|
In this example, we show the configuration for the well
known MTA (Message Transfer Agent) sendmail
on RedHat Linux 7.0.
DNS Configuration on DNS-Server
The relay host, the mailbox host and all hosts in DMZ must
be inserted in the DNS for the domain ARKUM.CH. Besides this, it's very important to
insert the Firewall (NAT Address) in the DNS, or Sendmail will complain about relay
problems. As a rule of thumb, all Hosts or IP-Adresses which will use the Relay-Host
must be inserted in Sendmail's DNS or you may encounter relaying problems. The
configuration files for DNS can be found in /var/named for RedHat Linux.
;---------------------------------------------------------
; arkum-ch.zone -- Name-to-Address Mapping
;---------------------------------------------------------
;
; Start Of Authority marker, indicates that this server is
; the master for the following addresses.
;
@ IN SOA rabbit.arkum.ch. postmaster.arkum.ch. (
2000091001 ; Serial (YYYYMMDDnn)
10800 ; Refresh after 3
hours
3600 ; Retry after
1 hour
604800 ; Expire after one
week
86400 ; Minimum Time to
Live of 1 day
)
;
; --------------------------------------------
; Descriptions of Name Servers for this domain
; --------------------------------------------
;
IN NS
rabbit.arkum.ch.
IN NS
opal.arkum.ch.
;
; Descriptions of Primary and Secondary Mail Servers
; (This tells sendmail where to send mail that is addressed to
; someone@arkum.ch, namely too rabbit.arkum.ch first, then
; to the secondary mail handler opal.arkum.ch)
;
IN MX
10 ux-mail1.arkum.ch.
;
; --------------------------------------------
; Arkum's Hosts
; --------------------------------------------
;
localhost IN A 127.0.0.1
;
rabbit IN A
193.247.121.196
IN MX
10 ux-mail1.arkum.ch.
dns IN CNAME
rabbit.arkum.ch.
IN
TXT "DNS Server"
;
ux-mail1 IN A
193.247.121.205
smtp IN CNAME
ux-mail1.arkum.ch.
mail IN CNAME
ux-mail1.arkum.ch.
IN
TXT "Mail Relay Host"
;
paragon IN A
192.168.138.20
IN MX
10 paragon.arkum.ch.
IN
TXT "Mailbox Server"
Please note, that the MX record for the mailbox host paragon
points to itself.
DNS Configuration on Relay Host
The sendmail MTA on the relay host needs access to the DNS
Server. This must be setup in the file /etc/resolv.conf
search arkum.com arkum.ch
nameserver 193.247.121.196
Firewall Configuration
Port 25 (SMTP) must be opened between the Relay Host on the
DMZ and the Mailbox Host in the HSZ. Ask your firewall administrator to accomplish this
task.
Enable Relaying for all hosts in ARKUM.CH
Relaying (transmission of messages from a site outside
your domain to another site outside your domain) is denied by default. Note that this
changed in sendmail 8.9; previous versions allowed relaying by default. Relaying is a
feature (not a bug) to prevent E-Mail spamming. You have to configure relaying or you will
get the error message: 550 Requested action not taken: relaying denied.
Using /etc/mail/relay-domains
You need to add the fully-qualified host name and/or IP
address of each client to class R, the set of relay-allowed domains. For version for 8.9.X,
it is typically /etc/mail/relay-domains Note: if
your DNS is problematic, you should list the IP address (e.g., 1.2.3.4); in general,
however, this should not be necessary. Here is the content of the file relay-domains:
akadia.com
akadia.ch
arkum.ch
Using /etc/mail/access
An "access'' database can be created to accept or reject
mail from selected domains. For example, you may choose to reject all mail originating from
known spammers. To enable such a database, use the file /etc/mail/access. Remember,
since /etc/mail/access is a database, after creating the text file as described below, you
must use makemap to create the database map.
For example:
makemap hash /etc/mail/access <
/etc/mail/access
The table itself uses e-mail addresses, domain names, and
network numbers as keys.
For example:
spammer@aol.com REJECT
cyberspammer.com REJECT
192.168.212 REJECT
would refuse mail from spammer@aol.com, any user from
cyberspammer.com
(or any host within the cyberspammer.com domain), and any host on the
192.168.212.* network.
The value part of the map can contain:
| OK |
Accept mail even if other rules in the running ruleset would reject
it, for example, if the domain name is unresolvable |
| RELAY |
Accept mail addressed to the indicated domain or received from the
indicated domain for relaying
through your SMTP server. RELAY also serves as an implicit OK for the other
checks |
| REJECT |
Reject the sender or recipient with a general purpose message |
| DISCARD |
Discard the message completely using the $#discard mailer. This only
works for sender addresses (i.e., it indicates that you should discard anything
received from the indicated domain). |
| Error Text |
Any text where ### is an RFC 821 compliant error code and "any text"
is a message to return for the command. |
For example:
cyberspammer.com
550 We don't accept mail from spammers
okay.cyberspammer.com OK
sendmail.org OK
128.32
RELAY
Would accept mail from okay.cyberspammer.com, but would
reject mail from all other hosts at cyberspammer.com with the indicated message.It would
allow accept mail from any hosts in the sendmail.org domain, and allow relaying for the
128.32.*.* network.
We use the following entries in /etc/mail/access, so all
hosts within the domain ARKUM.CH or within the HSZ 192.168.138.x can use the Relay Host
without "550 Requested action not taken: relaying denied."
localhost RELAY
127.0.0.1 RELAY
arkum.com RELAY
arkum.ch RELAY
192.168.138 RELAY
Compile the entries with:
makemap hash /etc/mail/access <
/etc/mail/access
More information can be found in the README.cf file of
sendmail.
How to deliver local mails if DNS- and Mail-Server is the
same machine ?
If your DNS-Server and E-Mail Relay Host is the same machine
you may encounter the following error message:
554 MX list for akadia.ch points
back to rabbit.akadia.ch
554 <root@akadia.ch> ... Local configuration error
The Mail Exchanger (MX Records) in the DNS configuration is
just an ordered list of destinations that tells mailers where to send messages if they want
to reach a given domain. The preference value tells them how desirable it is to use that
destination. That's the basic idea behind MX records and mail exchangers, but there are a
few more wrinkles you should know about. Here is the output of a typical MX entry in the
DNS configuration for ARKUM.CH
What happens if a mailer finds itself at the highest
preference, and has to discard the whole MX list as shown below ?
IN MX 10 rabbit.arkum.ch.
IN MX 20 opal.arkum.ch.
Some mailers attempt delivery directly to the destination
host's IP address, as a last-ditch effort. In most mailers however , it's an error. It may
indicate that DNS thinks the mailer should be processing (not just forwarding) mail for the
destination, but the mailer hasn't been configured to know that. Or it may indicate that
the administrator has ordered the MX records incorrectly by using the wrong preference
values. Then it will bounce the mail with the familiar error
Many versions of sendmail use class w or file class w as the
list of local destinations. The sendmail configuration on RedHat Linux offers the file
/etc/sendmail.cw. Enter the local domains in this file and the local delivery
together with MX records will work.
arkum.ch
arkum.com
Note again, that this task must not be done, if the DNS
Server and Mail Server are two different machines.
Enable local Mail Forwarding from the DMZ to the HSZ
Local Mail must be forwarded from the Relay Host on the DMZ
to the Mailbox Host on the HSZ. Sendmail offers this feature using the Macros DR and DM in
/etc/sendmail.cf. Enter the Mailbox Host for both Macros, besides this the domain
name ARKUM.CH must be masqueraded with the macro DM.
Here are the necessary entries in /etc/sendmail.cf
# Who I send unqualified names to (null means deliver
locally)
DRparagon.arkum.ch
# Who gets all local email traffic
# ($R has precedence for unqualified names)
DHparagon.arkum.ch
# Class M: domains that should be converted to $M
CMarkum.com
# Who I masquerade as (null for no masquerading) (see also $=M)
DMarkum.ch
Test the Configuration
/etc/rc.d/init.d/sendmail stop
/etc/rc.d/init.d/sendmail start
Create a testfile to_internet for internet delivery with the following content:
To: martin.zahn@plenaxx.ch
From: martin.zahn@arkum.ch
Subject: Ein Test
Dies ist ein Header Test
(empty line)
Test the internet delivery
cat to_internet | /usr/lib/sendmail -bm -t -v
martin.zahn@plenaxx.ch. Connecting to nt-mail1.plenaxx.ch. esmtp...
220 nt-portal2.plenaxx.ch ESMTP Service (Lotus Domino Release 5.0.2c
(Intl)) ready at Sat, 4 Nov 2000 10:25:28 +0100
>>> EHLO rabbit.akadia.com
250-nt-portal2.plenaxx.ch Hello rabbit.akadia.com ([193.247.121.196]), pleased to
meet you
250-HELP
250-SIZE
250 PIPELINING
>>> MAIL From:<root@rabbit.akadia.com> SIZE=100
250 root@rabbit.akadia.com... Sender OK
>>> RCPT To:<martin.zahn@plenaxx.ch>
250 martin.zahn@plenaxx.ch... Recipient OK
>>> DATA
354 Enter message, end with "." on a line by itself
>>> .
250 Message accepted for delivery
martin.zahn@plenaxx.ch... Sent (Message accepted for delivery)
Closing connection to nt-mail1.plenaxx.ch.
>>> QUIT
221 nt-portal2.plenaxx.ch SMTP Service closing transmission channel
If you get an output similar to the above, your internet
delivery is working perfectly !
Create a testfile to_arkum
for local delivery with the following content:
To: martin.zahn@arkum.ch
From: root@plenaxx.ch
Subject: Ein Test
Dies ist ein Header Test
(empty line)
Test the local delivery
cat to_internet | /usr/lib/sendmail -bm -t -v
martin.zahn@arkum.ch... Connecting to paragon.arkum.ch. via relay...
220 SMTP service ready
>>> EHLO ux-mail1.arkum.ch
250-Requested mail action okay, completed
250-8BITMIME
250-SIZE
250-ETRN
250 HELP
>>> MAIL From:<root@ux-mail1.arkum.ch> SIZE=93
250 Requested mail action okay, completed
>>> RCPT To:<martin.zahn@paragon.arkum.ch>
250 Requested mail action okay, completed
>>> DATA
354 Start mail input; end with <CRLF>.<CRLF>
>>> .
250 Requested mail action okay, completed
martin.zahn@arkum.ch... Sent (Requested mail action okay, completed)
Closing connection to paragon.arkum.ch.
>>> QUIT
221 SMTP server closing transmission channel
If you get an output similar to the above, your local
delivery is working perfectly !
Debug the Configuration
If you encounter troubles with the sendmail configuration,
here are some tests to find out what happens.
$ /usr/lib/sendmail -d0.12 -bt < /dev/null
Version 8.9.3
Compiled with: LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETUNIX NEWDB NIS QUEUE SCANF SMTP USERDB
OS Defines: HASFLOCK HASGETDTABLESIZE HASINITGROUPS HASLSTAT
HASSETREUID HASSETRLIMIT HASSETSID HASSETVBUF HASSNPRINTF
HASUNAME HASUNSETENV HASWAITPID IDENTPROTO USE_SIGLONGJMP
Def Conf file: /etc/sendmail.cf
Pid file: /var/run/sendmail.pid
canonical name: ux-mail1.arkum.ch
a.k.a.: ux-mail1
UUCP nodename: ux-mail1.arkum.ch
a.k.a.: ux-mail1.arkum.ch
a.k.a.: [193.247.121.205]
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = ux-mail1
(canonical domain name) $j = ux-mail1.arkum.ch
(subdomain name) $m = arkum.ch
(node name) $k = ux-mail1.arkum.ch
========================================================
$ /usr/lib/sendmail -d35.9 -bt
define(* as $*)
define(+ as $+)
define(- as $-)
define(= as $=)
define(~ as $~)
define(# as $#)
define(@ as $@)
define(: as $:)
define(> as $>)
define(? as $?)
define(| as $|)
define(. as $.)
define([ as $[)
define(] as $])
define(( as $()
define() as $))
define(& as $&)
define(0 as $0)
define(1 as $1)
define(2 as $2)
define(3 as $3)
define(4 as $4)
define(5 as $5)
define(6 as $6)
define(7 as $7)
define(8 as $8)
define(9 as $9)
define(n as MAILER-DAEMON)
define(v as 8.9.3)
define(w as ux-mail1.arkum.ch)
define(j as ux-mail1.arkum.ch)
define(m as arkum.ch)
define(k as ux-mail1.arkum.ch)
define(b as Sat, 4 Nov 2000 13:44:49 +0100)
define(opMode as t)
redefine(w as ux-mail1)
define(S as )
define(R as paragon.arkum.ch)
define(H as paragon.arkum.ch)
define(M as arkum.ch)
redefine(n as MAILER-DAEMON)
define(Z as 8.9.3)
define(deliveryMode as b)
define(_ as root@localhost)
redefine(deliveryMode as i)
$ /usr/lib/sendmail -bp
Mail Queue (2 requests)
--Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient------------
RAA01002 27 Fri Nov 3 17:13 root
(martin.zahn@plenaxx.ch... reply: read error from nt-mail1.pl)
martin.zahn@plenaxx.ch
RAA01088 27 Fri Nov 3 17:18 root
(Deferred: Connection reset by nt-mail1.plenaxx.ch.)
martin.zahn@plenaxx.ch
$ /usr/lib/sendmail -bt
> /mx arkum.ch
getmxrr(arkum.ch) returns 1 value(s):
ux-mail1.arkum.ch.
> /mx plenaxx.ch
getmxrr(plenaxx.ch) returns 1 value(s):
nt-mail1.plenaxx.ch.
> /mx glue.ch
getmxrr(glue.ch) returns 2 value(s):
ns.glue.ch.
chsun.eunet.ch.
If you have still troubles consult our sendmail guide or visit http://www.sendmail.org
|
How
to setup an E-Mail Relay Host with Sendmail ?