Main Page    Distributions     Web Browsers     Computer_Books     Mail Servers        - sendmail     Office Software   About flips' hideout: These pages are mainly dedicated to UNIX and Linux software and books. You'll find text explaining how things work, how to set up or configure software and you'll find my opinions and reviews.

Some of this content might still be relevant, so the page is kept for now, but parts of the content is way outdated. (I hope nobody still uses Sendmail version 8.8 ...). Don't expect any updates here. Sendmail Do you wonder what sendmail is? Well, it's a MTA, mail transfer agent. If you have never heard about it, you probably don't need to read this document. :-) sendmail main functions: resolving an address into a triple: mailer, host, user rewriting sender and receiver addresses if nescessary controlling the headers on outgoing mail delivering and receiving mail (routing via smtp, uucp or local file/program) The main config file is named sendmail.cf and lives in: /etc/, /etc/mail or maybe /usr/lib sendmail.cf contains: Comments (blank lines and lines starting with '#' are ignored) Definitions of variables (one letter names like $m or longer ones like ${something}) Rewriting rulesets (designated S0, S2 and so on) Miscellaneous other lines that parameterize sendmail Mail definitions (designated Mmail_name) sendmail processes three addresses for mail to a single recipient: Destination address --> into mailer, host and user joe@aol.com --> (esmtp, aol.com, joe) Sender address --> Rewritten sender address pms --> pms@cs.berkeley.EDU or pms --> berkeley!pms Recipient address --> Rewritten recipient address ace!ralph --> ralph@ace.uucp How sendmail executes First, I'll start with the summary of the Rule Evaluation Order: Address resolution: 3,0 Sender: 3,1,mailer-specific,4 Recipient: 3,2,mailer-specific,4 The mailer-specific rules are specified as S= and R= in the M mailer definition lines (Note that most configurations today evaluates sender and recipient twice: First evaluating the envelope, then the headers. To show this, the drawing beneath should actually have split R= into Re= and Rh=, and S= into Se= and Sh=. But I chose to keep the illustration as simple as possible.) Here's a little drawing of the sequence: +---+ +-->| 0 |--> Delivery agent | +---+ | (indicates mailer) | V | +---+ +----+ | +-->| 2 |-->| R= |--+ | | +---+ +----+ | +---+ | | | +---+ -->| 3 |=+-+ +-->| 4 | returns +---+ | | +---+ | +---+ +----+ | +-->| 1 |-->| S= |--+ +---+ +----+ Sendmail does not execute its configuration file from top to bottom. It goes more like this: It determines the triple of (mailer, host, user) It applies ruleset 3 to recipient's address It applies ruleset 0 to the result Note: ruleset 0 must 'resolve' to the triple This is a bit like a program which creates an envelope for the message It reformats the sender's mail address in the header (may be a no-op): It applies ruleset 3 to sender's address It applies ruleset 1 to the result It applies the rule specified as 'S=' in the mailer resolved above (if the 'S=' field is present) (e.g., uucp rewriting) It applies ruleset 4 to the result Result of these rules is the final sender address in the headers It reformats the recipient's mail address in the header (may be a no-op): It applies ruleset 3 to the recipient's address It applies ruleset 2 to the result It applies the rule specified as 'R=' in the mailer resolved earlier (if specified) It applies ruleset 4 to the result Result of these rules is final recipient address in the headers Testing the rulesets Starting sendmail in address test mode: sendmail -bt Here is an example of how rulesets 3 and 0 determines mailer type and splits the address to user<@domain>: # /usr/lib/sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > 3,0 someone@washington.edu rewrite: ruleset 3 input: someone @ washington . edu rewrite: ruleset 96 input: someone < @ washington . edu > rewrite: ruleset 96 returns: someone < @ washington . edu > rewrite: ruleset 3 returns: someone < @ washington . edu > rewrite: ruleset 0 input: someone < @ washington . edu > rewrite: ruleset 199 input: someone < @ washington . edu > rewrite: ruleset 199 returns: someone < @ washington . edu > rewrite: ruleset 98 input: someone < @ washington . edu > rewrite: ruleset 98 returns: someone < @ washington . edu > rewrite: ruleset 198 input: someone < @ washington . edu > rewrite: ruleset 95 input: < > someone < @ washington . edu > rewrite: ruleset 95 returns: someone < @ washington . edu > rewrite: ruleset 198 returns: $# esmtp $@ washington . edu $: someone < @ washington . edu > rewrite: ruleset 0 returns: $# esmtp $@ washington . edu $: someone < @ washin gton . edu > What I did here, was running the address someone@washington.edu through ruleset 3 and 0. From the listing you can see all the ruleset the address was actually parsed through. (To end the address test mode, press ctrl+d.) The test I did above is one of the most common I use. I use this test to check what mailer sendmail would use to deliver mail to the address I'm testing. In this case we read that sendmail would use the esmtp mailer. If my domain is different from washington.edu, that would be correct. If my sendmail server server was supposed to be a server for the washington.edu domain, sendmail should have returned something more like this:   rewrite: ruleset 0 returns: $# local $: someone If sendmail does not recognize mail to local users and determines smtp or esmtp to be the mailer, you probably need to add your domain to the file sendmail.cw or directly into the w class in the sendmail.cf file by adding a line like this:   Cw domain.net (You may want to take a look at this entry in the sendmail FAQ: "How can I solve "MX list for hostname points back to hostname" and "config error: mail loops back to myself" messages?") The sendmail.cf file So what do we define in the sendmail.cf file? The answer is whatever you want. :-) In other words, sendmail.cf may contain a whole lot of things, but I stick to explaining some of them. Some thing in our sendmail.cf we'll want to configure, other things we'll leave alone: Most of the rules mentioned previously are non-dynamic Lower-case variables have meanings fixed by sendmail (You'll find a table of these in the sendmail documentation or f.ex. the sendmail books from O'Reilly.) For upper-case variables and variables with more than one letter in {}, meanings are fixed by the configuration file, not sendmail Some variables in the sendmail.cf file I'll just take a look at the most commonly changed variables: We've already taken a look at Cw domain.net. This variable/class defines what sendmail should recognize as it's own domain name -- which means local delivery. This variable is often read into the w class using Fw -o /etc/mail/sendmail.cw in sendmail.cf. In this case you may simply put your domain names in the file sendmail.cw. In your sendmail.cf file you'll most likely find something like this: Dj$m. This line defines the variable $j to be what $m is. You may also find your $j set like this: Dj$m.$w. So what is all this? To answer the question, I'll introduce a handy debugging option:   /usr/lib/sendmail -bt -d0.1 As you can see, I run sendmail in the same address test mode shown earlier in this document. Only now, I added the debugging switch 0.1: -d0.1. There's a whole lot of other debugging switches you may find handy. Look them up in the documentation or in the sendmail books from O'Reilly. When you run this command, you'll get an output like this: # /usr/lib/sendmail -bt -d0.1 < /dev/null Version 8.9.3+Sun Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETUNIX NEWDB NIS NISPLUS QUEUE SCANF SMTP USERDB XDEBUG ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = mycomp (canonical domain name) $j = mycomp.domain.net (subdomain name) $m = domain.net (node name) $k = mycomp ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > # Here you see the explanations of the $w, $j, $m and $k. So if you want your sendmail to present itself as domain.net, then Dj$m should be appropriate. If you want your machine to present itself as mycomp.domain.net then Dj$m.$w should do the trick. You may also hardcode the $j by writing something like Djsomedomain.net If your sendmail does not recognize your domain name, you probably haven't set it right on your system. In that case, or if you want sendmail to recognize itself with another domain name than the rest of the system, you may hardcode the domain name into your $m like this:   Dmsomedomain.net (The reason I added "< /dev/null" to the command line, is because I wanted to end the command at once without having to type ctrl+d.)   :-) Determining your mailers If you want to know how your mailers are defined, you might find it by entering =M at in the address test mode: # /usr/lib/sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > =M mailer 0 (prog): P=/bin/sh S=10/30 R=20/40 M=0 U=0:0 F=9DFMeloqsuv L=0 E=\n T=X-Unix/rfc822/smtp A=sh -c $u mailer 1 (*file*): P=/usr/lib/mail.local S=0/0 R=0/0 M=0 U=0:0 F=9DEFMPSlnoqsu L=0 E=\n T=DNS/RFC822/X-Unix A=mail.local -F $u mailer 2 (*include*): P=/dev/null S=0/0 R=0/0 M=0 U=0:0 F=su L=0 E=\n T=<undefined>/<undefined>/<undefined> A=INCLUDE $u mailer 3 (local): P=/bin/mail S=10/30 R=20/40 M=0 U=0:0 F=/59:@ADEFMSlnqsw| L=0 E=\n T=DNS/RFC822/X-Unix A=mail -f $g -d $u mailer 4 (smtp): P=[IPC] S=11/31 R=21/21 M=0 U=0:0 F=@DFMXijmu L=990 E=\r\n T=DNS/RFC822/SMTP A=IPC $h mailer 5 (esmtp): P=[IPC] S=11/31 R=21/21 M=0 U=0:0 F=@DFMXaijmu L=990 E=\r\n T=DNS/RFC822/SMTP A=IPC $h mailer 6 (smtp8): P=[IPC] S=11/31 R=21/21 M=0 U=0:0 F=8@DFMXijmu L=990 E=\r\n T=DNS/RFC822/SMTP A=IPC $h mailer 7 (relay): P=[IPC] S=11/31 R=61/61 M=0 U=0:0 F=8@DFMXaijmu L=2040 E=\r\n T=DNS/RFC822/SMTP A=IPC $h From this output you can read that in the stmp mailers, the sender is sent through ruleset 11 for the envelope and 31 for the headers. Recipient is sent through ruleset 21 for both envelope and headers. So if we want to test how the sender address is rewritten in the envelope here, we might type something like   >3,1,11,4 someaddress@someotherdomain.net and you see the result of processing the adress through ruleset 3, 1, 11 and 4. In older versions of sendmail, you will not get the mailer by entering =M in the address test mode. Then you will have to grep for Msmtp, Mesmtp, Mether, Mddn or maybe another name in your sendmail.cf. If you can't find the mailer using grep, you have to search manually for a line starting with M. Here's an example from a Solaris 2.4 box running sendmail 5.x: # grep Mether sendmail.cf DMether Mether, P=[TCP], F=msDFMuCX, S=11, R=21, A=TCP $h As you can see, the ether mailer her uses ruleset 11 for sender and ruleset 21 for recipient. Creating a sendmail.cf file using m4 In newer versions of sendmail, you can generate sendmail.cf from m4 macros. What I usually do, is copying the /usr/lib/mail dirctory (Solaris) to a dedicated directory. There I create a subdirectory called mc where I store my macrofiles. The macro file (f.ex. test.mc) may look like this: DIVERT(0) #'OS type for choosing makro' OSTYPE(solaris2)dnl DOMAIN(generic)dnl #Rewriting define(`SMTP_MAILER_FLAGS', `@ij') define(`ALIAS_FILE',`/etc/mail/aliases') #'do not add hostname' FEATURE(nocanonify) #'Masquerade subdomains' FEATURE(masquerade_entire_domain) #'Who are we masquerading as' MASQUERADE_AS(mydomain.net) #'Which domains do we hide, together with feature this takes all subdomains' MASQUERADE_DOMAIN(mydomain.net) MAILER(local) MAILER(smtp) LOCAL_CONFIG #My official domain name Dj$m To generate the sendmail.cf file, use command like this:   # m4 ../m4/cf.m4 mymacrofile.mc > sendmail.cf Then you will have a new sendmail.cf in your working directory. Move your original sendmail.cf to sendmail.cf.orig then copy your new sendmail.cf to your the same directory as you original one. Now, stop and start sendmail, and you should be up and running. Anti-relaying Anti-relaying in sendmail 8.9.x Just add these lines to your macro file: FEATURE(relay_entire_domain) This allows relaying for everyone within your domain. To specify domains you will accect relaying for, add the to the file /etc/mail/relay-domains. For more info about anti-relaying in sendmail 8.9, take a look at this page at sendmail.org. Anti-relaying in sendmail 8.8 (and 8.6?) Here's some lines I added to set up sendmail 8.8.8 to deny relaying. In your m4 macro file (under LOCAL_CONFIG and LOCAL_RULESETS), or directly in your sendmail.cf, add these lines: LOCAL_CONFIG F{RelayTo} /etc/mail/RelayTo F{LocalIP} /etc/mail/LocalIP LOCAL_RULESETS Scheck_rcpt # make sure you have TABs here, not BLANKs! sendmail will complain otherwise! # first: get client addr R$+ $: $(dequote "" $&{client_addr} $) $| $1 R0 $| $* $@ ok no client addr: directly invoked R$={LocalIP}$* $| $* $@ ok from here # not local, check rcpt R$* $| $* $: $>3 $2 # remove local part, maybe repeatedly R$+ $:$>remove_local $1 # still something left? R$*<@$*>$* $#error $@ 5.7.1 $: 550 we do not relay Sremove_local # remove RelayTo part (maybe repeatedly) R$*<@$*$={RelayTo}.> $>3 $1 $4 R$*<@$=w.> $: $>remove_local $>3 $1 $3 R$*<@$*> $@ $1<@$2>3 # dequote local part R$- $: $>3 $(dequote $1 $) R$*<@$*> $: $>remove_local $1<@$2>3 Here's a downloadable version of this lines. Now, in the file /etc/mail/LocalIP, list your local IP addresses (one per line). In the file /etc/mail/RelayTo, specify the domains you will accept relaying to (one per line). You may find more info about stopping relaying in sendmail 8.8 at this page at sendmail.org. Generating a sendmail.cf file on the web You may want to try out this online sendmail.cf generator at: Harker Systems. Well, that's all for now. I will probably add some more nice stuff later. If you miss anything or find errors in my hints here, you may send me a note. This page is viewable with any browser. It's tested in Opera, Netscape, W3M and Lynx. This page was last updated on Saturday, 22-Aug-2009 22:08:41 CEST. Since the 22nd of August 2009, this page has been visited 1160 times. Layout and ©opyleft PB Nettprent Filip Stokkeland,   flips © pbnett.org