book

sendmail Cookbook

by Craig Hunt

December 2003

Intermediate to advanced

408 pages

11h 58m

English

O'Reilly Media, Inc.

Read now

Unlock full access

IntroductionUsing This CookbookAudienceOrganizationSoftware VersionsConventionsWe’d Like to Hear from YouAcknowledgments
Introduction1.1. Downloading the Latest Release1.2. Installing sendmail1.3. Compiling sendmail to Use LDAP1.4. Adding the regex Map Type to sendmail1.5. Compiling sendmail with SASL Support1.6. Compiling sendmail with STARTTLS Support1.7. Compiling in STARTTLS File Paths1.8. Building a sendmail Configuration1.9. Testing a New Configuration1.10. Logging sendmail
Introduction2.1. Accepting Mail for Other Hosts2.2. Fixing the Alias0 Missing Map Error and Creating Simple Aliases2.3. Reading Aliases via LDAP2.4. Configuring Red Hat 7.3 to Read Aliases from a NIS Server2.5. Configuring Solaris 8 to Read Aliases from a NIS Server2.6. Forwarding to an External Address2.7. Creating Mailing Lists2.8. Migrating Ex-Users to New Addresses2.9. Delivering Mail to a Program2.10. Using Program Names in Mailing Lists2.11. Allowing Nonlogin Users to Forward to Programs2.12. Fixing a .forward Loop2.13. Enabling the User Database
Introduction3.1. Passing All Mail to a Relay3.2. Passing Outbound Mail to a Relay3.3. Passing Local Mail to a Mail Hub3.4. Passing Apparently Local Mail to a Relay3.5. Passing UUCP Mail to a Relay3.6. Relaying Mail for All Hosts in a Domain3.7. Relaying Mail for Individual Hosts3.8. Configuring Relaying on a Mail Exchanger3.9. Loading Class $=R via LDAP3.10. Relaying Only Outbound Mail
Introduction4.1. Adding Domains to All Sender Addresses4.2. Masquerading the Sender Hostname4.3. Eliminating Masquerading for the Local Mailer4.4. Forcing Masquerading of Local Mail4.5. Masquerading Recipient Addresses4.6. Masquerading at the Relay Host4.7. Limiting Masquerading4.8. Masquerading All Hosts in a Domain4.9. Masquerading Most of the Hosts in a Domain4.10. Masquerading the Envelope Address4.11. Rewriting the From Address with the genericstable4.12. Rewriting Sender Addresses for an Entire Domain4.13. Masquerading with LDAP4.14. Reading the genericstable via LDAP
Introduction5.1. Routing Mail to Special Purpose Mailers5.2. Sending Error Messages from the mailertable5.3. Disabling MX Processing to Avoid Loops5.4. Routing Mail for Local Delivery5.5. Reading the mailertable via LDAP5.6. Routing Mail for Individual Virtual Hosts5.7. Routing Mail for Entire Virtual Domains5.8. Reading the virtusertable via LDAP5.9. Routing Mail with LDAP5.10. Using LDAP Routing with Masquerading
Introduction6.1. Blocking Spam with the access Database6.2. Preventing Local Users from Replying to Spammers6.3. Reading the access Database via LDAP6.4. Using a DNS Blackhole List Service6.5. Building Your Own DNS Blackhole List6.6. Whitelisting Blacklisted Sites6.7. Filtering Local Mail with procmail6.8. Filtering Outbound Mail with procmail6.9. Invoking Special Header Processing6.10. Using Regular Expressions in sendmail6.11. Identifying Local Problem Users6.12. Using MILTER6.13. Bypassing Spam Checks6.14. Enabling Spam Checks on a Per-User Basis
Introduction7.1. Offering AUTH Authentication7.2. Authenticating with AUTH7.3. Storing AUTH Credentials in the authinfo File7.4. Limiting Advertised Authentication Mechanisms7.5. Using AUTH to Permit Relaying7.6. Controlling the AUTH= Parameter7.7. Avoiding Double Encryption7.8. Requiring Authentication7.9. Selectively Requiring Authentication
Introduction8.1. Building a Private Certificate Authority8.2. Creating a Certificate Request8.3. Signing a Certificate Request8.4. Configuring sendmail for STARTTLS8.5. Relaying Based on the CA8.6. Relaying Based on the Certificate Subject8.7. Requiring Outbound Encryption8.8. Requiring Inbound Encryption8.9. Requiring a Verified Certificate8.10. Requiring TLS for a Recipient8.11. Refusing STARTTLS Service8.12. Selectively Advertising STARTTLS8.13. Requesting Client Certificates

Introduction9.1. Creating Multiple Queues9.2. Using qf, df, and xf Subdirectories9.3. Defining Queue Groups9.4. Assigning Recipients to Specific Queues9.5. Using Persistent Queue Runners9.6. Using a Queue Server9.7. Setting Protocol Timers
Introduction10.1. Limiting the Number of sendmail Servers10.2. Limiting the Number of Network Accessible Servers10.3. Updating to Close Security Holes10.4. Patching to Close Security Holes10.5. Disabling Delivery to Programs10.6. Controlling Delivery to Programs10.7. Disabling Delivery to Files10.8. Bypassing User .forward Files10.9. Controlling Delivery to Files10.10. Running sendmail Non-Set-User-ID root10.11. Setting a Safe Default User ID10.12. Defining Trusted Users10.13. Identifying the sendmail Administrator10.14. Limiting the SMTP Command Set10.15. Requiring a Valid HELO10.16. Restricting Command-Line Options10.17. Denying DoS Attacks

Content preview from sendmail Cookbook

Chapter 1. Getting Started

Introduction

To follow a recipe successfully, you must clearly understand the instructions it contains. You must understand the difference between folding and stirring and be able to find the spices when the recipe calls for a pinch of cumin. Just as you must be able to find your way around the kitchen to become a cook, you must know your way around the sendmail distribution in order to build or customize a sendmail configuration.

The directory structure—created by the sendmail source code distribution tarball— contains the tools and ingredients used to build and configure sendmail. The top-level directory created by the tarball is assigned a name that identifies the sendmail version number. At the time of this writing, the current version is sendmail 8.12.9; therefore, the top-level directory is named sendmail-8.12.9. By the time you read this, there will be a newer version of sendmail, and the directory name will reflect that new version number. An ls of the top-level directory shows the following:^[1]

$ ls sendmail-8.12.9
Build     doc      INSTALL    libsmdb     mailstats  praliases      sendmail
cf        editmap  KNOWNBUGS  libsmutil   Makefile   README         smrsh
contrib   FAQ      libmilter  LICENSE     makemap    RELEASE_NOTES  test
devtools  include  libsm      mail.local  PGPKEYS    rmail          vacation

Most of these files and directories are used to compile sendmail. The Build script uses the Makefile to compile sendmail and its utilities. The devtools directory is used to set compiler options, as discussed in ...