|
Thursday, June 25, 2009 |
SENDMAIL configuration |
SENDMAIL Configuration tested on RedHat 4 update 5 ------------------------------------------------------------------- Follow the below link:
http://www.owlriver.com/tips/sendmail-tip/
1> Apply the patch sendmail-cf-8.13.1-3.2.el4.i386.rpm which is available in 3rd cd rpm -Uvh sendmail-cf-8.13.1-3.2.el4.i386.rpm
2> To be able to hand email TO it (on port 25), you will need packages: rpm -q sendmail-cf m4
3> If not present, use your install media and install them
4> Edit /etc/mail/sendmail.mc with your favorite text editor. Toward the bottom of that file is this stanza: dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') ... Note that the string "dnl " at the left margin is how comments are added to sendmail.mc -- this is an artifact of the ancient origins of sendmail and the m4 macro processor Make it read as the text says "to accept email over the network": dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') (this is the last line quoted in the first stanza, now commented out.)
4. rebuild /etc/sendmail.cf from the revised /etc/mail/sendmail.mc thus: m4 /etc/mail/sendmail.mc > /etc/sendmail.cf (This is considered Unix deep magic -- but all it does is have the m4 macro processor use the sendmail-cf recipies, and make a new well-formed sendmail.cf. Note that lower in the sendmail.mc file is an option to specify what hostname your mail server uses -- useful for pretending to be a server with a resolvable name.) (Note also that /etc/sendmail.cf moves to become /etc/mail/sendmail.cf with sendmail- 8.12.x and so that command will become m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf in later versions. But there are many other changes, including a separate non-privleged child process.)
5. Tell sendmail to listen all the time (in so-called daemon mode) instead of delivering just its own local mail queue just once an hour. Edit /etc/sysconfig/sendmail and change: DAEMON=no to: DAEMON=yes
6. And restart sendmail cd /etc/mail make service sendmail restart (Note: The make step is needed in some variants of Red Hat, as the automatic execution of the make is missing in some releases of the initscript package.)
7. Confirm it locally: netstat -an | grep 25 | grep tcp yields: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN (which says the host is listening on ALL interfaces for connections ...) [I undid step 5 and 6 -- and reran this test -- it yields -- nothing -- that it is NOT able to be connected to externally on port 25 -- and so THAT port is safe from a remote direct attack.]
8. Test locally (I list YOUR part OUT of []): telnet localhost 25 [... banner] HELO LOCALHOST [... response] QUIT It went: [root@couch herrold]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 couch.basement.net ESMTP Sendmail 8.11.6/8.11.6; Sat, 17 Nov 2001 17:10:39 -0500 HELO localhost 250 couch.basement.net Hello IDENT:+yf0DRAJjMc1ZxKCEIv/Y7hCZQtbC55G@couch.basement.net [127.0.0.1], pleased to meet you QUIT 221 2.0.0 couch.basement.net closing connection Connection closed by foreign host. $
9. The acid test -- From another host test it (we'll restate the conversation, and hide the remote end's responses initially for clarity): telnet couch.basement.net 25 HELO localhost QUIT Or more elaborately (I highlight your input in red): [herrold@router herrold]$ telnet couch.basement.net 25 Trying 172.16.33.101... Connected to 172.16.33.101. Escape character is '^]'. 220 couch.basement.net ESMTP Sendmail 8.11.6/8.11.6; Sat, 17 Nov 2001 17:36:05 -0500 HELO localhost 250 couch.basement.net Hello router.basement.net [172.16.33.2], pleased to meet you MAIL FROM: 553 5.5.4 godzilla@localhost... Real domain name required for sender address MAIL FROM: 250 2.1.0 godzilla@microsoft.com... Sender ok RCPT TO: 250 2.1.5 root@localhost... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Linux rules. . 250 2.0.0 fAHMajY07056 Message accepted for delivery QUIT 221 2.0.0 couch.basement.net closing connection Connection closed by foreign host. [herrold@router herrold]$ .... that was successful -- note that the 'domain must resolve' rule for senders kicked in on the first part of the "MAIL FROM" offer -- this is an anti-spam feature. [Note the name look up's working -- I have working residence DHCP and DNS services on Linux ... ]. The X- header is added by procmail. There is a forward rule in place for root, as recommended in an earlier post; Out at the end recipient host, we find: Return-Path: Received: from couch.basement.net (dhcp065-024-xx-xx.columbus.rr.com [65.24.xx.xx]) by swampfox.owlriver.com (8.11.6/8.11.6) with ESMTP id fAHMbGu07271 for ; Sat, 17 Nov 2001 17:37:16 -0500 Received: from localhost (router.basement.net [172.16.33.2]) by couch.basement.net (8.11.6/8.11.6) with SMTP id fAHMajY07056 for root@localhost; Sat, 17 Nov 2001 17:37:06 -0500 Date: Sat, 17 Nov 2001 17:37:06 -0500 From: godzilla@microsoft.com Message-Id: <200111172237.fAHMajY07056@couch.basement.net> X-Loop: herrold@owlriver.com Linux rules. Read the received lines from the bottom up -- We forged the sender as "godzilla@microsoft.com" -- spammers do this all the time, nothing new there; and offered to root@localhost -- The forward rule handed it for delivery to herrold@owlriver.com. Seems to work fine As this demonstrated, this is probably not enough to suffice in production. Do NOT connect this to the outside world -- a bit more needs to be done --- As set, it will receive mail only with a final (as to the originator's perspective) destination at the localhost -- /etc/mail/access and /etc/mail/local-host-names need attention to receive mail for handling for others. But again, this is beyond the scope of this presentation.
10> To send a mail sendmail –v sriasan@gmail.com – use gmail, I had spam issues with yahoo.com this is to test sendmail ctrl –d or . check gmail for the mailLabels: SENDMAIL configuration |
posted by Srinivasan .R @ 6:03 AM |
|
|
|
|