Language and Page Formatting Options
Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the
SMTPprotocol. However, Sendmail is highly configurable, allowing control over almost every aspect of how email is handled, including the protocol used. Many system administrators elect to use Sendmail as their MTA due to its power and scalability.
22.214.171.124. Purpose and Limitations
It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses
IMAP, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another.
It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. See the Section 19.6, “Additional Resources” for a list of Sendmail resources.
This section reviews the files installed with Sendmail by default and reviews basic configuration changes, including how to stop unwanted email (spam) and how to extend Sendmail with the Lightweight Directory Access Protocol (LDAP).
126.96.36.199. The Default Sendmail Installation
In order to use Sendmail, first ensure the sendmail package is installed on your system by running, as
yum install sendmail
In order to configure Sendmail, ensure the sendmail-cf package is installed on your system by running, as
yum install sendmail-cf
For more information on installing packages with Yum, see Section 8.2.4, “Installing Packages”.
Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA see Section 19.3, “Mail Transport Agents”.
The Sendmail executable is
Sendmail's lengthy and detailed configuration file is
/etc/mail/sendmail.cf. Avoid editing the
sendmail.cffile directly. To make configuration changes to Sendmail, edit the
/etc/mail/sendmail.mcfile, back up the original
/etc/mail/sendmail.cffile, and use the following alternatives to generate a new configuration file:
- Use the included makefile in
/etc/mail/to create a new
make all -C /etc/mail/All other generated files in
/etc/mail(db files) will be regenerated if needed. The old makemap commands are still usable. The make command is automatically used whenever you start or restart the
- Alternatively you may use the
m4macro processor to create a new
m4macro processor is not installed by default. Before using it to create
/etc/mail/sendmail.cf, install the m4 package as root:
yum install m4
More information on configuring Sendmail can be found in Section 188.8.131.52, “Common Sendmail Configuration Changes”.
Various Sendmail configuration files are installed in the
access— Specifies which systems can use Sendmail for outbound email.
domaintable— Specifies domain name mapping.
local-host-names— Specifies aliases for the host.
mailertable— Specifies instructions that override routing for particular domains.
virtusertable— Specifies a domain-specific form of aliasing, allowing multiple virtual domains to be hosted on one machine.
Several of the configuration files in
/etc/mail/, such as
virtusertable, must actually store their information in database files before Sendmail can use any configuration changes. To include any changes made to these configurations in their database files, run the following command, as
makemap hash /etc/mail/<name> < /etc/mail/<name>
where <name> represents the name of the configuration file to be updated. You may also restart the
sendmailservice for the changes to take effect by running:
service sendmail restart
For example, to have all emails addressed to the
example.comdomain delivered to
firstname.lastname@example.org, add the following line to the
To finalize the change, the
virtusertable.dbfile must be updated:
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
Sendmail will create an updated
virtusertable.dbfile containing the new configuration.
184.108.40.206. Common Sendmail Configuration Changes
When altering the Sendmail configuration file, it is best not to edit an existing file, but to generate an entirely new
Before replacing or making any changes to the
sendmail.cffile, create a backup copy.
To add the desired functionality to Sendmail, edit the
/etc/mail/sendmail.mcfile as root. Once you are finished, restart the
sendmailservice and, if the m4 package is installed, the
m4macro processor will automatically generate a new
service sendmail restart
sendmail.cffile does not allow Sendmail to accept network connections from any host other than the local computer. To configure Sendmail as a server for other clients, edit the
/etc/mail/sendmail.mcfile, and either change the address specified in the
Addr=option of the
127.0.0.1to the IP address of an active network device or comment out the
DAEMON_OPTIONSdirective all together by placing
dnlat the beginning of the line. When finished, regenerate
/etc/mail/sendmail.cfby restarting the service
service sendmail restart
The default configuration in Red Hat Enterprise Linux works for most
SMTP-only sites. However, it does not work for UUCP (UNIX-to-UNIX Copy Protocol) sites. If using UUCP mail transfers, the
/etc/mail/sendmail.mcfile must be reconfigured and a new
/etc/mail/sendmail.cffile must be generated.
/usr/share/sendmail-cf/READMEfile before editing any files in the directories under the
/usr/share/sendmail-cfdirectory, as they can affect the future configuration of the
One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For example, a company may want to have a machine called
mail.example.comthat handles all of their email and assigns a consistent return address to all outgoing mail.
In this situation, the Sendmail server must masquerade the machine names on the company network so that their return address is
To do this, add the following lines to
FEATURE(always_add_domain)dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`allmasquerade')dnl MASQUERADE_AS(`example.com.')dnl MASQUERADE_DOMAIN(`example.com.')dnl MASQUERADE_AS(example.com)dnl
After generating a new
sendmail.cffile using the
m4macro processor, this configuration makes all mail from inside the network appear as if it were sent from
220.127.116.11. Stopping Spam
Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards.
Sendmail makes it relatively easy to block new spamming techniques being employed to send junk email. It even blocks many of the more usual spamming methods by default. Main anti-spam features available in sendmail are header checks, relaying denial (default from version 8.9), access database and sender information checks.
For example, forwarding of
SMTPmessages, also called relaying, has been disabled by default since Sendmail version 8.9. Before this change occurred, Sendmail directed the mail host (
x.edu) to accept messages from one party (
y.com) and sent them to a different party (
z.net). Now, however, Sendmail must be configured to permit any domain to relay mail through the server. To configure relay domains, edit the
/etc/mail/relay-domainsfile and restart Sendmail
service sendmail restart
However users can also be sent spam from from servers on the Internet. In these instances, Sendmail's access control features available through the
/etc/mail/accessfile can be used to prevent connections from unwanted hosts. The following example illustrates how this file can be used to both block and specifically allow access to the Sendmail server:
badspammer.com ERROR:550 "Go away and do not spam us anymore" tux.badspammer.com OK 10.0 RELAY
This example shows that any email sent from
badspammer.comis blocked with a 550 RFC-821 compliant error code, with a message sent back. Email sent from the
tux.badspammer.comsub-domain, is accepted. The last line shows that any email sent from the 10.0.*.* network can be relayed through the mail server.
/etc/mail/access.dbfile is a database, use the
makemapcommand to update any changes. Do this using the following command as
makemap hash /etc/mail/access < /etc/mail/access
Message header analysis allows you to reject mail based on header contents.
SMTPservers store information about an email's journey in the message header. As the message travels from one MTA to another, each puts in a
Receivedheader above all the other
Receivedheaders. It is important to note that this information may be altered by spammers.
The above examples only represent a small part of what Sendmail can do in terms of allowing or blocking access. See the
/usr/share/sendmail-cf/READMEfile for more information and examples.
Since Sendmail calls the Procmail MDA when delivering mail, it is also possible to use a spam filtering program, such as SpamAssassin, to identify and file spam for users. See Section 18.104.22.168, “Spam Filters” for more information about using SpamAssassin.
22.214.171.124. Using Sendmail with LDAP
LDAPis a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an
LDAPserver can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation,
LDAPis largely separate from Sendmail, with
LDAPstoring the hierarchical user information and Sendmail only being given the result of
LDAPqueries in pre-addressed email messages.
However, Sendmail supports a much greater integration with
LDAP, where it uses
LDAPto replace separately maintained files, such as
/etc/mail/virtusertables, on different mail servers that work together to support a medium- to enterprise-level organization. In short,
LDAPabstracts the mail routing level from Sendmail and its separate configuration files to a powerful
LDAPcluster that can be leveraged by many different applications.
The current version of Sendmail contains support for
LDAP. To extend the Sendmail server using
LDAP, first get an
LDAPserver, such as OpenLDAP, running and properly configured. Then edit the
/etc/mail/sendmail.mcto include the following:
This is only for a very basic configuration of Sendmail with
LDAP. The configuration can differ greatly from this depending on the implementation of
LDAP, especially when configuring several Sendmail machines to use a common
LDAProuting configuration instructions and examples.
Next, recreate the
/etc/mail/sendmail.cffile by running the
m4macro processor and again restarting Sendmail. See Section 126.96.36.199, “Common Sendmail Configuration Changes” for instructions.
For more information on
LDAP, see Section 20.1, “OpenLDAP”.