1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik

1.113.2 Operate and perform basic configuration of sendmail Weight 4
Linux Professional Institute Certification — 102

Context Objectives What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting

Nick Urbanik <nicku@nicku.org>
This document Licensed under GPL—see section 12

The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

2005 November

Outline

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives

Context Objectives What is sendmail? Some Terminology Configuring Sendmail Aliases The Big Question Example changing sendmail.mc Restarting sendmail

The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail The fabulous postfix The less fabulous qmail References License Of This Document

What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Topic 113 Networking Services [24]
Where we are up to

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives

1.113.1 Configure and manage inetd, xinetd, and related services [4] 1.113.2 Operate and perform basic configuration of sendmail [4] 1.113.3 Operate and perform basic configuration of Apache [4] 1.113.4 Properly manage the NFS, smb, and nmb daemons [4] 1.113.5 Setup and configure basic DNS services [4] 1.113.7 Set up secure shell (OpenSSH) [4]

What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Description of Objective
1.113.2 Operate and perform basic configuration of sendmail [4]

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context

Candidate should be able to modify simple parameters in sendmail configuration files (including the "Smart Host" parameter, if necessary), create mail aliases, manage the mail queue, start and stop sendmail, configure mail forwarding and perform basic troubleshooting of sendmail. The objective includes checking for and closing open relay on the mailserver. It does not include advanced custom configuration of Sendmail.

Objectives What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Key files, terms, and utilities include:
1.113.2 Operate and perform basic configuration of sendmail [4]

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail

/etc/aliases or /etc/mail/aliases /etc/mail/* ∼/.forward mailq sendmail newaliases

Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Some Terms

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik

MUA — Mail User Agent: a program to read, compose and dispose of email Examples: mutt (my favourite), Evolution, Thunderbird, Mozilla mail, Eudora, . . . , and Outlook Express MTA — Mail Transfer Agent: a program that delivers mail and transports it between machines Examples: sendmail, postfix, qmail MDA — Mail Delivery Agent: a program that receives the email message from the MTA and puts it into a local store. Examples: procmail, mail.local (part of sendmail)

Context Objectives What is sendmail?
Some Terminology

Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

What is sendmail?

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives

sendmail is a MTA (mail transfer agent)
Sender

What is sendmail?
Some Terminology

Configuring Sendmail

MUA

SMTP

MTA

SMTP (over the Internet)

Restarting sendmail

MTA

MDA

The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

MUA
Recipient

POP IMAP

POP/IMAP

server

message store

Main Configuration Files

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail
Aliases

/etc/mail/sendmail.mc The simple human edited configuration file /etc/sendmail.cf The configuration file generated from sendmail.mc using the m4 macro preprocessor /etc/mail/aliases Gives alternative names for users

The Big Question Example changing sendmail.mc

Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Aliases (thanks to userfriendly.org)
Your web site has links to various generic email addresses: webmaster@acme.com.au, sales@acme.com.au, tech@acme.com.au. These should go to real humans; we do this in the /etc/mail/aliases file. So if webmaster is aj and dustpuppy, and greg, mike, pitr, miranda, sid are technical support, and stef is sales, then we can put these lines into our /etc/mail/aliases webmaster: aj, dustpuppy tech: greg, mike, pitr, miranda, sid sales: stef Finally we run $ sudo newaliases ← or $ sendmail -bi ← and now the email will go to the right people.

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail
Aliases The Big Question Example changing sendmail.mc

Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Is Sendmail Configuration like Mr. Dithers Swearing?
Here is a quote from the Second edition of [Sendmail]: The lines of text in a sendmail.cf file have been described by some as resembling modem noise and by others as resembling Mr. Dithers swearing in the comic strip Blondie. R$+@$=W {$/{{.+ !@#!@@! ← ← ← sendmail.cf file modem noise Mr. Dithers swearing

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail
Aliases The Big Question Example changing sendmail.mc

Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting

Some have also said that it resembles an explosion in a punctuation factory I think they are all correct. Don’t edit sendmail.cf; just gaze in awe and wonder. Edit /etc/mail/sendmail.mc instead, then, after backing up sendmail.rc, do: # m4 sendmail.mc > sendmail.cf ←

The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

SMART_HOST in sendmail.mc
SMART_HOST: If you send your email through your ISP, or you are behind a firewall and your company mail server is smtp.acme.com.au, then you would put this into your sendmail.mc file: define(‘SMART_HOST’,‘smtp.acme.com.au’)

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail
Aliases The Big Question

Example changing You would remove any “dnl ” from the beginning of the sendmail.mc Restarting sendmail line. The Perils of Open You would then run m4 as shown before: Relays Forwarding and the # m4 sendmail.mc > sendmail.cf ← ∼/.forward file or Troubleshooting $ sudo sh -c ’m4 sendmail.mc > sendmail.cf’ ← The AWFUL security

You always need to reload sendmail for it to re-read sendmail.cf: $ sudo service sendmail reload ← sendmail will then relay all outgoing email via smtp.acme.com.au

record of sendmail Alternatives to sendmail References License Of This Document

Restarting sendmail

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail

You restart sendmail the same way as any other service: Red Hat: $ sudo service sendmail restart ← Debian, Ubuntu and Red Hat: $ sudo /etc/init.d/sendmail restart ←

Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Open Relays
If you let anyone use your sendmail to relay email, then you are an open relay Spammers can use open relays to send their spam to millions of inocents Your mail server domain will end up on a black list You will find that many people cannot receive email from you. If your sendmail.mc contains any one of the following: FEATURE(promiscuous_relay) FEATURE(loose_relay_check) FEATURE(relay_local_from) . . . then you are an open relay. Turn your mail server off immediately, then read http://www.sendmail.org/tips/relaying.html

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

The ∼/.forward file

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail?

Each user can create a file in their home directory to determine whether mail is sent on to a different address: $ echo nicku@nicku.org > ∼/.forward ← After doing this in my account on a mail server, all email sent to my email address on that mail server would go to my email address nicku@nicku.org I wish I could do that with my TAFE mail account, but they run Windows :-)

Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

Troubleshooting

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail?

The log files are in /var/log/maillog The command $ mailq ← or $ sendmail -bp ← show the list of emails that are ready to be sent, but which have not yet been sent
This list should be short, preferably empty

Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

The mailstat program can summarise the sendmail log files nicely

The AWFUL security record of sendmail

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context

The first known worm on the Internet (the Morris worm) exploited a security flaw in sendmail Since then, sendmail has had more security flaws than just about any piece of software Before version 8.12, it was a huge mess of code, all running Set User ID to root Buffer overflows in the code gave remote root access A security nightmare Since 8.12, there have been some separation of code, and the main sendmail executable no longer runs SUID root, but I still don’t trust it. Use postfix instead.

Objectives What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

The wonderful postfix

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives

I use and recommend postfix, written carefully with security in mind by Wietse Venema, author of tcpwrappers Configuration easy (no swearing) Written using lots of simple communicating programs . . .
rather than the one huge mess that is sendmail

What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail
The fabulous postfix The less fabulous qmail

. . . using minimum privilege required to do the job It is fairly sendmail compatible Ubuntu, Debian, Red Hat and Fedora users can use Debian alternatives to have both postfix and sendmail installed, and select one of them to operate.

References License Of This Document

. . . or hold your nose and use qmail

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail?

qmail is a well written piece of software, also with much better security than sendmail
Almost any software has a better security record than sendmail :-)

Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail
The fabulous postfix The less fabulous qmail

Unfortunately, its author, Dan J. Bernstein, does not allow you to redistribute modified copies Therefore it is not free software Therefore I have very little interest in it.

References License Of This Document

Topics Covered
Context Objectives What is sendmail? Some Terminology Configuring Sendmail Aliases The Big Question Example changing sendmail.mc Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail The fabulous postfix The less fabulous qmail References License Of This Document

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail
The fabulous postfix The less fabulous qmail

References License Of This Document

Operate and perform basic configuration of sendmail [4]
Resources of interest

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives

Bryan Costales with Eric Allman. Sendmail, Third Edition O’Reilly 2003. Bryan Costales with Eric Allman. Sendmail, Second Edition O’Reilly January 1997. Sendmail Website. http://www.sendmail.org/ Sendmail FAQ. http://www.sendmail.org/faq/ Allowing controlled SMTP relaying. http://www.sendmail.org/tips/relaying.html

What is sendmail? Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document

License Of This Document

1.113.2 Operate and perform basic configuration of sendmail Weight 4 Nick Urbanik Context Objectives What is sendmail?

Copyright c 2005 Nick Urbanik <nicku@nicku.org> You can redistribute modified or unmodified copies of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation — either version 2 of the License or (at your option) any later version.

Configuring Sendmail Restarting sendmail The Perils of Open Relays Forwarding and the ∼/.forward file Troubleshooting The AWFUL security record of sendmail Alternatives to sendmail References License Of This Document