sendmail Cookbook by Craig Hunt

sendmail is the most powerful and widely used Unix email software in the world today. Millions of Unix systems are currently running sendmail. Yet this common tool is a source of confusion for many system administrators, most of whom dread sendmail configuration. This dread has a very rational basis: complexity and lack of familiarity. sendmail configuration languages are as complex as any other programming languages, and, unlike many other languages, sendmail configuration languages are used infrequently. sendmail is configured when it is installed or upgraded; otherwise, an administrator has little interaction with the sendmail configuration. The average system administrator simply does not get enough practice to truly master the sendmail configuration languages.

For me, and a great many other techies, cooking a decent meal also falls into the category of something that I do not often practice. On my own, a Coke and a Snickers constitutes dinner, while beer and pretzels is a party. When it is my turn to cook for others, particularly to cook an elaborate meal, I need help. I don’t have time to learn how to cook on my own; I need someone to tell me exactly how it is done. Luckily, cookbooks are created for exactly this situation.

A cookbook provides recipes for a wide variety of situations. The recipes are step-by-step solutions to specific problems. In the kitchen, the problems are how to properly prepare specific dishes. On a sendmail server, the problems are how to configure the system to handle specific situations; for example, how to configure sendmail to relay mail for your clients without creating an open relay that will be abused by spammers.

As the name sendmail Cookbook implies, this is a cookbook full of recipes for proper sendmail configuration. A sendmail recipe outlines a configuration problem, presents the configuration code that solves that problem, and then explains the code in detail. The discussions of the code are critical because they provide the insight you need to tweak the code enough to make it right for your server.

The key feature of this book is that it saves you time. Time is something that most system administrators have in very short supply. When you have a specific sendmail configuration problem, looking up a step-by-step solution is much quicker than researching the problem and developing your own custom solution. This book provides quick solutions for many common sendmail configuration problems.

The sendmail Cookbook uses the same Problem/Solution/Discussion format used in all O’Reilly cookbooks. As an example of this format, the following section, which explains how this book should be used, is laid out using the recipe format.

The sendmail Cookbook is intended for everyone who configures the sendmail software running on a Unix computer. This obviously includes the sendmail administrator who runs the mail server and the system administrators who are responsible for running Unix computers, but it also includes any user who maintains the sendmail configuration on a desktop Unix system. The Unix workstation on your desk probably involves you in system administration tasks. If those tasks include sendmail configuration, this book is for you.

We assume that you have a good understanding of computers and their operation, and that you’re generally familiar with sendmail configuration. If you’re completely new to Unix, this book is not for you. Likewise, if you are an expert in sendmail administration, this book might not be suitable. If you fall anywhere between these two extremes, however, you’ll find this book has a lot to offer.

A cookbook will help you cook a decent meal, but a cookbook will not turn you into a four-star chef. Likewise, this book provides effective solutions to common sendmail configuration problems, but it won’t make you a sendmail guru. Complete mastery of a subject as complex as sendmail requires more than recommended solutions to common problems. The full range of sendmail information takes a reference and a tutorial in addition to a cookbook. The best and most complete sendmail reference is sendmail by Bryan Costales with Eric Allman (O’Reilly). Not surprisingly, my favorite sendmail tutorial is Linux Sendmail Administration, by Craig Hunt (Sybex). If your job requires you to become a sendmail guru, you probably need all three of these books.

sendmail configuration is a means to an end. sendmail is configured in order to perform specific functions effectively. This book focuses on the proper configurations for those functions. sendmail configuration language elements are secondary. The configuration code is explained in sufficient detail for you to fully understand it, so that you can tune the code as necessary for your system. But the goal is to provide useable solutions for common problems. This goal dictates a book that is organized around sendmail’s functions

The first chapter defines the basic framework upon which all of the other chapters are built. It provides recipes for downloading and installing the sendmail distribution, for recompiling sendmail to support a variety of features, for building the sendmail configuration, and for testing a new configuration. Starting with Chapter 2 and running through Chapter 10, sample solutions for properly configuring important sendmail functions are given. An overview of the functions and commands used in each chapter are provided by the chapter’s Introduction.

The recipes in Chapter 2 through Chapter 10 standalone. An administrator can jump directly to an individual solution and come away with enough information to solve a specific problem. Most of these solutions address only one problem. Your configuration will probably need to address multiple problems. You can jump around in this book selecting just those items you need. For example, your server might need to accept mail for several clients, and it might need to hide the hostnames of those clients on outbound mail. Such a configuration would need recipes from Chapter 2 and Chapter 4. Select just those things that suit your needs.

A quick synopsis of the chapters in this book follows:

Chapter 1, describes the files and directories used to build a sendmail configuration. It provides how-to recipes for downloading, installing, and compiling sendmail and for building and testing a sendmail configuration.

Chapter 2, focuses on mail delivery. The sendmail configuration controls what mail is accepted for delivery. Accepting the correct mail is essential for creating a server, particularly one that acts as a mail exchanger. Additionally, only mail that is accepted for delivery can be aliased or forwarded. Properly configured aliasing supports clients and creates mailing lists.

Chapter 3, focuses on mail relaying. When mail is not accepted for delivery by the local server, sendmail must decide if it should be relayed to another server for delivery. Properly configuring relaying is essential to creating a fully functional server, and it is a primary ingredient in controlling spam. A mistake in relay configuration can get your server blacklisted!

Chapter 4, describes why and how the true identity of the end system in a mail exchange is hidden. Masquerading hides the source address of outgoing mail. Both basic masquerading and the genericstable database are covered. Configurations that hide both the host portion and the user portion of the source address are given.

Chapter 5, describes how the administrator controls mail routing through the use of sendmail databases. The mailertable is used to route mail to a specific mailer for special processing. The mailertable provides access to the wide variety of mailers provided by sendmail. Virtual mail domains allow a single mail server to process mail for many different domains. Using the virtusertable database to handle virtual mail domains is covered. The ldap_routing feature, which reads intranet mail routing information from an LDAP server, is also covered.

Chapter 6, describes how to configure sendmail to reduce the problem of unsolicited commercial email. The chapter discusses how the access database is used to control spam; how sendmail is configured to use procmail for personal, local, and outbound mail filtering; how blackhole listing services are used; and how to build your own DNS blackhole list. Custom header processing and sendmail.cf regular expressions are also covered.

Chapter 7, provides solutions for configuring sendmail to act as an SMTP AUTH server or client. Sample sendmail configurations are provided, as are the necessary SASL configuration files. How the access database is used with AUTH authentication is also covered.

Chapter 8, covers STARTTLS, the sendmail feature used to encrypt the mail transport. The sendmail configuration of STARTTLS is given along with the required configuration of the SSL tools used by sendmail. Creating a private sendmail CA, client and server certificates, and signing certificates are all covered. Recipes that control when encryption is used are provided, as are examples of using STARTTLS with the access database.

Chapter 9, covers sendmail configurations that are particularly useful for systems with large mail queues. Creating multiple queues, defining queue groups, and using queue groups with the access database are all covered.

Chapter 10, provides recipes that can increase sendmail security. By default, sendmail has tight security settings. Some configurations loosen sendmail security to increase flexibility. The recipes in this chapter take the opposite approach. These recipes are for those willing to sacrifice flexibility for additional security.

Most of the examples in this book are taken from Red Hat Linux 7.3 and 8.0, and from Solaris 8. However, the versions of Unix used to create the examples makes very little difference. There are small variations in command output or command-line options, but these variations should not present a problem. sendmail software works the same way from system to system.

Much more important differences are introduced by the version of sendmail. sendmail is constantly evolving. The examples in this book are based on sendmail 8.12, specifically 8.12.9 and 8.12.10. We do not know if the recipes will work exactly as shown on other versions of sendmail, but they should work with minimal adjustments.

This book uses the following typographical conventions:

We have tested and verified all of the information in this book to the best of our ability, but you may find that features have changed (or even that we have made mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing:

There is a web page for this book, which lists errata, examples, or any additional information. You can access this page at:

To comment or ask technical questions about this book, send email to:

For more information about books, conferences, Resource Centers, and the O’Reilly Network, see the O’Reilly web site at:

To find out what else Craig is doing, visit his web site: http://www.wrotethebook.com.

No book is the product of one person. This one certainly is not! I have many people to thank for their help in producing the book.

The idea for this book came originally from Tim O’Reilly. Mike Loukides explained the idea of the book to me, and I knew I wanted to write it. Tim and Mike deserve thanks for getting the ball rolling.

Two editors have supported me through the long and difficult process of producing this book. Jim Sumser worked with me during the first phase of writing and Simon St.Laurent brought me through to the finish line. Both of these guys have been a great help.

I particularly want to thank my technical reviewers, Greg Shapiro, Claus Assmann, and Nick Christenson. You could not ask for a better technical team. Look at the list of authors for the Sendmail Installation and Operations Guide and you’ll see Greg and Claus listed there. You’ll also see Greg’s name on most of the sample configurations provided with the sendmail distribution—no one knows more about sendmail configuration than Greg. As for Nick, he is the author of the book sendmail Performance Tuning (Addison Wesley) that Eric Allman simply calls “great.” These guys know sendmail and they took the time to meticulously review every page of this book. Their help and insight were invaluable. This is a much better book because of their involvement.

I also want to thank the crew at O’Reilly. Thanks to Marlowe Shaeffer, production editor and proofreader, for getting this book through; Derek Di Matteo for copyediting; Ellie Volckhausen for her work on the cover; and Tom Dinse for the indexing.

Finally, I want to thank my family for having the patience to put up with me when I have no patience left.