You are previewing sendmail Cookbook.
O'Reilly logo
sendmail Cookbook

Book Description

More often than not, the words "sendmail configuration" strike dread in the hearts of sendmail and system administrators--and not without reason. sendmail configuration languages are as complex as any other programming languages, but used much more infrequently--only when sendmail is installed or configured. The average system administrator doesn't get enough practice to truly master this inscrutable technology. Fortunately, there's help. The sendmail Cookbook provides step-by-step solutions for the administrator who needs to solve configuration problems fast. Say you need to configure sendmail to relay mail for your clients without creating an open relay that will be abused by spammers. A recipe in the Cookbook shows you how to do just that. No more wading through pages of dense documentation and tutorials and creating your own custom solution--just go directly to the recipe that addresses your specific problem. Each recipe in the sendmail Cookbook outlines a configuration problem, presents the configuration code that solves that problem, and then explains the code in detail. The discussion of the code is critical because it provides the insight you need to tweak the code for your own circumstances. The sendmail Cookbook begins with an overview of the configuration languages, offering a quick how-to for downloading and compiling the sendmail distribution. Next, you'll find a baseline configuration recipe upon which many of the subsequent configurations, or recipes, in the book are based. Recipes in the following chapters stand on their own and offer solutions for properly configuring important sendmail functions such as:

  • Delivering and forwarding mail

  • Relaying

  • Masquerading

  • Routing mail

  • Controlling spam

  • Strong authentication

  • Securing the mail transport

  • Managing the queue

  • Securing sendmail

  • sendmail Cookbook is more than just a new approach to discussing sendmail configuration. The book also provides lots of new material that doesn't get much coverage elsewhere--STARTTLS and AUTH are given entire chapters, and LDAP is covered in recipes throughout the book. But most of all, this book is about saving time--something that most system administrators have in short supply. Pick up the sendmail Cookbook and say good-bye to sendmail dread.

    Table of Contents

    1. sendmail Cookbook
      1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
      2. Preface
        1. Introduction
        2. Using This Cookbook
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. Audience
        4. Organization
        5. Software Versions
        6. Conventions
        7. We'd Like to Hear from You
        8. Acknowledgments
      3. 1. Getting Started
        1. Introduction
          1. The cf directory structure
            1. The cf/m4 directory
            2. The cf subdirectory
        2. 1.1. Downloading the Latest Release
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 1.2. Installing sendmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 1.3. Compiling sendmail to Use LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 1.4. Adding the regex Map Type to sendmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 1.5. Compiling sendmail with SASL Support
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 1.6. Compiling sendmail with STARTTLS Support
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 1.7. Compiling in STARTTLS File Paths
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 1.8. Building a sendmail Configuration
          1. Problem
          2. Solution
          3. Discussion
            1. The linux.m4 file
            2. The generic.m4 file
            3. Building and installing sendmail.cf
          4. See Also
        10. 1.9. Testing a New Configuration
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 1.10. Logging sendmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      4. 2. Delivery and Forwarding
        1. Introduction
        2. 2.1. Accepting Mail for Other Hosts
          1. Problem
          2. Solution
          3. Discussion
            1. Using the use_cw_file feature
            2. Using sendmail.cf directly
            3. Using the bestmx_is_local feature
          4. See Also
        3. 2.2. Fixing the Alias0 Missing Map Error and Creating Simple Aliases
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 2.3. Reading Aliases via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 2.4. Configuring Red Hat 7.3 to Read Aliases from a NIS Server
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        6. 2.5. Configuring Solaris 8 to Read Aliases from a NIS Server
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 2.6. Forwarding to an External Address
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 2.7. Creating Mailing Lists
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 2.8. Migrating Ex-Users to New Addresses
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        10. 2.9. Delivering Mail to a Program
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 2.10. Using Program Names in Mailing Lists
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        12. 2.11. Allowing Nonlogin Users to Forward to Programs
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        13. 2.12. Fixing a .forward Loop
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        14. 2.13. Enabling the User Database
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      5. 3. Relaying
        1. Introduction
        2. 3.1. Passing All Mail to a Relay
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 3.2. Passing Outbound Mail to a Relay
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 3.3. Passing Local Mail to a Mail Hub
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        5. 3.4. Passing Apparently Local Mail to a Relay
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 3.5. Passing UUCP Mail to a Relay
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 3.6. Relaying Mail for All Hosts in a Domain
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        8. 3.7. Relaying Mail for Individual Hosts
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 3.8. Configuring Relaying on a Mail Exchanger
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        10. 3.9. Loading Class $=R via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 3.10. Relaying Only Outbound Mail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      6. 4. Masquerading
        1. Introduction
        2. 4.1. Adding Domains to All Sender Addresses
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 4.2. Masquerading the Sender Hostname
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 4.3. Eliminating Masquerading for the Local Mailer
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 4.4. Forcing Masquerading of Local Mail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 4.5. Masquerading Recipient Addresses
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 4.6. Masquerading at the Relay Host
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        8. 4.7. Limiting Masquerading
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 4.8. Masquerading All Hosts in a Domain
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        10. 4.9. Masquerading Most of the Hosts in a Domain
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        11. 4.10. Masquerading the Envelope Address
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        12. 4.11. Rewriting the From Address with the genericstable
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        13. 4.12. Rewriting Sender Addresses for an Entire Domain
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        14. 4.13. Masquerading with LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        15. 4.14. Reading the genericstable via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      7. 5. Routing Mail
        1. Introduction
          1. The mailertable
          2. The virtusertable
          3. LDAP Routing
        2. 5.1. Routing Mail to Special Purpose Mailers
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        3. 5.2. Sending Error Messages from the mailertable
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 5.3. Disabling MX Processing to Avoid Loops
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 5.4. Routing Mail for Local Delivery
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        6. 5.5. Reading the mailertable via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 5.6. Routing Mail for Individual Virtual Hosts
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        8. 5.7. Routing Mail for Entire Virtual Domains
          1. Problem
          2. Solution
          3. Discussion
            1. Potential conflicts and solutions
            2. The catchall solution
          4. See Also
        9. 5.8. Reading the virtusertable via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        10. 5.9. Routing Mail with LDAP
          1. Problem
          2. Solution
            1. Instructions for the LDAP administrator
            2. Instructions for the sendmail administrator
          3. Discussion
            1. LDAP configuration
            2. sendmail configuration
            3. Testing the results
            4. The ldap_routing feature
          4. See Also
        11. 5.10. Using LDAP Routing with Masquerading
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      8. 6. Controlling Spam
        1. Introduction
          1. The access database
            1. Blackhole lists with dnsbl and enhdnsbl
            2. MILTER
            3. Filtering with procmail
            4. Custom rulesets
        2. 6.1. Blocking Spam with the access Database
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 6.2. Preventing Local Users from Replying to Spammers
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        4. 6.3. Reading the access Database via LDAP
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 6.4. Using a DNS Blackhole List Service
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 6.5. Building Your Own DNS Blackhole List
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 6.6. Whitelisting Blacklisted Sites
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 6.7. Filtering Local Mail with procmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 6.8. Filtering Outbound Mail with procmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        10. 6.9. Invoking Special Header Processing
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 6.10. Using Regular Expressions in sendmail
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        12. 6.11. Identifying Local Problem Users
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        13. 6.12. Using MILTER
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        14. 6.13. Bypassing Spam Checks
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        15. 6.14. Enabling Spam Checks on a Per-User Basis
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      9. 7. Authenticating with AUTH
        1. Introduction
          1. The AUTH Protocol
          2. Cyrus SASL
            1. The SASL Sendmail.conf file
          3. Passing Flags to SASL
          4. Authentication Macros and Rulesets
        2. 7.1. Offering AUTH Authentication
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 7.2. Authenticating with AUTH
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 7.3. Storing AUTH Credentials in the authinfo File
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 7.4. Limiting Advertised Authentication Mechanisms
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 7.5. Using AUTH to Permit Relaying
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 7.6. Controlling the AUTH= Parameter
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 7.7. Avoiding Double Encryption
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 7.8. Requiring Authentication
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        10. 7.9. Selectively Requiring Authentication
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      10. 8. Securing the Mail Transport
        1. Introduction
          1. Transport Layer Security
            1. The certificate
            2. Using the access database with TLS
          2. OpenSSL
        2. 8.1. Building a Private Certificate Authority
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 8.2. Creating a Certificate Request
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 8.3. Signing a Certificate Request
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 8.4. Configuring sendmail for STARTTLS
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 8.5. Relaying Based on the CA
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 8.6. Relaying Based on the Certificate Subject
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 8.7. Requiring Outbound Encryption
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 8.8. Requiring Inbound Encryption
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        10. 8.9. Requiring a Verified Certificate
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 8.10. Requiring TLS for a Recipient
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        12. 8.11. Refusing STARTTLS Service
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        13. 8.12. Selectively Advertising STARTTLS
          1. Problem
          2. Solution
          3. Discussion
            1. Alternatives
          4. See Also
        14. 8.13. Requesting Client Certificates
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      11. 9. Managing the Queue
        1. Introduction
        2. 9.1. Creating Multiple Queues
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 9.2. Using qf, df, and xf Subdirectories
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 9.3. Defining Queue Groups
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 9.4. Assigning Recipients to Specific Queues
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 9.5. Using Persistent Queue Runners
          1. Problem
          2. Solution
          3. Discussion
            1. Emergency queue clearance
          4. See Also
        7. 9.6. Using a Queue Server
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 9.7. Setting Protocol Timers
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      12. 10. Securing sendmail
        1. Introduction
        2. 10.1. Limiting the Number of sendmail Servers
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        3. 10.2. Limiting the Number of Network Accessible Servers
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        4. 10.3. Updating to Close Security Holes
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        5. 10.4. Patching to Close Security Holes
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        6. 10.5. Disabling Delivery to Programs
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        7. 10.6. Controlling Delivery to Programs
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        8. 10.7. Disabling Delivery to Files
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        9. 10.8. Bypassing User .forward Files
          1. Problem
          2. Solution
          3. Discussion
            1. Overriding the local_procmail feature
          4. See Also
        10. 10.9. Controlling Delivery to Files
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        11. 10.10. Running sendmail Non-Set-User-ID root
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        12. 10.11. Setting a Safe Default User ID
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        13. 10.12. Defining Trusted Users
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        14. 10.13. Identifying the sendmail Administrator
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        15. 10.14. Limiting the SMTP Command Set
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        16. 10.15. Requiring a Valid HELO
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        17. 10.16. Restricting Command-Line Options
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
        18. 10.17. Denying DoS Attacks
          1. Problem
          2. Solution
          3. Discussion
          4. See Also
      13. About the Author
      14. Colophon
      15. SPECIAL OFFER: Upgrade this ebook with O’Reilly