transport (and in our case, then
ignored). The
lookuphost driver will fail if the domain part of
the email address is a bracketed literal IP address.
The second router uses the
ipliteral driver. It
sends mail directly to an IP address in the case of bracketed, literal
email addresses. For example,
root@[111.1.1.1].
A router routes mail to another host.
30.4 Full-blown Mail server
An actual mail server config file contains very little extra. This one is
the example config file that comes by default with
exim-3.16:
5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 |
#################### MAIN CONFIGURATION SETTINGS ###################### primary_hostname =# qualify_domain =# qualify_recipient =# local_domains =never_users = root# host_accept_relay = localhost# host_accept_relay = my.friends.host : 131.111.0.0/16# relay_domains = my.equivalent.domains : more.equivalent.domainshost_lookup = 0.0.0.0/0# receiver_unqualified_hosts =# sender_unqualified_hosts =rbl_domains = rbl.maps.vix.comno_rbl_reject_recipientssender_reject = "*@*.sex*.net:*@sex*.net"host_reject = "open-relay.spamming-site.com"rbl_warn_header# rbl_domains = rbl.maps.vix.com:dul.maps.vix.com:relays.orbs.org# percent_hack_domains = *end###################### TRANSPORTS CONFIGURATION ######################remote_smtp: driver = smtp# procmail transport goes here <---local_delivery: driver = appendfile file = /var/spool/mail/${local_part} delivery_date_add envelope_to_add return_path_add group = mail mode = 0660address_pipe: driver = pipe return_outputaddress_file: driver = appendfile delivery_date_add envelope_to_add return_path_addaddress_reply: driver = autoreplyend###################### DIRECTORS CONFIGURATION ######################## routers because of a "self=local" setting (not used in this configuration).system_aliases: driver = aliasfile file = /etc/aliases search_type = lsearch user = mail group = mail file_transport = address_file pipe_transport = address_pipeuserforward: driver = forwardfile file = .forward no_verify no_expn check_ancestor# filter file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply# procmail director goes here <---localuser: driver = localuser transport = local_deliveryend###################### ROUTERS CONFIGURATION ########################## widen_domains = "sales.mycompany.com:mycompany.com"lookuphost: driver = lookuphost transport = remote_smtp# widen_domains = literal: driver = ipliteral transport = remote_smtpend###################### RETRY CONFIGURATION ###########################* * F,2h,15m; G,16h,1h,1.5; F,4d,8hend###################################################################### |
For
procmail support (see
procmail(1),
procmailrc(6), and
procmailex(5)), simply add
|
procmail: driver = pipe command = "/usr/bin/procmail -Y -d ${local_part}" |
after your
remote_smtp transport, and then also,
|
procmail: driver = localuser transport = procmail require_files = /usr/bin/procmail |
after your
user_forward director.
30.5 Shell Commands for
exim Administration
As with other daemons, you can stop
exim, start
exim, and
cause
exim to reread its configuration file with:
|
/etc/init.d/exim stop/etc/init.d/exim start/etc/init.d/exim reload |
You should always do a
reload to cause config
file changes to take effect. The
startup script
actually just runs
exim -bd -q30m, which tells
exim to start as a standalone daemon, listening for
connections on port 25, and then execute a
runq (explained
below) every 30 minutes.
To cause
exim [and many other MTAs for
that matter] to loop through the queue of pending messages
and consider each one for deliver, run
|
runq |
which is the same as
exim -q.
To list mail that is queued for delivery, use
|
mailq |
which is the same as
exim -bp.
To forcibly attempt delivery on any mail in the queue, use
|
exim -qf |
and then to forcibly retry even frozen messages in the queue, use
|
exim -qff |
To delete a message from the queue, use
|
exim -Mrm <message-id> |
The man page
exim(8) contains exhaustive treatment
of command-line options. Those above are most of what you will use,
however.
30.6 The Queue
It is often useful to check the queue directory
/var/spool/exim/input/
for mail messages, just to get an inside look at what's going on. The simple
session--
5 10 |
[root@cericon]# 0m 320 14Epss-0008DY-00 <psheer@cranzgot.co.za> freddy@elmstreet.org 0m 304 14Ept8-0008Dg-00 <psheer@cranzgot.co.za> igor@ghostbusters.com [root@cericon]# total 16-rw------- 1 root root 25 Jan 6 11:43 14Epss-0008DY-00-D-rw------- 1 root root 550 Jan 6 11:43 14Epss-0008DY-00-H-rw------- 1 root root 25 Jan 6 11:43 14Ept8-0008Dg-00-D-rw------- 1 root root 530 Jan 6 11:43 14Ept8-0008Dg-00-H |
--clearly shows that two messages are queued for delivery. The
files ending in
-H are envelope headers, and those ending in
-D
are message bodies. The
spec.txt document will show you how to
interpret the contents of the header files.
Don't be afraid to manually
rm files from this directory, but
always delete them in pairs (i.e., remove the both the header and the
body file), and make sure
exim is not running at the time.
In the above example, the commands,
5 |
[root@cericon]# Message 14Epss-0008DY-00 has been removedMessage 14Ept8-0008Dg-00 has been removed[root@cericon]# [root@cericon]# |
work even better.
30.7
/etc/aliases for Equivalent Addresses
Often, we would like certain local addresses to actually
deliver to other addresses. For instance, we would like all
mail destined to user
MAILER-DAEMON to actually go
to user
postmaster; or perhaps some user has two
accounts but would like to read mail from only one of them.
The
/etc/aliases file performs this mapping. This
file has become somewhat of an institution; however you
can see that in the case of
exim, aliasing is
completely arbitrary: you can specify a lookup on any
file under the
system_aliases: director provided
that file is colon delimited.
A default
/etc/aliases file could contain as much as the following;
you should check that the
postmaster account does
exist on your system, and test whether you can read, send, and
receive mail as user
postmaster.
5 10 15 20 25 30 35 40 45 |
# This is a combination of what I found in the Debian# and RedHat distributions. MAILER-DAEMON: postmasterabuse: postmasteranonymous: postmasterbackup: postmasterbackup-reports: postmasterbin: postmasterdaemon: postmasterdecode: postmasterdns: postmasterdns-admin: postmasterdumper: postmasterfetchmail-daemon: postmastergames: postmastergnats: postmasteringres: postmasterinfo: postmasterirc: postmasterlist: postmasterlistmaster: postmasterlp: postmastermail: postmastermailer-daemon: postmastermajordom: postmasterman: postmastermanager: postmastermsql: postmasternews: postmasternobody: postmasteroperator: postmasterpostgres: postmasterproxy: postmasterroot: postmastersync: postmastersupport: postmastersys: postmastersystem: postmastertoor: postmasteruucp: postmasterwarnings: postmasterweb-master: postmasterwww-data: postmaster # some users who want their mail redirectedarny: mail@swartzneger.co.uslarry: lking@cnn.com |
You can remove a lot of these aliases, since they assume services
to be running that might not be installed--
games,
ingres,
for example. Aliases can do two things: firstly, anticipate what mail
people are likely to use if they need to contact the administrator;
and secondly, catch any mail sent by system daemons: for
example the, email address of the DNS administrator is dictated
by the DNS config files, as explained on page .
Note that an alias in the
/etc/aliases file does not have to
have an account on the system--
larry and
arny need
not have entries in the
/etc/passwd file.
30.8 Real-Time Blocking List -- Combating Spam
30.8.1 What is spam?
Spam refers to unsolicited [Not looked for or requested; unsought]bulk mail sent to users usually for promotional purposes. That is, mail is sent automatically to many people with whom the sender has no relationship, and where the recipient did nothing to prompt the mail: all on the chance that the recipient might be interested in the subject matter.
Alternatively, spam can be thought of as any mail sent
to email addresses, where those addresses were obtained without
their owners consent. More practically, anyone who has had an
email account for very long will have gotten messages like
Subject: Fast way to earn big $$$!, which clutters my
mailbox. The longer you have an email address, the more of these
messages you will get, and the more irritated you will get.
To send spam is easy. Work your way around the Internet till you find a mail server that allows relaying. Then send it 10,000 email addresses and a message about where to get pictures of naked underage girls. Now you are a genuine worthy-of-being-arrested spammer. Unfortunately for the unsuspecting administrator of that machine and provided you have even a little clue what you're doing, he will probably never be able to track you down. Several other tricks are employed to get the most out of your $100-for-1,000,000-genuine-email-addresses.
Note that spam is not merely email you are not interested in. People
often confuse mail with other types of communication... like
telephone calls: if you get a telephone call, you have to pick
up the phone then and there--the call is an an invasion of your
privacy. The beauty of email is that you never need to have your
privacy invaded. You can simply delete the mail. If you never want
to get email from a particular person again, you can simply add a
filter that blocks mail from that person's address (see
procmailex(5)).
[If you are irritated by the presumption of the sender, then that's
your problem. Replying to that person with ``Please don't email me...''
not only shows that you are insecure, but also that you are clueless, don't
get much mail, and are therefore also unpopular.]
The point at which email becomes intrusive is purely a question of volume, much like airwave advertisements. Because it comes from a different place each time, you cannot protect yourself against it with a simple mail filter.
Typical spam mail will begin with a spammer
subject like
Create Wealth From Home Now!! and then
the spammer will audaciously append the footer:
This is not a SPAM. You are receiving this because you are on a list of email addresses that I have bought. And you have opted to receive information about business opportunities. If you did not opt in to receive information on business opportunities then please accept our apology. To be REMOVED from this list simply reply with REMOVE as the subject. And you will NEVER receive another email from me.
Need I say that you should be wary of replying with
REMOVE,
since it clearly tells the sender that your email is a valid address.
30.8.2 Basic spam prevention
You can start by at least adding the following lines to your
MAIN configuration section:
|
headers_check_syntaxheaders_sender_verifysender_verifyreceiver_verify |
The option
headers_check_syntax causes
exim to
check all headers of incoming mail messages for correct syntax,
failing them otherwise. The next three options check that one of the
Sender:,
Reply-To: or
From: headers, as well
as both the addresses in the SMTP
MAIL and
RCPT
commands, are genuine email
addresses.
The reasoning here is that spammers will often use
malformed headers to trick the MTA into sending things it ordinarily
wouldn't, I am not sure exactly how this applies in
exim's
case, but these are for the good measure of rejecting email
messages at the point where the SMTP exchange is being initiated.
30.8.3 Real-time blocking list
To find out a lot more about spamming, banning hosts,
reporting spam and email usage in general,
see
MAPS (Mail Abuse Prevention
System LLC) <http://www.mail-abuse.org/>, as well as Open Relay
Behavior-modification System <http://www.orbs.org/>. [If this site is not working,
there is also http://www.orbl.org/ and
http://www.ordb.org/.]Real-time Blocking Lists
or RBL's are a not-so-new idea that has been
incorporated into
exim as a feature. It works as follows. The
spammer has to use a host that allows relays. The IP of that
relay host will be clear to the MTA at the time of connection. The
MTA can then check that against a database of publicly available
banned IP addresses of relay hosts. For
exim, this
means the list under
rbl_domains. If the
rbl_domains
friendly has this IP blacklisted, then
exim denies it also.
You can enable this capability with [This example comes
from
exim's front web page.]
5 10 |
# reject messages whose sending host is in MAPS/RBL# add warning to messages whose sending host is in ORBSrbl_domains = blackholes.mail-abuse.org/reject : \ dialups.mail-abuse.org/reject : \ relays.mail-abuse.org/reject : \ relays.orbs.org/warn# check all hosts other than those on internal networkrbl_hosts = !192.168.0.0/16:0.0.0.0/0# but allow mail to postmaster@my.dom.ain even from rejected hostrecipients_reject_except = postmaster@my.dom.ain# change some logging actions (collect more data)rbl_log_headers # log headers of accepted RBLed messagesrbl_log_rcpt_count # log recipient info of accepted RBLed messages |
in your
MAIN configuration section. Also remember
to remove the line
no_rbl_reject_recipients; otherwise,
exim will only log a warning message and not actually refuse
email.
30.8.4 Mail administrator and user responsibilities
Mail administrator and email users are expected to be aware of the following:
- Spam is evil.
- Spam is caused by poorly configured mail servers.
- It is the responsibility of the mail administrator to ensure that proper measures have been taken to prevent spam.
- Even as a user, you should follow up spam by checking where it came from and complaining to those administrators.
- Many mail administrators are not aware there is an issue. Remind them.
30.9 Sendmail
sendmail's configuration file is
/etc/sendmail.cf.
This file format was inherited from the first UNIX servers and
references simpler files under the directory
/etc/mail/.
You can do most ordinary things by editing one or another file under
/etc/mail/ without having to deal with the complexities of
/etc/sendmail.cf.
Like most stock MTAs shipped with LINUX distributions,
the
sendmail package will work by default as a mailer without
any configuration. However, as always, you will have to add a list of relay
hosts. This is done in the file
/etc/mail/access for
sendmail-8.10
and above. To relay from yourself and, say, the hosts on network
192.168.0.0/16,
as well as, say, the domain hosts
.trusted.com, you must have at least:
5 |
localhost.localdomain RELAYlocalhost RELAY127.0.0.1 RELAY192.168 RELAYtrusted.com RELAY |
which is exactly what the
host_accept_relay option does
in the case of
exim.
The domains for which you are acting as a backup mail server must be
listed in the file
/etc/mail/relay-domains, each on a single
line. This is analogous to the
relay_domains option of
exim.
Then, of course, the domains for which
sendmail is going
to receive mail must also be specified. This is analogous to the
local_domains option of
exim. These are listed in the
file
/etc/mail/local-host-names, each on a single line.
The same
/etc/aliases file is used by
exim
and
sendmail.
Having configured anything under
/etc/mail/, you should
now run
make in this directory to rebuild lookup tables
for these files. You also have to run the command
newaliases
whenever you modify the
/etc/aliases file. In both cases,
you must restart
sendmail.
sendmail has received a large number of security
alerts in its time. It is imperative that you install the latest version. Note
that older versions of
sendmail have configurations that allowed
relaying by default--another reason to upgrade.
A useful resource to for finding out more tricks with
sendmail
is The Sendmail FAQ <http://www.sendmail.org/faq/>.
Next: 31. lilo, initrd, and Up: rute Previous: 29. Services Running Under Contents