Sendmail is one of the oldest and mostly widely used MTAs in the world. It is the default MTA for most UNIX distributions, including HP’s HP-UX, IBM’s AIX, and Sun Microsystems’ Solaris OS. Sendmail’s long life has made it complicated to configure and maintain, but it makes up for its drawbacks with its ability to do just about anything.
First appearing over 30 years ago, Sendmail has evolved into a robust, feature-rich method for transporting electronic mail from one location to another. Originally designed at a time when hard drives the size of washing machines supplied 64 kilobytes of usable storage, Sendmail used every trick in the book to conserve space. To make everything short and to the point, the Sendmail configuration file used such cryptic parameters as “Fw” for “Domains we receive mail for” and “DH” for “Who gets all local email.” While there is a method to the madness, it is not readily apparent to the novice user. For backwards compatibility, these cryptic parameters are still present in the configuration file of today’s Sendmail versions.
Over the years, as features were added to Sendmail, the configuration process became more and more complicated. To make it more administrator-friendly, Sendmail uses a m4-based compilation and configuration model. This layer between the administrator and the build and configuration process makes Sendmail easier to set up and maintain without requiring upgrades of older programs to handle new interaction methods.
This document couldn’t possibly cover everything there is to know about Sendmail without being hundreds of pages long, and a bore to read. Instead, we focus on three commonly seen configurations: Mail Server, Incoming Relay, and Outgoing Only.
When modifying the behavior of Sendmail, theÂ
/etc/mail/sendmail.cfÂ file is not directly altered. Instead, aÂ
.mcÂ file is altered and run through the m4 macro processor. Some exampleÂ
.mcÂ files are inÂ
main.mcÂ is the default setup system.
submit.mcÂ configures Sendmail as an initial mail submission program.
relays all mail on this system through another machine before the mail goes to its destination.
For our examples, we will copy theÂ
main.mcÂ file toÂ
new.mcÂ and make our modifications like so:
cd /usr/lib/mail/cf vi new.mc make new.cf cp new.cf /etc/mail/sendmail.cf /etc/init.d/sendmail restart
To begin with, common elements are shared in all three configurations. A minimal file contains the following:
OSTYPE(`solaris8')dnl DOMAIN(`generic')dnl MAILER(`local')dnl MAILER(`smtp')dnl
OSTYPEÂ macro defines what system this file is on.
DOMAINÂ macro is used to pull in another file into the resulting sendmail.cf file.
MAILERÂ macros define which of the many different delivery methods this configuration file will use.Â
In this example, we are on a Solaris 8 or higher system, we are including the “generic” domain file, and we want to use both the local delivery system and the SMTP system.
The mail server is your typical server for incoming mail. It receives mail for user@domain, delivers it to the user’s local mailbox, and processes mail in its queue for delivery to the outside world.
You only need to make one change: Add each domain that is to be considered a local account intoÂ
OSTYPE(`solaris8')dnl MAILER(`local')dnl MAILER(`smtp')dnl
Incoming Relay is the common configuration for company email servers that are outside of the company firewall. Instead of storing the email, these relays pass it on to a predefined server inside the firewall that is the company’s mail server. This setup is perfect for implementing filtering, since this machine doesn’t handle the other duties of your typical mail server.
To configure Incoming Relay, we first need to add the relay server information. In this case, we are going to relay everything to
Next, we have to allow mail to be relayed through this machine. It’s best to only relay mail for domains served by the internal servers. The following option tells sendmail to use the /etc/mail/relay-domains file as a list of domains allowed to send or receive mail through this server:
We are done. This server will now relay for any domains in the /etc/mail/relay-domains file, except for local accounts, toÂ
OSTYPE(`solaris8')dnl DOMAIN(`solaris-antispam')dnl define(`SMART_HOST', 'relay.mydomain.com')dnl FEATURE(`relay_entire_domain')dnl MAILER(`local')dnl MAILER(`smtp')dnl
For security purposes, it’s best not to set up an indiscriminate mail relay. Every machine needs to use an MTA to send email, and some programs require the ability to relay emails through an SMTP server. With these requirements, you can both relay mail for local services and secure your system from becoming an open relay by configuring Sendmail to attach only to the loop-back address.
To make Sendmail outgoing only, it needs to not accept mail from any remote hosts. To do this, we force it to use only the local loop-back address.
No other options are required; Sendmail transports mail from the local machine to the outside world by default.
OSTYPE(`solaris8')dnl DOMAIN(`solaris-generic')dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') MAILER(`local')dnl MAILER(`smtp')dnl