how to setup a linux mail hub
TRANSCRIPT
-
8/14/2019 How to Setup a Linux Mail Hub
1/5
In th is article, we w ill cover settingup a Linux machine to act as a mailhub for the local network, allowing
workstations to send and receive In-ternet mail without themselves beingdirectly connected to the outside world.
Befor e you try doing this , youshould already know how to installLinux and connect that Linux machineto the Internet. [ If y ou dont, well be
covering it in afutu reissueofPCNA - Ed.]
Sendmail
Although the sendmail utility comesready-built with almost any Linu x d is-tribution you care to name, there areadvantages to knowing how to com-pile it you rself. Firstly, a w idely-used,important p rogram such as sendmailinevitably attracts a lot of attention fromhackers. Updatesto the program incor-porating fixes for th e latest securityholes are regularly being made avail-able. These updates are available aspatches against the source code, wh ichyou need to add and then re-compile.(You can get sendm ail precomp iled, ofcourse, but its safer to compile yourown from source code that doesnt ap-pear to h ave been hacked.)
There is a sendmail Web page atww w.sendm ail.org,and many sitesm ir-ror the source code from there. Onceyou have the source, extract it into adirectory (/ usr/ src/ sendmailx.x.xx)and cd into the src directory therein. Inthere is a m akesendm ail shell script thatwill do all the work for you. It is easiest
to do the configuration in the sourcedirectory, before actually installing thebinary and configuration files.
Configuring
Tackling the sendmail configura-tion pr ocess from scratch is tough . Themain configura tion file, sendm ail.cf, isdesigned to be easy for the sendmailprogram to read. Unfortunately, thismeans that its somewhat cryptic tomere hu mans. Fortunately, it is a taskthat r ar ely has to be done f r om the
beginning. The sendmail distributionincludes several sample sendmail.cffiles, one or other of which can beadap ted to m ost configurations with afew changes. Any modern Linux dis-tribution will include these samplefiles in its send mail installation.
Recent versions of sendmail haveintroduced an important simplifica-tion into the configuration process, byshifting the user intervention from di-rect editing of the sendmail configura-tion file to making changes to files ofM4 macros, which is easier and moreimmediately und erstandable.
In this section, we w ill consider u seof the M4 macros. The section on con-figuring a sendmail client that con-nects to our mail hub will deal directlywith the / etc/ sendmail.cf file, as thatprocess is sufficiently simple to be eas-ily accomplished withou t the aid of theM4 macros.
Generating A Config
The sendmail configuration appa-ratu s is in the / cf subd irectory. Withinthis, the / m4 directory contains sup-por t r outines, which s hould not bechanged.
The / cf directory contains the con-
figuration files themselves. They have.mc suffixes, and m ust be ru n th roughM4 to become complete. The resultingoutput should have a .cf suffix.
The / ostype director y containsdefinitions describing a particular op-erating system type. These should al-wa ys be referenced u sing the OSTYPEmacro in the .mc file.
The / domain directory contains
definitions describing a particular do-main, referenced u sing the DOMAINmacro in the .mc file. The / mailer di-rectory holds descriptions of mailers,referenced using the MAILER macroin th e .mc file.
In the / sh directory are the shellfiles used when building the .cf filefrom th e .mc file in the cf subd irectory,while / feature holds special featuresthat you might want to include. Theyshould be referenced using the FEA-TURE m acro.
In / hack youll find local hacksfrom Berkeley (the hom e of sendm ail),of no more than voyeuristic interest, ifthat. And in / siteconfig is the site con-figuration, ie, tables of locally-con-nected UU CP sites.
Typi cal File
The root of the configuration proc-ess is wh at might becalled the base .mcfile. This forms the starting-point forM 4 directives which invoke othermacro files.All of the definitions in ourbase .mcfilein turn reference other .mcfiles. Order is important: follow that
given here.In w hat follows, I shall simply clar-ify w hat I have done h ere. For the full
Issu e 89 (N ovem ber 1997) Page 15 File: T1402.1
A mail hub is a machine that sits on y our LA N , acting as the interface between y our u sers and t he
Internet. It processes all mail, ensuring that messages sent from users get transmitted and that
incoming items are distributed to the correct user. Linux , the free version of Unix, allows y ou to
set up a Unix-based mail hub on an old Intel box for m inimum outlay and maximum flexibility.
By Paul Dunne
How To Set Up A
Linux Mail Hub
PC N etwork Advisor
Tutorial:Hardware
-
8/14/2019 How to Setup a Linux Mail Hub
2/5
information, see the README in thecf/ su bdirectory.
VERSION ID(@(#)you rcom pa ny .mc8.5 (Berks) 10/ 8/ 97)OSTYPE(mklinux) FEATURE(nou ucp )MAILER(local) MA ILER(sm tp )
The first line is for housekeeping,and puts the version line into the out-put file,soyou can keep track ofchanges.
OSTYPE
The first macro defines our operat-ing system. You must define an oper-ating s ys tem environment, or theconfigura tion file build will fail. For us,the OS is of course Linux; we use thefile in ostyp es called mklinu x.mc. Thiscontains details such as default file lo-cations and other OS-specific material.It should n ot need to be changed.
FEATURE
The only feature we u se is nouucp,which says dont do anything special
with UUCP addresses at all.Theres another feature, nullclient.
This could be used to d o wha t we w illdo later on by hand, ie, gener ate astripp ed-down configuration file thatdoes nothing but forward all mail to acentral hub via a local SMTP-basednetwork. The argument is the nam e ofthat hub.
MAILER
The MAILER macros use macro
files to specify rules to handle one ormore mailers. Here, w e invoke defini-tions for a local mailer and an SMTPmailer. There are fewer mailers sup-ported in this version than the pre-v io u s v er sio n, o w in g m o st ly t o asimpler world. As a general rule, putthe MAILER definitions last in your.mc file, and always put MAILER-(smtp) before MAILER(uucp ) - severalfeatures an d definitions will modifythe definition ofm ailers,and th e SMTPmailer modifies the UUCP mailer.
The local parameter specifies the
local and prog mailers. You w ill almostalways need these; the only exceptionis if you relay all your mail to anothersite. This m ailer is included automat-ically.
SMTP is the Simple M ail TransportProtocol m ailer. This does not hidehosts behind a gateway or anotherother such hack; it assumes a worldwhere everyone is running the nameserver. This file actually defines fourmailers: smtp for regular (old-style)
SMTP to other servers, esmtp for ex-tended SMTP to other servers,smtp8"to do SMTP to other servers withoutconverting 8-bit data to MIME (essen-tially, this is your statement that youknow the other end is 8-bit clean evenif it doesnt say so), and relay fortransmission to our RELAY_HOST,LUSER_RELAY or MAILER_H UB.
sendmail.cf
The final sendmail configurationfile is produced by invoking M4 withthe .mc file given above as its argu-
File: T1402.2 Issu e 89 (N ovem ber 1997) Page 16
### Defined Macros (1)
# The name of the mail hub
DRwotan.dunne.com
# The hub as it is known to the outside world
DHtiny1.demon.co.uk
# The local official domain name
Dj$w
# Our domain name
DDdunne.com
# Identity of the error message sender
DnMailer-Daemon
# Look of the Unix From line
DlFrom $g $d
# The characters that separate address components
Do.:%@!^=/[]
# Default form for the senders address
Dq
### Defined Classes (2)
# All possible names for local machine
Cw localhost donner
### Options (3)
# default delivery mode (in background)
Odbackground
# temporary file permissions-0600 for secure mail
OF0600
# default UID & GID
Ou1
Og1
# level at which to syslog errors
OL9
# Wait for SMTP replies.
Or1h
# default messages to old style
OoTrue
# Replace unquoted spaces with a dot
OB.
### Header Declarations (4)
HFrom: $q
HReceived: by $j id $i; $b
H?x?Full-Name: $?x$x$.
H?D?Date: $a
H?M?Message-Id:
### Priorities (5)
Pspecial-delivery=100
Pfirst-class=0
Plist=-30
Pbulk=-60
Pjunk=-100
### Mailer Delivery Agent Definitions (6)
# Mailer to forward all mail to the hub machine
Mhub, P=[IPC], S=10, R=0, F=xmDFMuCX, A=IPC $h
# Sendmail requires these, but we wont use them
Mlocal, P=/bin/mail, S=0, R=0, F=lsDFMShP, A=deliver $u
Mprog, P=/bin/sh, S=0, R=0, F=lsDFMeu, A=sh -c $u
### The Rules Sets (7)
S0 select delivery agent
R@$+ $#error $: Missing user name
R$+ $#hub $@$R $:$1 forward to hub
S3 preprocessing for all rule sets
R$*$* $n handle error addresses
R$*$* $2$4 de-nest brackets
R$*$* $2 basic RFC822 parsing
S10 rewrite the sender for the hub
R$- $@$1@$H user -> user@hub
R$-@$w $@$1@$H user@local -> user@hub
R$-@$=w $@$1@$H user@othernames -> user@hub
R$-@$=w.$D $@$1@$H user@domain -> user@hub
S1 dummy ruleset 1 (unused)
Figure 1 - A sample sendmail.cf file.
PC N etwork Advisor
Tutorial:Hardware
-
8/14/2019 How to Setup a Linux Mail Hub
3/5
ment. The command looks like this:
m4 m4/ cf.m4 config.mc > config.cf
wher e config.mc is the macr o fileweve developed above, and config.cfthe output - the sendmail configura-t io n file - w h ich w ill e nd u p a s/ etc/ send mail.cf.
A Sendmail Inst allat ion
Having completed the configura-tion, log in as r oot and type makeinstall to install the new sendmail -having remembered to back up yourold program in case anything shouldbe out of order. The following are thefiles installed by send ma il.
/usr/sbin/sendmail
This is the actual s endmail pr o-gram. There may be a symbolic link insendmails historic location, / usr/ lib,pointing here, but / usr/ sbin/ is nowthe actual location.
/etc/sendmail.cfThis is the configur ation file that w e
generated.
/usr/bin/newaliases
Th is is a sym bolic link to / usr/ sbin/ sendmail. When invokedby this name,sendmailwillrebuild thealiases database.
/var/spool/mqueue
This is the post office, where in-go-ing and outgoing mail is kept awaitingdelivery. It should have mode 700, toprev ent inquisitive users from peeking
at other usersm ail.
/etc/aliases
This is the systemw ide aliases file.
/usr/lib/sendmail.hf
This is the help file for send mail.
/etc/sendmail.st
This optional file can be u sed bysendm ail to record statistics.
/usr/bin/mailq
Th is is a sym bolic link to / usr/ sbin/ sendmail. When invoked
under this name, sendmail prints thecontents of the m ail queue.
Starting Sendmail
You will most likely want to havethe sendmail daemon started everytime the machine boots up. This isdone by add ing a line to the appropri-ate rc file in / etc/ rc.d. The exact con-figuration of / etc/ rc.d varies betweenLinux distributions (I suppose if youare conservative, you may just have asimp le BSD-style set-up, with only / etc/ rc an d / etc/ rc.local), so I can t
give exact instructions that are guar an-teed to be a pp licable. The easiest thingis probably to pu t it in / etc/ rc.d/ rc.lo-cal. The line shou ld look like this:
if [ -x /usr/sbin/sendmail ]
echo sendmail
/usr/sbin/sendmail -bd -q1h
fi
This checks to see if the file is there,then tells the system console what itsd o in g , a n d st ar ts u p se nd m a il indaemon mode (-bd),and sets it to proc-ess the mail queue every hour (-q1h).
The Mai l Q ueue
Them ail queue livesin / var/ spool- / mqueue (unless you have changedthe default, which you really shouldnot). All mail messages are held as twofile s h er e, o n e file b ein g n a m eddfXXXnnnnn, the other qfXXXnnnnn,where XXX is a three-letter sequence,nnnnn a five-number sequence, bothbeing used simply to give every mes-sage a unique identifier. The qf file isthe queue control file, containing theemail mess age header and variousprocessing information; the df file isthe data file, and contains the body ofthe email message. There are otherfiles, but they are transient and usu allyof interest only to sendmail.
Logging
Sendmail uses the syslog(8) facility.Usually, this is set up to log all send-mail messages to / var/ log/ maillog,which by default will record all mailthat passes through sendm ail.
Security
Sendm ailh as a reputation as a secu-rity nightmare, but this is largely un-
deserved, p articularly w ith version 8,wh ich solved a lot of the problems thatprevious versions did have. Much ofsendm ails security is dow n to th e sys-tem adminis tr ator. Some s pecificpoints to watch for are:
q Make sure the aliases file isnt wri-table except by trusted system per-sonnel. This includ es both the textand database version.
q Make sure tha t other files that send-
mail reads, such as the mailertable,are only writable by trusted systempersonnel.
q The queue directory should not beworld writable.
Clients
Providing email service to othermachines in the network can be donein two ways. The first is to use SMTPto act as a mail hub that s ends andreceives Internet (and optionally local)mail on behalf of the other machines.Secondly, a POP service can be set up,
where local users use client softwareon their comp uters to collect their mailvia the POP3 protocol, and send mailvia SMTP to the server.
/etc/aliases
Users on the local network m ust beidentifiable by the sendmail processrunn ing on the server m achine. In thecase of POP mailboxes, this is done bycreating a n ormal user account. In thecase of Linux clients collecting mailthrough sendmail themselves, this isdone by adding the appropriate alias
to / etc/ aliases. For example, on mylocal network, any mail arriving at mymail server (tiny1.demon.co.uk) forbob is s ent on to bob@donner .-du nne.com on m y Internet network bythe following line in / etc/ aliases:
bob: bob@don ner.du nne.com
The simp lest way to make sure thatmail comes back to the r ight place is toset the Reply-To head er in allou tgoingmail to point to the account on th e mailhub, not the originating machine. Thiscan be done in the options settings of
your POP3 mailer, or w ill be han dledfor you by sendmail on a Linux client.
Issu e 89 (N ovem ber 1997) Page 17 File: T1402.3PC N etwork Advisor
Linux Mail Hub
Tutorial:Hardware
-
8/14/2019 How to Setup a Linux Mail Hub
4/5
The Sendmail.cf File
Now, lets examine the sendmail.cffile itself - its listed in Figure 1.This filecan be kept quite simple when its onlytask is to relay all mail to another m a-chine for further processing. Here is aminimal sendmail.cf file for installingon Linux boxes that talk to the mailhub. There isnt the space for a fullrun -dow n on th e syntax of the file. Forthe full gen, consult the irreplaceable
book Sendmail, published by OReilly& Associates.Sendmail commands are usually
one letter in length, and must be at thebeginning of a line. Generally, there isno space between a command and itsarguments.
The first part, Macros, shows vari-ables (macros in sendmail p arlance)being defined by use of the D, DefineMacro, command. All the macros de-fined here are explained by commentson the line before them - a wise practisewhich should not be confined to exam-ple files.
The second section, Classes, is for aspecial type ofvariable,a class,that canhold multiple values. The commandhere is C. The class we are defining is
W, which holds a list ofa lternative hostnames for the machine (that is, otherthan the FQDN).
The third section sp ecifies sendm ailoptions. These can be given on thecommand line, but as there are rathera lot, it makes more sense to have themin the file.
The four th par t s pecifies whatheaders must be in every mail mes-sage. These are the h eaders that send-m a il w ill a d d if t h e M UA h a s n o t
already done so.The fifth section is a set of prioritysettings.Sendm ailw ill by default proc-ess the mail in its queue in order ofdecreasing priority, beginning withspecial-delivery. The level of prior-ity is set by the MUA with the Prece-dence: header.
The sixth section defines a set ofmailers that sendmail will use to actu-ally deliver mail. Remember, sendmailis a Mail Transport Agent - it doesntdo the delivery itself. These lines allbegin with M. Localan d prog are man-datory. The real work here is done by
the special mailer [IPC], which invokesinternal sendm ail routines rather thanan external mailer program, to send allmail to a smart host using SMTP.
The s eventh par t is the hear t of sendmail, the rule sets. These definethe re-writing of ad dresses. The basicidea here is that there are tw o sides, aright-hand side and a left-hand side,where the RHS is a pattern to matchagainst input, and th e LHS is the trans-formation to effect upon the input if amatch is made.LHSand RHSare sepa-r ated by tabs ; comments ar e in thethird colum n.
WindowsUnder Wind ows I use Eudora Lite,
which is a freeware, cut-down versionof Eudora Pro. It is a fine email clientin its own right and is available fromwww.qualcomm.com. Setting it up issimply a matter of pointing it at themail hub, then telling it the POP usern a m e a n d p a ss w or d . O n e g lit ch Ifound was that not all options ar esaved to EUDORA.INI. Specifically, Ih ad to set U seWin Sock =1 a ndUseDialup=0 by editing the ini file, aschanging these options from the menu
had no effect.
File: T1402.4 Issu e 89 (N ovem ber 1997) Page 18
The AuthorPau l Dunn e ([email protected] .-
co.uk) is a freelance w riter andUnix/ Internet consultant.
PCNA
Edit ing /etc/sendmai l.cf By Hand
So, you h ave an existing sendmail installation an d dont want to go to thebother of fussing about w ith getting the sendm ail source, figuring out M4,etc? Well, while I cant hop e to cover a ll the d etails of the sendm ail configu-ration file syntax here,I can tell you the minimum changes you need to maketo transform a generic sendmail.cf into one you can use.
Because of the complexity of this file, I will list here only th e thing s that areabsolutely essential to chan ge. I will presu me tha t there is already a su itable
sendmail.cf on the machine (provided either by the Linux d istribution, orfrom the sendmail sources).
The W macro contains any other n ames that this host is known by, besidesthe FQDN. For example:
Cwlocalhost wotan.dunne.com
TheS macrocan contain the name ofa smart relay host, to which allnon-localmail is forwarded without further ado. Some sites can deliver mail to thelocal network, but cannot look up hosts on the Internet w ith DNS. Usuallysuch sites are connected to the outside world w ith UUCP. To ensure deliveryof all mail, such sites need to forward all non-local mail over th e UUCP linkto a smart (or well-connected) host.
These are allth e chan ges you absolutely have to mak e. The other pa rameters
change how sendmail behaves, but should w ork on your site w ithoutmodification.
PC N etwork Advisor
Tutorial:Hardware
-
8/14/2019 How to Setup a Linux Mail Hub
5/5
Recent Reviews from Tech Support Alert
Reviews of the Best Windows Backup SoftwareIn this detailed comparative review, we checked out eighteen backup softwareutilities designed for home or SOHO use. Many of the products reviewedwere disappointing. However 6 products passed our tests with flying colorsand 2 of these were so impressive, they were awarded our Editors Choice.
Suppliers of Cheap Inkjet Printer Cartridges Reviewed and RatedWith hundreds of companies all claiming to have the cheapest and best inkjetprinter cartridges, our editors decided to put their claims to the test. Notunexpectedly, many suppliers flunked but we did manage to come up with anumber of web sites that sell good quality inkjet printer cartridges at heavily
discounted prices.
The Best Anti Trojan SoftwareOur editors took a close look at the 6 leading anti-trojan/trojan removersoftware utilities. Unfortunately, they found only 2 products that were effectivein their ability to detect and remove dangerous modern polymorphic andprocess injecting trojans.
The 46 Best Ever Freeware UtilitiesThis is our Editor, Ian Gizmo Richards, personal selection of the bestfreeware utilities. Hes hunted down some real gems, many of which perform
better than expensive commercial products.
Tech Support Alerthttp://www.techsupportalert.com
http://www.techsupportalert.com/http://www.backup-software-reviews.com/http://www.inkjet-printer-cartridges.org/http://www.cheap-inkjet-cartridges.com/http://www.cheap-inkjet-cartridges.com/http://www.anti-trojan-software-reviews.com/http://www.techsupportalert.com/http://www.techsupportalert.com/http://www.techsupportalert.com/http://www.techsupportalert.com/http://www.anti-trojan-software-reviews.com/http://www.cheap-inkjet-cartridges.com/http://www.cheap-inkjet-cartridges.com/http://www.inkjet-printer-cartridges.org/http://www.backup-software-reviews.com/http://www.techsupportalert.com/