Sendmail Configuration on Linux

Author: Edward Buck

Version: .2
Last edited: December 26, 2002

Summary

This guide will help you setup a mail server on Linux for SMTP functionality using Sendmail. If
you need to setup a POP3 or IMAP server, see the quickstart guide for POP/IMAP Server as well.
These instructions were written with Red Hat 7.x systems in mind but the basic concepts provided
here can be applied to other distributions as well.

Instructions

1. Change the MX record for the desired mail domain to route all mail to a particular mail
server(s). Without getting into a discussion of DNS or BIND, here's an example of an MX
record:

domain.com. IN MX 10 mail.domain.com.
domain.com. IN MX 20 mail2.domain.com.

In this example, the host mail.domain.com is the primary mail server for domain.com. The
host mail2.domain.com is a backup server in case mail.domain.com goes down. It is
important that mail server addresses (e.g. mail.domain.com) be real A records, not
CNAMEs. CNAME's will cause problems. Also, these subdomains (i.e. mail.domain.com,
mail2.domain.com) should be recognizable by the hosts that they reference. When I say
recognizable, I mean Sendmail running on the computer at mail.domain.com should
recognize this address as a valid local host name as listed in either the sendmail.mc file
(Cw option) or the /etc/mail/local-host-names file. This dependency is often overlooked
but if Sendmail does not recognize the domain name, you may see something similar to
what you get if your MX record points to a CNAME, e.g. error messages saying "Mail
loops back to me." This is particular important when it comes to setting up backup
servers(more on backup servers below).

2. Change the hostname of your mail server based on what you'd like to have appear in the
headers of outgoing messages. If you do not specify a hostname or your hostname is not
in the form mydomain.tld, you will see localhost.localdomain as the MTA in your mail
headers. You will only notice this when you look at detailed headers (or All headers). The
regular 'From' field as displayed in most e-mail clients should be whatever you specify in
your mail client. You can also specify the desired 'from' domain by using domain
masquerading, which is covered later in this guide. In Red Hat 7.x, you can change the
hostname either from X Windows using the Network Configuration tool or by changing
the hostname entry in /etc/sysconfig/network. You should update your /etc/hosts file as
well by including the hostname as the first alias on the line for your loopback address.

3. Modify the file /etc/mail/local-host-names to include domains for which you will accept
mail; there should be one domain per line. Also include any subdomains by which this
mail server will be referenced in an MX record, e.g. mail.domain.com or
mail2.domain.com. As noted in step 1 above, if this server is referenced in an MX record,
it's important that this server recognize the hostname by which it is being referenced(via
Cw option or local-host-names file). Otherwise problems may arise. See the discussion of
backup servers below for more information. Note: any domains and subdomains listed
here WILL be treated as local domains, so mail to a domain listed in this file will be sent
 to a local user if possible. Including a subdomain in this file only treats that subdomain as
local, so you can safely include subdomains here and have mail for the top level domain
sent elsewhere.

4. Edit /etc/aliases to include aliases that you would like to enable; for example, if you want
to create the alias 'jack' such that all e-mails to jack@yourdomain.com get forwarded to
the real user account 'john,' include it here.
5. jack: john
6. webmaster: john, ed

Once you've edited this file, run 'newaliases' at the bash shell to write your changes to
/etc/aliases.db. Aliases defined in /etc/aliases are valid for all domains for which sendmail
accepts mail unless you put entries in /etc/virtusertable. You can setup aliases for fully
qualified e-mail addresses (e.g. accounts with the same username are treated differently
across multiple domains) by using /etc/virtusertable. Here are some examples of entries
in the virtusertable file:

jack@domain.com john
jack@domain2.com ed
jack@domain3.com john@yahoo.com
@domain4.com sally

In this example, mail addressed to jack@domain.com will be directed to the mail account
john, mail addressed to jack@domain2.com will be directed to mail account ed, mail
addressed to jack@domain3.com will be forwarded to an external address
john@yahoo.com, and any mail sent to domain4.com will be sent to sally. The
virtusertable is a great way to setup auto-forwards, including having whole domains be
redirected to a particular e-mail address. To enable your changes, you need to run:

# makemap hash /etc/mail/virtusertable.db <

/etc/mail/virtusertable

7. Edit the /etc/mail/access file to include IP addresses or domains for which you will relay
mail. By default, no other hosts other than localhost can send mail to outside
destinations. If you want to provide outbound smtp functionality to other computers on
your network, include the network addresses for these other computers here. If you want
to allow relaying from hosts outside of your network, enter their IPs or domains here. For
example:
8. localhost.localdomain RELAY
9. localhost RELAY
10.127.0.0.1 RELAY
11.192.168.0 RELAY
12.66.218.71.112 RELAY

To enable your changes, run the following as root:

# makemap hash /etc/mail/access.db < /etc/mail/access

If you only want to relay mail for users who authenticate with a username and password,
use SMTP Authentication.

13. Edit the /etc/mail/sendmail.mc file to enable mail relaying and other useful sendmail
features.
In Red Hat 7.x, you have to comment out the line:

DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')

to relay mail for external hosts. Change it to look like this:

dnl DAEMON_OPTIONS('Port=smtp,Addr=127.0.0.1, Name=MTA')

Uncomment the define('STATUS_FILE'...) line if you want to track sendmail statistics.

If you want to enable masquerading, include the following lines:

MASQUERADE_AS(mydomain.tld)
MASQUERADE_DOMAIN(mydomain.tld)
FEATURE(masquerade_entire_domain)
FEATURE(masquerade_envelope)

You should also change localhost.localdomain in the following line:

Cwlocalhost.localdomain

to the domain name referenced in your MX record. Make sure that any domain name
referenced here and in the DNS MX record points to a DNS 'A' record, NOT a CNAME
alias. Also, if you are running virtual domains on this server, you should put any additional
domain names for which you will accept mail AND any associated subdomains
referenced in the MX records of your other domains in the /etc/local-host-names file. For
example, if you also accept mail for domain2.com and you created A and MX records for
mail.domain2.com that points to this mail server, you ideally should have both domains
(domain2.com AND mail.domain2.com) listed in your /etc/mail/local-host-names file.
Note: on a backup server, you do not want to include the main domain, domain2.com in
/etc/mail/local-host-names since this will result in mail being accepted at the backup
server rather than being queued for delivery to the primary mail server.

Also, if you do not change the default of localhost.localdomain, mail may appear to come
from localhost.localdomain, which may be blocked by some mail servers. Make sure your
hostname is setup properly as well.

If you are having problems with Sendmail getting your domain name right, you can also
try adding the line:

DMmydomain.tld

Set optional parameters including any anti-spam measures:

define(`confQUEUE_LA', `50')dnl

Save your changes to /etc/sendmail.cf by using the following command:

# m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Then restart sendmail:

 # service sendmail restart

14. Setup Backup Mail Server: Setting up a backup mail server is very easy. It's also very
important since you do not want to be without mail if your primary mail server goes down.
To setup a backup mail server, first setup the MX record for the domain in question so
that the backup mail server handles mail second (or third...) for the domain. See Step 1
for more information on setting up a DNS record. Once your MX record is in place, you
need to configure the backup server.

The first step is to make sure that the host name referenced in the MX record is listed as
a local host name, either using the Cw option or the /etc/mail/local-host-names file.
Taking the example from Step 1, if I setup the MX record so that my backup mail server is
mail2.domain.com, I should have Cwmail2.domain.com in my sendmail.mc file or have
mail2.domain.com listed in my /etc/mail/local-host-names file. If it is not listed, Sendmail
may get confused and bounce mail with the message:

553 MX problem? mail loops back to me

You'll only see this message when your main mail server goes down. This happens
presumably because Sendmail tries to relay mail to the backup mail server as listed in
the MX record if it cannot reach the primary mail server. Since the MX record points to a
host that is not recognized by Sendmail as a local host, it will keep trying to send the mail
to the backup server. As it tries, it finds that the address points to itself, which it believes
is not right, creating a loop. By letting Sendmail know that this is indeed another alias for
this machine, it will handle the mail properly, queuing it for later delivery to the primary
mail server.

It is important that you do not include the top level domain for which you are the backup
server in the local-host-names file. Otherwise, your mail server will treat that domain as
being local and will try to accept mail (as opposed to relay mail) for that domain. For
example, if you include domain.com in your local-host-names file (in addition to
mail2.domain.com), your mail server will think that IT is the primary mail server for
domain.com and try to deliver messages locally.

The next step is to include domains for which you will be a backup server in the
/etc/mail/access file and allow relaying for those domains. Continuing with the example
above, your access file might have the following lines:

domain.com RELAY
domain2.com RELAY

15. Test your mail server by sending test mails to users on the system and external accounts.
Local users should receive mail in either /var/spool/mail or /var/mail.

16. If you want to setup your server so that mail can be retrieved using POP3 or IMAP, see
the guide on POP/IMAP Server setup.