\input{gl2.slide-header-beamer}% \errorcontextlines=99 %% Subtopic Number = '1.113.2' %% Title: 'Operate and perform basic configuration of sendmail' %% Weight: 4 %% Description: %% Candidate should be able to modify simple parameters in %% sendmail configuration files (including the "Smart Host" parameter, if %% necessary), create mail aliases, manage the mail queue, start and stop %% sendmail, configure mail forwarding and perform basic troubleshooting of %% sendmail. The objective includes checking for and closing open relay on %% the mailserver. It does not include advanced custom configuration of %% Sendmail. %% Key files, terms, and utilities include: %% /etc/aliases or /etc/mail/aliases %% /etc/mail/* %% ~/.forward %% mailq %% sendmail %% newaliases \title{1.113.2\\Operate and perform basic configuration of sendmail\\Weight 4} \date{2005 November}% \author[Nick Urbanik]{Nick Urbanik \texttt{}\\ {\scriptsize This document Licensed under GPL---see section~\ref{sec:license}}} \subtitle{Linux Professional Institute Certification --- 102}% \mode
{\chead{1.113.2}}% \begin{document} \maketitle \mode
{\thispagestyle{empty}} \begin{frame} \frametitle{Outline} \mode {% %\footnotesize \begin{multicols}{2} \tableofcontents \end{multicols} % You might wish to add the option [pausesections] }% \mode
{% \tableofcontents }% \end{frame} \section{Context} \label{sec:context} \begin{frame} \frametitle{Topic 113 Networking Services [24]}% \framesubtitle{Where we are up to}% \begin{description} \item[1.113.1] Configure and manage inetd, xinetd, and related services [4] % \uline depends on \usepackage[normalem]{ulem}: \item[1.113.2] \textbf{\uline{Operate and perform basic configuration of sendmail [4]}} \item[1.113.3] Operate and perform basic configuration of Apache [4] \item[1.113.4] Properly manage the NFS, smb, and nmb daemons [4] \item[1.113.5] Setup and configure basic DNS services [4] \item[1.113.7] Set up secure shell (OpenSSH) [4] \end{description} \end{frame} \section{Objectives} \label{sec:objectives} \begin{frame} \frametitle{Description of Objective}% \framesubtitle{1.113.2\ \ Operate and perform basic configuration of \texttt{sendmail} [4]}% \mode{\Large}% Candidate should be able to modify simple parameters in sendmail configuration files (including the "Smart Host" parameter, if necessary), create mail aliases, manage the mail queue, start and stop sendmail, configure mail forwarding and perform basic troubleshooting of sendmail. The objective includes checking for and closing open relay on the mailserver. It does not include advanced custom configuration of Sendmail. \end{frame} \begin{frame}[fragile] \frametitle{Key files, terms, and utilities include:}% \framesubtitle{1.113.2\ \ Operate and perform basic configuration of \texttt{sendmail} [4]}% \mode{\large}% \begin{semiverbatim} /etc/aliases \textnormal{or} /etc/mail/aliases /etc/mail/* \(\sim\)/.forward mailq sendmail newaliases \end{semiverbatim} \end{frame} \section{What is \texttt{sendmail}?} \label{sec:what-is-sendmail} \subsection{Some Terminology} \label{sec:terminology} \begin{frame} \frametitle{Some Terms} \begin{description} \item[MUA] --- Mail User Agent: a program to read, compose and dispose of email \begin{itemize} \item Examples: \texttt{mutt} (my favourite), Evolution, Thunderbird, Mozilla mail, Eudora,\,\ldots, and Outlook Express \end{itemize} \item[MTA] --- Mail Transfer Agent: a program that delivers mail and transports it between machines \begin{itemize} \item Examples: \texttt{sendmail}, \texttt{postfix}, \texttt{qmail} \end{itemize} \item[MDA] --- Mail Delivery Agent: a program that receives the email message from the MTA and puts it into a local store. \begin{itemize} \item Examples: \texttt{procmail}, \texttt{mail.local} (part of \texttt{sendmail}) \end{itemize} \end{description} \end{frame} \begin{frame} \frametitle{What is \texttt{sendmail}?} \begin{itemize} \item \texttt{sendmail} is a MTA (mail transfer agent) \end{itemize} \par\bigskip\par \includegraphics[width=\linewidth]{email} \end{frame} \section{Configuring Sendmail} \label{sec:configuring} \begin{frame} \frametitle{Main Configuration Files} \begin{description} \item[\texttt{/etc/mail/sendmail.mc}] The simple human edited configuration file \item[\texttt{/etc/sendmail.cf}] The configuration file generated from \texttt{sendmail.mc} using the \texttt{m4} macro preprocessor \item[\texttt{/etc/mail/aliases}] Gives alternative names for users \end{description} \end{frame} \subsection{Aliases} \label{sec:aliases} \begin{frame}[fragile] \frametitle{Aliases (thanks to userfriendly.org)} \begin{itemize} \item Your web site has links to various generic email addresses: \texttt{webmaster@acme.com.au}, \texttt{sales@acme.com.au}, \texttt{tech@acme.com.au}. \item These should go to real humans; we do this in the \texttt{/etc/mail/aliases} file. \item So if webmaster is \texttt{aj} and \texttt{dustpuppy}, and \item \texttt{greg}, \texttt{mike}, \texttt{pitr}, \texttt{miranda}, \texttt{sid} are technical support, and \item \texttt{stef} is sales, then we can put these lines into our \texttt{/etc/mail/aliases} \begin{semiverbatim} webmaster: aj, dustpuppy tech: greg, mike, pitr, miranda, sid sales: stef \end{semiverbatim} \item Finally we run \par \cmd{sudo newaliases} \par or \par \cmd{sendmail -bi} and now the email will go to the right people. \end{itemize} \end{frame} \subsection{The Big Question} \label{sec:big-question} \begin{frame} \frametitle{Is Sendmail Configuration like Mr. Dithers Swearing?} \begin{itemize} \pause \item Here is a quote from the Second edition of \cite{Cos1997}: \pause \begin{quote} The lines of text in a \texttt{sendmail.cf} file have been described by some as resembling modem noise and by others as resembling Mr.\ Dithers swearing in the comic strip \emph{Blondie}. \par\pause \begin{tabular}[t]{@{}>{\ttfamily}ccl@{}} R\$+@\$=W & $\leftarrow$ & \texttt{sendmail.cf} file\\\pause \{\$/\{\{.+ & $\leftarrow$ & modem noise\\\pause \red{!@}\blue{\#}\violet{!}\red{@}\magenta{@}\green{!} & $\leftarrow$ & \blue{Mr. Dithers swearing} \end{tabular} \end{quote} \pause \item Some have also said that it resembles an \red{explosion} in a punctuation factory \pause \item I think they are all correct. \pause \item Don't edit \texttt{sendmail.cf}; just gaze in \violet{awe} and \magenta{wonder}. \pause \item Edit \texttt{/etc/mail/sendmail.mc} instead, then, after backing up \texttt{sendmail.rc}, do: \par \rootcmd{m4 sendmail.mc > sendmail.cf} \end{itemize} \end{frame} \subsection{Example changing \texttt{sendmail.mc}} \label{sec:example} \begin{frame}[fragile] \frametitle{\texttt{SMART\_HOST} in \texttt{sendmail.mc}} \begin{itemize} \item \texttt{SMART\_HOST}: If you send your email through your ISP, or you are behind a firewall and your company mail server is \texttt{smtp.acme.com.au}, then you would put this into your \texttt{sendmail.mc} file: \begin{semiverbatim} define(`SMART_HOST',`smtp.acme.com.au') \end{semiverbatim} \item You would remove any ``\texttt{dnl }'' from the beginning of the line. \item You would then run \texttt{m4} as shown before: \par \rootcmd{m4 sendmail.mc > sendmail.cf} \par or \par \mbox{\cmd{sudo sh -c 'm4 sendmail.mc > sendmail.cf'}} \item You always need to reload \texttt{sendmail} for it to re-read \texttt{sendmail.cf}: \par \cmd{sudo service sendmail reload} \item \texttt{sendmail} will then relay all outgoing email via \path{smtp.acme.com.au} \end{itemize} \end{frame} \section{Restarting \texttt{sendmail}} \label{sec:restarting-sendmail} \begin{frame} \frametitle{Restarting \texttt{sendmail}} \begin{itemize} \item You restart \texttt{sendmail} the same way as any other service: \item Red Hat: \par \cmd{sudo service sendmail restart} \item Debian, Ubuntu and Red Hat: \par \cmd{sudo /etc/init.d/sendmail restart} \end{itemize} \end{frame} \section{The Perils of Open Relays} \label{sec:open-relays} \begin{frame}[fragile] \frametitle{Open Relays} \begin{itemize} \item If you let anyone use your \texttt{sendmail} to relay email, then you are an \alert{open relay} \item Spammers can use open relays to send their spam to millions of inocents \item Your mail server domain will end up on a black list \item You will find that many people cannot receive email from you. \item If your \texttt{sendmail.mc} contains any \alert{one} of the following: \begin{semiverbatim} FEATURE(promiscuous_relay) FEATURE(loose_relay_check) FEATURE(relay_local_from) \end{semiverbatim} \ldots\,then you are an open relay. \item Turn your mail server off immediately, then read \url{http://www.sendmail.org/tips/relaying.html} \end{itemize} \end{frame} \section{Forwarding and the $\sim$\texttt{/.forward} file} \label{sec:forward} \begin{frame} \frametitle{The $\sim$\texttt{/.forward} file} \begin{itemize} \item Each user can create a file in their \alert{home directory} to determine whether mail is sent on to a different address: \par \cmd{echo nicku@nicku.org > $\sim$/.forward} \item After doing this in my account on a mail server, all email sent to my email address on that mail server would go to my email address \texttt{nicku@nicku.org} \item I wish I could do that with my TAFE mail account, but they run Windows \texttt{:-)} \end{itemize} \end{frame} \section{Troubleshooting} \label{sec:troubleshooting} \begin{frame} \frametitle{Troubleshooting} \begin{itemize} \item The log files are in \texttt{/var/log/maillog} \item The command \cmd{mailq} or \cmd{sendmail~-bp} show the list of emails that are ready to be sent, but which have not yet been sent \begin{itemize} \item This list should be short, preferably empty \end{itemize} \item The \texttt{mailstat} program can summarise the sendmail log files nicely \end{itemize} \end{frame} \section{The AWFUL security record of \texttt{sendmail}} \label{sec:awful-sendmail} \begin{frame} \frametitle{The \alert{\textbf{AWFUL}} security record of sendmail} \begin{itemize} \item The first known worm on the Internet (the Morris worm) exploited a security flaw in \texttt{sendmail} \item Since then, \texttt{sendmail} has had more security flaws than just about any piece of software \item Before version 8.12, it was a huge mess of code, all running Set User ID to \texttt{root} \item Buffer overflows in the code gave remote \texttt{root} access \item A security nightmare \item Since 8.12, there have been some separation of code, and the main \texttt{sendmail} executable no longer runs SUID root, but I still don't trust it. \item Use \texttt{postfix} instead. \end{itemize} \end{frame} \section{Alternatives to \texttt{sendmail}} \label{sec:alternatives} \subsection{The fabulous \texttt{postfix}} \label{sec:postfix} \begin{frame} \frametitle{The wonderful \texttt{postfix}} \begin{itemize} \item I use and recommend \texttt{postfix}, written carefully with security in mind by Wietse Venema, author of tcpwrappers \item Configuration easy (no swearing) \item Written using lots of simple communicating programs \ldots \begin{itemize} \item rather than the one huge mess that is \texttt{sendmail} \end{itemize} \item \ldots\,using minimum privilege required to do the job \item It is fairly \texttt{sendmail} compatible \item Ubuntu, Debian, Red Hat and Fedora users can use Debian alternatives to have both \texttt{postfix} and \texttt{sendmail} installed, and select one of them to operate. \end{itemize} \end{frame} \subsection{The less fabulous \texttt{qmail}} \label{sec:qmail} \begin{frame} \frametitle{\ldots\,or hold your nose and use \texttt{qmail}} \begin{itemize} \item \texttt{qmail} is a well written piece of software, also with much better security than \texttt{sendmail} \begin{itemize} \item Almost \emph{any software} has a better security record than \texttt{sendmail} \texttt{:-)} \end{itemize} \item Unfortunately, its author, Dan J. Bernstein, does not allow you to redistribute modified copies \item Therefore it is not free software \item Therefore I have very little interest in it. \end{itemize} \end{frame} \mode {% \begin{frame} \frametitle{Topics Covered} %\footnotesize %\begin{multicols}{2} \tableofcontents[pausesections,pausesubsections] %\end{multicols} % You might wish to add the option [pausesections] \end{frame} } \section{References} \label{sec:references} \begin{frame} \frametitle{Operate and perform basic configuration of \texttt{sendmail} [4]} \framesubtitle{Resources of interest} \begin{thebibliography}{5} % None of these affects how cite appears, only how the bibitem appears. % \beamertemplatebookbibitems makes little pictures of books in bib. \beamertemplatebookbibitems %\beamertemplatearticlebibitems makes little pictures of text in bib. % \beamertemplatearticlebibitems % \beamertemplatetextbibitems uses [1], [2] or [optional] in bib. %\beamertemplatetextbibitems %\beamertemplatearrowbibitems make little arrows (like ordinary items) %\beamertemplatearrowbibitems \bibitem{Cos2003} % text reference Bryan Costales with Eric Allman. % Author \newblock% %\emph{Sendmail: Building, Installing and Administering Sendmail} % Title \emph{Sendmail, Third Edition} % Title \newblock% O'Reilly 2003. % publisher \bibitem[Sendmail]{Cos1997} % text reference Bryan Costales with Eric Allman. % Author \newblock% \emph{Sendmail, Second Edition} % Title \newblock% O'Reilly January 1997. % publisher \beamertemplatearticlebibitems \bibitem[Sendmail website]{sendmail.org} % text reference Sendmail Website. \newblock% \url{http://www.sendmail.org/} \bibitem[Sendmail FAQ]{FAQ} % text reference Sendmail FAQ. \newblock% \url{http://www.sendmail.org/faq/} \bibitem[Relaying in sendmail]{relaying} % text reference Allowing controlled SMTP relaying. \newblock% \url{http://www.sendmail.org/tips/relaying.html} \end{thebibliography} \end{frame} \section{License Of This Document} \label{sec:license} \begin{frame} \frametitle{License Of This Document} \raggedright% Copyright \copyright\ 2005 Nick Urbanik \par You can redistribute modified or unmodified copies of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation --- either version 2 of the License or (at your option) any later version. \end{frame} \end{document}