| Goals for this chapter: | rpm packages covered in this chapter:
|
"sendmail" is the "standard" program to handle electronic mailing (e-mail), between servers developed by Eric Allman in 1981.
It is one of the most importants components in the Web Server configuration and setup.
In Linux, sendmail is one of the startup services, present in the dir: "/etc/rc.d/init.d".
We can restart for test. If there are some problems, you may find an output similar to the following:
[root@www /root]# /etc/rc.d/init.d/sendmail restart
Shutting down sendmail:
[ OK ]
Starting sendmail: 554 /etc/sendmail.cf: line 96: unknown configuration
line "futuretg.COM"
[FAILED]
[root@www /root]# vi /etc/sendmail.cf
[root@www /root]# /etc/rc.d/init.d/sendmail restart
Shutting down sendmail:
[FAILED]
Starting sendmail:
[ OK ]
[root@www /root]#
The sendmail reads and use different files. For example
[root@www named]# more /etc/sysconfig/sendmail
DAEMON=yes
QUEUE=1h
[root@www named]#
Sendmail daemon starts
[root@ftosx1 /root]# ps ax | grep sendmail
746 ? S
0:00 sendmail: accepting connections on port 25
2019 pts/4 S
0:00 grep sendmail
[root@ftosx1 /root]#
You can also activate the or re-start the server if necessary.
[root@www /root]# /etc/rc.d/init.d/sendmail restart
In the next section we will test and feedback with send mail service.
The sendmail configuration is very easy.
In RedHat 7.1 there are one file: "/etc/sendmail.cf"
You need to update the information about the local server.
[root@www /root]# vi +89 /etc/sendmail.cf
Cwlocalhost
# file containing names of hosts for which we receive email
Fw/etc/mail/local-host-names
# my official domain name
# ... define this only if sendmail cannot automatically determine
your domain
#Dj$w.Foo.COM
Djfuturetg.COM
We update in red the change for "mail.futuretg.com".
Note that we does not includes the "$w".
It is very important to said here that if we setup the hostname as: futuretg.com, then we don't need to touch the file.
Instead if we setup the server as www.futuretg.com, we need to update the file as we cover before.
If you use the "$w", your email when send will be: "gorlando@www.futuretg.com".
If you remove the "$w", your email will be: "gorlando@futuretg.com", more normal.
Of course you need to have configured the mail.futuretg.com, like a virtual IP address.
For example we fix the address: 213.82.126.11, equivalent to the alias eth0:7.
Remember also that to change the Cw
Must be:
Cfuturetg.com
Not
Cwfuturetg.com
We includes an updated version of sendmail.cf to solve problems.
This information will be present in the file:
[root@www named]# more named.futuretg
@
IN SOA dns.futuretg.com.
hostmaster.www.futuretg.com. (
2001050901 ; serial
86400 ; refresh
7200 ; retry
2592000 ; expire
432000 ; default_ttl
)
IN NS www.futuretg.com.
IN NS dns.futuretg.com.
IN MX 10 mail.futuretg.com.
www.futuretg.com. IN
A 213.82.126.2
dns.futuretg.com. IN
A 213.82.126.10
mail.futuretg.com. IN
A 213.82.126.11
ftp.futuretg.com. IN
A 213.82.126.15
that regards the "MX" record, for the mail.
With this record, the dns (using the named service) transmit and inform others mail servers that futuretg.com is here.
Therefore, when foo@company.com send an email to info@futuretg.com, the dns will recognize where is "@futuretg.com", like a mail server.
The sendmail.cf file includes a file, that generally is called: "sedmail.cw".
[root@ftosx1 /root]# more /etc/sendmail.cw
# sendmail.cw - include all aliases for your machine here.
futuretg.com
[root@ftosx1 /root]#
In RedHat 7.1, they change the file for "/etc/mail/local-host-names".
You can modify the sendmail.cf entry and update it to
Another file to modify is "/etc/mail/access"
Be aware on "O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA"
This line must be "commented" on "sendmail.cf" RedHat 7.1
#O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
sendmail works uses the TCP/IP protocol. Once that the IP address is running and in accord with phone company specifics, broadcast, etc.
For example, suppose that you use sendmail to send an email to yourself:
[root@ftosx1 /root]# sendmail -v root < .bashrc
root... Connecting to local...
root... Sent
You have mail in /var/spool/mail/root
[root@ftosx1 /root]#
You can check with the mail program.
[root@ftosx1 /root]# mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root@ftosx1.futuretg Fri May 11 16:28
37/1068
&
The local sendmail open a dialogue with the remote sendmail ... once the remote sendmail is ready he receive the message including the relative attachments and receive your email.
All these "conversation" between the sendmail daemons respect the SMTP (Simple Mail Transfer Protocol). The transport uses with the TCP/IP protocol.
Specifics for this info is available in the RFC821, RFC822, RFC819, RFC976, RFC1123, RFC1521, RFC1522, RFC1651, RFC1652, RFC1653, RFC1891, RFC1892, RFC1893, RFC1894
For example suppose that we want to send an email manually to a client: a.mancinelli@progetti.it, then we can run:
sendmail a.mancinelli@progetti.it < mymail.txt
a.mancinelli@progetti.it... Connecting to mailer.opennet.it.
via esmtp...
220 mailer.opennet.it ESMTP Sendmail 8.10.2/8.10.2; Fri, 22
Jun 2001 12:51:11 +0200
>>> EHLO futuretg.COM
250-mailer.opennet.it Hello [213.82.126.2], pleased to meet
you
250-ENHANCEDSTATUSCODES
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
>>> MAIL From:<futuretechclub@futuretg.COM> SIZE=2323
250 2.1.0 <futuretechclub@futuretg.COM>... Sender ok
>>> RCPT To:<a.mancinelli@progetti.it>
250 2.1.5 <a.mancinelli@progetti.it>... Recipient ok
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 f5MApBg31866 Message accepted for delivery
a.mancinelli@progetti.it... Sent (f5MApBg31866 Message accepted
for delivery)
Closing connection to mailer.opennet.it.
>>> QUIT
221 2.0.0 mailer.opennet.it closing connection
[futuretechclub@www FutureTechClub]$
What is a mailing list? A mailing list is a mode to send e-mails to a group of customers. These customers declare its interest to be subscribed in the list.
Some years ago different discussion about SPAM and anti-SPAM policy became popular on the Web. SPAM is the illegal mode to send thousand of e-mails to people without request their consense.
There are different modes to setup a Mailing List. Again, different years ago the Majordomo was the standard mode to setup this type of services. However, today thanks to the GNU help, is available a simple an innovative program.
The GNU program to setup a mailing-list is called: mailman or The GNU Mailing List Management System. This program is very simple to use and is the updated version that substitute majordomo.
Here we show a normal "Welcome" mailing list.
RedHat 7.2 and FTOSX 2001, includes this version.
When the mailman package has finished installing, you will need to run the following commands:
regenerating sendmail.cf), and
KDE and other important OpenSource groups uses this method.
MailMan was written in Python and uses the alias concept. In other terms, Mailman, extended (as the classical Majordomo) the alias sendmail.
What is a mail alias ?
In UNIX® (i.e. Sun OS 3.X and 4.X serie), was available the possibility to organize mail address internal to the company or external in the Web, using the .mailrc file.
For example, suppose that your group is composed by four people:
mary
john
peter
tony
Of course, because your group is internal to the company you don't need to add the domain (like: futuretg.com).
This feature is still valid and is used locally.
For example a valid .mailrc is the following:
[root@ftosx1 root]# more .mailrc
alias myteam john mary peter tony
[root@ftosx1 root]#
Now, we can send a single e-mail that will reach all users.
[root@ftosx1 root]# mail myteam
Subject: Hi Everybody ...
Hi,
I am happy to inform
that the WebMaster Training course
is now completed.
Please inform any
relative source inside the company
about that.
Thanks,
Giovanni
.
Cc:
[root@ftosx1 root]#
We can check tony user ...
[root@ftosx1 root]# su - tony
[tony@ftosx1 tony]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/tony": 1 message 1 new
>N 1 root@ftosx1.futuretg Wed Nov 7 11:18
24/639 "Hi Everybody ..."
&
Message 1:
From root Wed Nov 7 11:18:31 2001
Date: Wed, 7 Nov 2001 11:18:30 +0100
From: root <root@ftosx1.futuretg.com>
To: john@ftosx1.futuretg.com, mary@ftosx1.futuretg.com,
peter@ftosx1.futuretg.com, tony@ftosx1.futuretg.com
Subject: Hi Everybody ...
Hi,
I am happy to inform
that the WebMaster Training course
is now completed.
Please inform any
relative source inside the company
about that.
Thanks,
Giovanni
&
and we can also check the rest:
[root@ftosx1 mail]# ls -al
total 13
drwxrwxr-x 2 root
mail 141 Nov
7 11:18 .
drwxr-xr-x 19 root root
392 Oct 23 15:22 ..
-rw-rw---- 1 john
john 639 Nov
7 11:18 john
-rw-rw---- 1 mary
mary 639 Nov
7 11:18 mary
-rw-rw---- 1 nfsnobod nfsnobod
0 Oct 23 14:43 nfsnobody
-rw-rw---- 1 peter peter
639 Nov 7 11:18 peter
-rw-rw---- 1 tony
tony
0 Nov 7 11:21 tony
[root@ftosx1 mail]#
As we explain before mailrc is used locally for the team. Also, each user haves its own .mailrc and the sense and use is local.
However, Linux and UNIX offers the aliases, valid globally inside the system.
The file that resume all the aliases is present in the directory: "/etc/". So we have: "/etc/aliases".
We can simply add a line:
allteam: john,peter,mary,tony
Inside this file.
If fundamental to run the program: newaliases to inform the sendmail about the new aliases.
[root@ftosx1 mail]# newaliases
Then we can
[root@ftosx1 mail]# mail allteam
Subject: FTOSX released ...
Hi everyone,
Our FTOSX is now available.
Download your copy
at no cost, or request the
manuals with the
box.
Regardsm
Giovanni.
.
Cc:
[root@ftosx1 mail]#
Note that in the last two mail commands ("mail myteam" and "mail allteam"), we don't get errors and the mail was sent correctly. If you run "mail team1" we will get errors.
A Mailing list is an extension to the sendmail offering subscription
to the Web customers.
In Internet times, the sendmail offers a simple and innovative mode to work and communicate. Generally, is also an effective mode to open business.
However, there are hundred of free services that may be protected or closed to prevent serious problems.
For example the first thing to update or protect is the simple mail server name. Is simple and immediate use: "mail.futuretg.com", but is also simple that foreign people or strange organizations try also this 'obvious' name.
Therefore, if we choose a more complex, will protect your services.
Therefore, may be usefull to use a complex name like: "mail8191.futuretg.com", or "mail90901.futuretg.com", "mail48236423847623847623.futuretg.com", etc.
We will use here: "mail8191.futuretg.com". Sendmail does not play attention to names therefore is possible to configure and use more complex names.
if you update the names you need to apply some changes to the DNS files:
[root@www named]# more 80.204.186
@
IN SOA www.futuretg.com.
hostmaster.www.futuretg.com. (
2002022601 ; serial
8600 ; refresh
7200 ; retry
2592000 ; expire
432000 ; default_ttl
)
@
IN NS www.futuretg.com.
1
IN PTR www.futuretg.com.
1
IN PTR dns.futuretg.com.
2
IN PTR mail8191.futuretg.com.
3
IN PTR ftp.futuretg.com.
[root@www named]#
and ...
[root@www named]# more named.futuretg
@
IN SOA dns.futuretg.com.
hostmaster.www.futuretg.com. (
2002031001 ; serial
86400 ; refresh
7200 ; retry
2592000 ; expire
432000 ; default_ttl
)
IN NS www.futuretg.com.
IN NS it.futuretg.com.
IN NS dns.futuretg.com.
IN MX 10 mail8191.futuretg.com.
www.futuretg.com.
IN A
80.204.186.98
it.futuretg.com.
IN A
80.204.186.105
dns.futuretg.com.
IN A
80.204.186.107
mail8191.futuretg.com.
IN A
80.204.186.108
ftp.futuretg.com.
IN A
80.204.186.109
[root@www named]#
and any other file that uses MX records. Check the DNS training.
Also the access file for must be included in the relay servers.
[root@www mail]# more access
# Check the /usr/doc/sendmail-8.9.3/README.cf file for a description
# of the format of this file. (search for access_db in that
file)
# The /usr/doc/sendmail-8.9.3/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain
RELAY
localhost
RELAY
www.futuretg.com
RELAY
mail.futuretg.com
RELAY
mail8191.futuretg.com
RELAY
futuretg.com
RELAY
192.168
RELAY
80.204.126.107
RELAY
[root@www mail]#
After this changes you need to re-launch the DNS and SENDMAIL services. Therefore may be necessary to re-load the services:
[root@www mail]# /etc/rc.d/init.d/sendmail restart
and
[root@www mail]# /etc/rc.d/init.d/named restart
Now, that the mail server name haves a non simple name, you will prevent some problems. The first change after this will be to avoid that foreign users uses VRFY and EXPN on your sendmail port.
To scan mail user, un-authorized people run the following command:
telnet mail8191.futuretg.com 25 (Now will be more complex because they will not know, the mail server name)
However if they found, they may run the commands: EXPN and VRFY (see above).
Disabiling this possibilty, your security become more strong.
You need to uncomment the following line including the words: "novrfy" and "noexpn":
# privacy flags
O PrivacyOptions=authwarnings,novrfy,noexpn,restrictqrun
Now, we will explain how to disable e-mails from un-authorized people.
The normal mode is to includes the remote un-requested email in the "/etc/access". Please remember that any change you must run "make".
For example, suppose that someone wants to use your mail server to by-pass your security as you was send an email for the president company. You can includes the following email inside the list
president@futuretg.com REJECT
The REJECT will print a message and reject the entry.
The security log for this try will look like the following:
g2OHRFw19716: ruleset=check_rcpt, arg1=<president@futuretg.com>, relay=ftosx1.futuretg.com [192.168.1.93], reject=550 5.2.1 <president@futuretg.com>... Mailbox disabled for this recipient
The same is valid for any XXX email or other similar.
unrequested.zzzmail.com REJECT
Is also possible to filter an entire domain like: "yesandnomail.com" but accept a specific entry.
yesandnomail.com
REJECT
notorious@yesandnomail.com
OK
president@futuretg.com
DISCARD
You can also reject and send a particular message
elementaryhackers.com
"550 We don't support people like you. Stay away!"
Check the Internet resources for better answers.
These rules are basic for normal security. Is fundamental for a "normal" job.
Read the answers
to the exercises.
Check the Interactive Exam Cram WebMaster: 
Internet Resources for this Chapter.