中華技術學院中華技術學院LinuxLinux 課程課程

Chap Four : MailChap Four : Mail王俊城王俊城RHCE/RHCXRHCE/RHCX

AgendaAgenda Sendmail featuresSendmail features Email overviewEmail overview Basic Sendmail configurationBasic Sendmail configuration Using the m4 macro languageUsing the m4 macro language Debugging SendmailDebugging Sendmail

Sendmail Features Sendmail Features Allows many different types of email Allows many different types of email

addresses to be routed addresses to be routed

Supports virtual domains and users Supports virtual domains and users

Allows masquerading of users and Allows masquerading of users and machines machines

Provides automatic retry for failed Provides automatic retry for failed delivery and other error conditionsdelivery and other error conditions

Security and "Anti-spam" Security and "Anti-spam" FeaturesFeatures

Many security features and options:Many security features and options: rejects email from unresolvable domainsrejects email from unresolvable domains full access control for users, machines, and domainfull access control for users, machines, and domain

ss default configuration allows only local connectionsdefault configuration allows only local connections no longer a setuid root programno longer a setuid root program

"Anti-spam" features"Anti-spam" features no relaying by defaultno relaying by default access databasesaccess databases Email header checksEmail header checks

An Email ReviewAn Email Review Mail user agent (MUA) passes message tMail user agent (MUA) passes message t

o mail transport agent (MTA)o mail transport agent (MTA) MTA routes message to destination, giviMTA routes message to destination, givi

ng to other intermediate MTAs as necessng to other intermediate MTAs as necessaryary

Domain MTA passes message to mail delDomain MTA passes message to mail delivery agent (MDA)ivery agent (MDA)

User receives message(POP,IMAP)User receives message(POP,IMAP)

Server OperationsServer Operations User's email agent connects to the local MTA as an unUser's email agent connects to the local MTA as an un

privileged mail submission program (MSP)privileged mail submission program (MSP) Local MTA queries DNS for destination’s MXLocal MTA queries DNS for destination’s MX Local MTA opens a TCP/IP connection to port 25 of the Local MTA opens a TCP/IP connection to port 25 of the

target MXtarget MX Both email servers negotiate a SMTP (Simple Mail TraBoth email servers negotiate a SMTP (Simple Mail Tra

nsport Protocol) connectionnsport Protocol) connection Target MX allows or rejects email delivery or relaying Target MX allows or rejects email delivery or relaying

based upon its own rulesetsbased upon its own rulesets telnet localhost 25telnet localhost 25

Service Profile: SendmailService Profile: Sendmail Type:Type: System V-manager serviceSystem V-manager service Packages:Packages: sendmail{,-cf,-doc}sendmail{,-cf,-doc} Daemons:Daemons: sendmailsendmail Script:Script: sendmailsendmail Ports:Ports: 25 (smtp)25 (smtp) Configs:Configs: /etc/mail/sendmail.cf/etc/mail/sendmail.cf

/etc/aliases/etc/aliases/etc/mail//etc/mail/

Log:Log: /var/log/maillog/var/log/maillog

Main Configuration FilesMain Configuration Files

/etc/mail/sendmail.cf is the main config/etc/mail/sendmail.cf is the main configuration file for Sendmail:uration file for Sendmail:Contains domain alias directives, header reContains domain alias directives, header re

writing directives, relaying rules, etc.writing directives, relaying rules, etc.Edit this file with care and comprehensionEdit this file with care and comprehension/etc/mail/sendmail.mc/etc/mail/sendmail.mcm4 sendmail.mc > sendmail.cfm4 sendmail.mc > sendmail.cf

Other Configuration FilesOther Configuration Files

/etc/aliases defines local user aliases/etc/aliases defines local user aliasesneeds to be hashed to aliases.db with the nneeds to be hashed to aliases.db with the n

ewaliases commandewaliases commandservice sendmail restartservice sendmail restart

/etc/mail/ contains access control, virtu/etc/mail/ contains access control, virtual user database, and configuration soural user database, and configuration source filesce fileslocal-host-nameslocal-host-nameshostnamehostname

Sendmail Configuration with the Sendmail Configuration with the m4 Macro Languagem4 Macro Language

m4 is a macro language that can help com4 is a macro language that can help configure the sendmail.cf filenfigure the sendmail.cf file

Red Hat’s default Sendmail configuratiRed Hat’s default Sendmail configuration is generated from the m4 specificatioon is generated from the m4 specification in /etc/mail/sendmail.mcn in /etc/mail/sendmail.mc

Red Hat recommends configuring SendRed Hat recommends configuring Sendmail with m4 using sendmail.mc as a stamail with m4 using sendmail.mc as a starting pointrting point

Sendmail Client ConfigurationSendmail Client Configuration

Often, clients do not accept incoming mail theOften, clients do not accept incoming mail themselvesmselves

A central mail server accepts all incoming mail A central mail server accepts all incoming mail and relays all outgoing mailand relays all outgoing mail MAIL_HUB, SMART_HOST definesMAIL_HUB, SMART_HOST defines Central mail server must allow relaying from the cliCentral mail server must allow relaying from the cli

ent and have local-host-names set upent and have local-host-names set up Useful for client to “masquerade” as the serUseful for client to “masquerade” as the ser

ver in From: addressesver in From: addresses MASQUERADE_AS(`example.com')MASQUERADE_AS(`example.com')

/etc/mail/virtusertable/etc/mail/virtusertable

Allows multiple virtual domains and useAllows multiple virtual domains and users to be mapped to other addresses:rs to be mapped to other addresses:admin@123.com admin@123.com shoppershopperadmin@xyz.org admin@xyz.org jdjjdjpageme@he.net pageme@he.net lmiwtc@pg.comlmiwtc@pg.com@cba.com @cba.com cba@aol.comcba@aol.com@dom1.org @dom1.org %1@dom2.org%1@dom2.org

/etc/mail/access/etc/mail/access

Used to accept or deny incoming email:Used to accept or deny incoming email:90trialspammer@aol.com 90trialspammer@aol.com REJECTREJECTspamRus.net spamRus.net REJECTREJECT204.168.23 204.168.23 REJECTREJECT10.3 10.3 OKOKvirtualdomain1.com virtualdomain1.com RELAYRELAYnobody@ nobody@ ERROR:550 bad nameERROR:550 bad name

Debugging SendmailDebugging Sendmail /etc/mail/local-host-names/etc/mail/local-host-names

must contain server’s name and aliasesmust contain server’s name and aliases

mail -v usermail -v userview SMTP exchange with local relayview SMTP exchange with local relay

mailq and mailq –Acmailq and mailq –Acview messages queued for future deliveryview messages queued for future delivery

tail -f /var/log/maillogtail -f /var/log/maillogView log in real-timeView log in real-time

T h an k Y ou !