27.3. Mail Transport Agents
184.108.40.206. Purpose and Limitations
220.127.116.11. The Default Sendmail Installation
/etc/mail/sendmail.cf. Avoid editing the
sendmail.cffile directly. To make configuration changes to Sendmail, edit the
/etc/mail/sendmail.mcfile, back up the original
/etc/mail/sendmail.cf, and use the following alternatives to generate a new configuration file:
- Use the included makefile in
make all -C /etc/mail) to create a new
/etc/mail/sendmail.cfconfiguration file. All other generated files in
/etc/mail(db files) will be regenerated if needed. The old makemap commands are still usable. The make command will automatically be used by
service sendmail start | restart | reloadif the
makepackage is installed.
- Alternatively you may use the included
m4macro processor to create a new
access— Specifies which systems can use Sendmail for outbound email.
domaintable— Specifies domain name mapping.
local-host-names— Specifies aliases for the host.
mailertable— Specifies instructions that override routing for particular domains.
virtusertable— Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine.
/etc/mail/, such as
virtusertable, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command:
makemap hash /etc/mail/<name> < /etc/mail/<name>
example.comdomain delivered to
firstname.lastname@example.org, add the following line to the
virtusertable.dbfile must be updated using the following command as root:
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
virtusertable.dbfile containing the new configuration.
18.104.22.168. Common Sendmail Configuration Changes
sendmail.cffile, it is a good idea to create a backup copy.
/etc/mail/sendmail.mcfile as the root user. When finished, use the
m4macro processor to generate a new
sendmail.cfby executing the following command:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
m4macro processor is installed with Sendmail but is part of the
/etc/mail/sendmail.cffile, restart Sendmail for the changes to take effect. The easiest way to do this is to type the following command:
service sendmail restart
sendmail.cffile does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the
/etc/mail/sendmail.mcfile, and either change the address specified in the
Addr=option of the
127.0.0.1to the IP address of an active network device or comment out the
DAEMON_OPTIONSdirective all together by placing
dnlat the beginning of the line. When finished, regenerate
/etc/mail/sendmail.cfby executing the following command:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/mail/sendmail.mcfile must be reconfigured and a new
/etc/mail/sendmail.cfmust be generated.
/usr/share/sendmail-cf/READMEfile before editing any files in the directories under the
/usr/share/sendmail-cfdirectory, as they can affect the future configuration of
mail.example.comthat handles all of their email and assigns a consistent return address to all outgoing mail.
FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`bigcorp.com.')dnl MASQUERADE_DOMAIN(`bigcorp.com.')dnl MASQUERADE_AS(bigcorp.com)dnl
m4, this configuration makes all mail from inside the network appear as if it were sent from
22.214.171.124. Stopping Spam
x.edu) to accept messages from one party (
y.com) and sent them to a different party (
z.net). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the
/etc/mail/relay-domainsfile and restart Sendmail.
/etc/mail/accessfile can be used to prevent connections from unwanted hosts. The following example illustrates how this file can be used to both block and specifically allow access to the Sendmail server:
badspammer.com ERROR:550 "Go away and do not spam us anymore" tux.badspammer.com OK 10.0 RELAY
badspammer.comis blocked with a 550 RFC-821 compliant error code, with a message sent back to the spammer. Email sent from the
tux.badspammer.comsub-domain, is accepted. The last line shows that any email sent from the 10.0.*.* network can be relayed through the mail server.
/etc/mail/access.dbis a database, use
makemapto activate any changes. Do this using the following command as root:
makemap hash /etc/mail/access < /etc/mail/access
/usr/share/sendmail-cf/READMEfor more information and examples.
126.96.36.199. Using Sendmail with LDAP
virtusertables, on different mail servers that work together to support a medium- to enterprise-level organization. In short, LDAP abstracts the mail routing level from Sendmail and its separate configuration files to a powerful LDAP cluster that can be leveraged by many different applications.
/etc/mail/sendmail.mcto include the following:
/usr/share/sendmail-cf/READMEfor detailed LDAP routing configuration instructions and examples.
/etc/mail/sendmail.cffile by running
m4and restarting Sendmail. Refer to Section 188.8.131.52, “Common Sendmail Configuration Changes” for instructions.
184.108.40.206. The Default Postfix Installation
/usr/sbin/postfix. This daemon launches all related processes needed to handle mail delivery.
/etc/postfix/directory. The following is a list of the more commonly used files:
access— Used for access control, this file specifies which hosts are allowed to connect to Postfix.
aliases— A configurable list required by the mail protocol.
main.cf— The global Postfix configuration file. The majority of configuration options are specified in this file.
master.cf— Specifies how Postfix interacts with various processes to accomplish mail delivery.
transport— Maps email addresses to relay hosts.
/etc/postfix/main.cffile does not allow Postfix to accept network connections from a host other than the local computer. For instructions on configuring Postfix as a server for other clients, refer to Section 220.127.116.11, “Basic Postfix Configuration”.
/etc/postfix/directory, it may be necessary to restart the
postfixservice for the changes to take effect. The easiest way to do this is to type the following command:
service postfix restart
18.104.22.168. Basic Postfix Configuration
- Edit the
/etc/postfix/main.cffile with a text editor, such as
- Uncomment the
mydomainline by removing the hash mark (
#), and replace domain.tld with the domain the mail server is servicing, such as
- Uncomment the
myorigin = $mydomainline.
- Uncomment the
myhostnameline, and replace host.domain.tld with the hostname for the machine.
- Uncomment the
mydestination = $myhostname, localhost.$mydomainline.
- Uncomment the
mynetworksline, and replace 22.214.171.124/28 with a valid network setting for hosts that can connect to the server.
- Uncomment the
inet_interfaces = allline.
- Comment the
inet_interfaces = localhostline.
- Restart the
/etc/postfix/main.cffile. Also, with Red Hat Enterprise Linux version 5.9, Postfix provides MySQL maps support which allows Postfix to use a MySQL database and configure various lookup tables for various operations over MySQL databases. For example, the
virtualtable for handling global mail redirection, the
accesstable for controlling access to an SMTP server and the
aliasestable for managing system-wide mail redirection. Configuration details and examples, as well as other additional resources including information about LDAP and SpamAssassin integration are available online at http://www.postfix.org/.
.fetchmailrcfile in the user's home directory.
.fetchmailrcfile, Fetchmail checks for email on a remote server and downloads it. It then delivers it to port 25 on the local machine, using the local MTA to place the email in the correct user's spool file. If Procmail is available, it is launched to filter the email and place it in a mailbox so that it can be read by an MUA.
126.96.36.199. Fetchmail Configuration Options
.fetchmailrcfile is much easier. Place any desired configuration options in the
.fetchmailrcfile for those options to be used each time the
fetchmailcommand is issued. It is possible to override these at the time Fetchmail is run by specifying that option on the command line.
.fetchmailrcfile contains three classes of configuration options:
- global options — Gives Fetchmail instructions that control the operation of the program or provide settings for every connection that checks for email.
- server options — Specifies necessary information about the server being polled, such as the hostname, as well as preferences for specific email servers, such as the port to check or number of seconds to wait before timing out. These options affect every user using that server.
- user options — Contains information, such as username and password, necessary to authenticate and check for email using a specified email server.
.fetchmailrcfile, followed by one or more server options, each of which designate a different email server that Fetchmail should check. User options follow server options for each user account checking that email server. Like server options, multiple user options may be specified for use with a particular server as well as to check multiple email accounts on the same server.
.fetchmailrcfile by the use of a special option verb,
skip, that precedes any of the server information. The
pollaction tells Fetchmail to use this server option when it is run, which checks for email using the specified user options. Any server options after a
skipaction, however, are not checked unless this server's hostname is specified when Fetchmail is invoked. The
skipoption is useful when testing configurations in
.fetchmailrcbecause it only checks skipped servers when specifically invoked, and does not affect any currently working configurations.
.fetchmailrcfile looks similar to the following example:
set postmaster "user1" set bouncemail poll pop.domain.com proto pop3 user 'user1' there with password 'secret' is user1 here poll mail.domain2.com user 'user5' there with password 'secret2' is user1 here user 'user7' there with password 'secret3' is user1 here
postmasteroption) and all email errors are sent to the postmaster instead of the sender (
setaction tells Fetchmail that this line contains a global option. Then, two email servers are specified, one set to check using POP3, the other for trying various protocols to find one that works. Two users are checked using the second server option, but all email found for any user is sent to
user1's mail spool. This allows multiple mailboxes to be checked on multiple servers, while appearing in a single MUA inbox. Each user's specific information begins with the
.fetchmailrcfile. Omitting the
with password '<password>'section causes Fetchmail to ask for a password when it is launched.
fetchmailman page explains each option in detail, but the most common ones are listed here.
188.8.131.52. Global Options
daemon <seconds>— Specifies daemon-mode, where Fetchmail stays in the background. Replace <seconds> with the number of seconds Fetchmail is to wait before polling the server.
postmaster— Specifies a local user to send mail to in case of delivery problems.
syslog— Specifies the log file for errors and status messages. By default, this is
184.108.40.206. Server Options
auth <auth-type>— Replace <auth-type> with the type of authentication to be used. By default,
passwordauthentication is used, but some protocols support other types of authentication, including
ssh. If the
anyauthentication type is used, Fetchmail first tries methods that do not require a password, then methods that mask the password, and finally attempts to send the password unencrypted to authenticate to the server.
interval <number>— Polls the specified server every
<number>of times that it checks for email on all configured servers. This option is generally used for email servers where the user rarely receives messages.
port <port-number>— Replace <port-number> with the port number. This value overrides the default port number for the specified protocol.
proto <protocol>— Replace <protocol> with the protocol, such as
imap, to use when checking for messages on the server.
timeout <seconds>— Replace <seconds> with the number of seconds of server inactivity after which Fetchmail gives up on a connection attempt. If this value is not set, a default of
300seconds is assumed.
220.127.116.11. User Options
useroption (defined below).
fetchall— Orders Fetchmail to download all messages in the queue, including messages that have already been viewed. By default, Fetchmail only pulls down new messages.
fetchlimit <number>— Replace <number> with the number of messages to be retrieved before stopping.
flush— Deletes all previously viewed messages in the queue before retrieving new messages.
limit <max-number-bytes>— Replace <max-number-bytes> with the maximum size in bytes that messages are allowed to be when retrieved by Fetchmail. This option is useful with slow network links, when a large message takes too long to download.
password '<password>'— Replace <password> with the user's password.
preconnect "<command>"— Replace <command> with a command to be executed before retrieving messages for the user.
postconnect "<command>"— Replace <command> with a command to be executed after retrieving messages for the user.
ssl— Activates SSL encryption.
sslproto— Defines allowed SSL or TLS protocols. Possible values are
TLS1; however, due to the POODLE: SSLv3 vulnerability (CVE-2014-3566), be sure to set this option to
user "<username>"— Replace <username> with the username used by Fetchmail to retrieve messages. This option must precede all other user options.
18.104.22.168. Fetchmail Command Options
fetchmailcommand mirror the
.fetchmailrcconfiguration options. In this way, Fetchmail may be used with or without a configuration file. These options are not used on the command line by most users because it is easier to leave them in the
fetchmailcommand with other options for a particular purpose. It is possible to issue command options to temporarily override a
.fetchmailrcsetting that is causing an error, as any options specified at the command line override configuration file options.
22.214.171.124. Informational or Debugging Options
fetchmailcommand can supply important information.
--configdump— Displays every possible option based on information from
.fetchmailrcand Fetchmail defaults. No email is retrieved for any users when using this option.
-s— Executes Fetchmail in silent mode, preventing any messages, other than errors, from appearing after the
-v— Executes Fetchmail in verbose mode, displaying every communication between Fetchmail and remote email servers.
-V— Displays detailed version information, lists its global options, and shows settings to be used with each user, including the email protocol and authentication method. No email is retrieved for any users when using this option.
126.96.36.199. Special Options
-a— Fetchmail downloads all messages from the remote email server, whether new or previously viewed. By default, Fetchmail only downloads new messages.
-k— Fetchmail leaves the messages on the remote email server after downloading them. This option overrides the default behavior of deleting messages after downloading them.
-l <max-number-bytes>— Fetchmail does not download any messages over a particular size and leaves them on the remote email server.
--quit— Quits the Fetchmail daemon process.
.fetchmailrcoptions can be found in the