macdevcenter.com
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button

Configuring sendmail on Jaguar
Pages: 1, 2, 3, 4, 5

Allowing Relaying from Certain Hosts

Sendmail doesn't like to relay mail that isn't sent from trusted sources. The designers of sendmail do this purposefully to try to alleviate the problem of spam. You see, spammers take advantage of mail servers that will relay mail from anyone in order to send mail to all of us while taking advantage of somebody else's bandwidth costs. It's truly heinous.

By default, sendmail's paranoia means that when we set up a server, we can only relay mail through it that originates on the local machine. In order to use it as a proper mail server, we need to let it know what hosts to trust to relay mail. For example, my mail sever is configured to accept email that comes from my private home network that is running behind a NAT with a fixed IP address. In addition, I always want to be able to send mail, using my laptop, from my friends houses which have known DSL hostnames. To do this, you simply need to define these rules in the /etc/mail/access file, as shown:

% sudo emacs /etc/mail/access
192.168.123.2 RELAY
dsl-1-1-1-1.networkprovider.net RELAY

You can also allow blocks of IP addresses or partial domain addresses to relay through your server. For example, to allow anybody on a subnet, as well as let everybody at the oreilly.com domain use my mail server, I could edit this file to look like:

% sudo emacs /etc/mail/access

192.168.123.2 RELAY
dsl-1-1-1-1.networkprovider.net RELAY
192.168.145 RELAY
oreilly.com RELAY

This will let anyone with an IP address that starts with 192.168.145, or whose IP address resolves to the oreilly.com domain use our server. Just like with aliases, we need to compile this file into a form that sendmail can use. To do this, use the following command:

% sudo makemap hash /etc/mail/access < /etc/mail/access

Yes, this is yet another command to remember and I personally always have to look it up to use it. Don't fear, we can fix this problem.

Our Helper Script Expanded

Since I hate having to use the documentation to execute what should be simple commands, I have actually added all these commands (and more) to my update script. I gave you the short form earlier. Here's the long form (with the section we haven't seen before in bold type):

#! /bin/sh

if [ /etc/mail/config.mc -nt /etc/mail/sendmail.cf ]
then
    echo Regenerating sendmail.cf
    m4 /usr/share/sendmail/conf/m4/cf.m4 /etc/mail/config.mc > \
        /tmp/sendmail.cf
    mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old
    mv /tmp/sendmail.cf /etc/mail/sendmail.cf
    /System/Library/StartupItems/Sendmail/Sendmail restart
fi

if [ /etc/mail/aliases -nt /etc/mail/aliases.db ]
then
    echo Updating aliases
    newaliases
fi

if [ /etc/mail/access -nt /etc/mail/access.db ]
then
    echo Updating access
    makemap hash /etc/mail/access < /etc/mail/access
fi

In short, this file checks to see if it should:

  1. Compile the sendmail.cf file.
  2. Update the aliases database.
  3. Update the access database.

When the source to any of these files is out of date, it will be updated. Easy huh? Now, all we have to do is remember to run update whenever we edit one of the configuration files and the right thing will happen.

Running Behind a Firewall

Running sendmail behind a firewall, especially if it's a NAT, can confuse it. You see, sendmail does its best to try to figure out what its host name is. As long as your machine is a first class citizen on the Internet (ie, has an IP address visible from the Internet at large), it can usually do a good job at this. However, when you are running behind a NAT, or if your IP address doesn't resolve to any hostname, you'll need to give sendmail a little help. For example, if you are hosting mail for domain.com, you need to tell sendmail that its domain name is $w.domain.com. The $w part is an important part of sendmail trickery that means "insert the local host name here."

To configure sendmail to use a specific domain name, edit your /etc/mail/config.mc file as follows:

% sudo emacs /etc/mail/config.mc

VERSIONID(`$Id: generic-darwin.mc,v 1.3 2002/04/12 18:41:47 bbraun Exp $')
OSTYPE(darwin)dnl
DOMAIN(generic)dnl
undefine(`ALIAS_FILE')
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirPathSafe')
define(`LUSER_RELAY', `local:duncan')
define(`confDOMAIN_NAME', `$w.domain.com')
FEATURE(`smrsh',`/usr/libexec/smrsh')
FEATURE(local_procmail)
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl 
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`access_db')dnl
MAILER(smtp)
MAILER(procmail)

As always, remember to run the update script:

% sudo ./update
Regenerating sendmail.cf
Restarting mail services

Next we'll take a look at one other common problem that people have that is introduced by their ISP.

sendmail

Related Reading

sendmail
By Bryan Costales

Working with Lame ISPs

What do I mean by "Lame ISPs?" Well, I mean those ISPs that block all outgoing traffic on port 25. Instead of letting you have access to the Internet on port 25, they want you to use their own mail server. They do this to try to stop spammers from utilizing open relays on their networks. However, this means that your mail server can't send mail to other hosts on the Internet.

Luckily, since sendmail is the swiss army knife of mail servers, there is a configuration directive to fix this. To have all mail from your server go through your ISP's mail server, edit your /etc/mail/config.mc file to match the following:

% sudo emacs /etc/mail/config.mc

VERSIONID(`$Id: generic-darwin.mc,v 1.3 2002/04/12 18:41:47 bbraun Exp $')
OSTYPE(darwin)dnl
DOMAIN(generic)dnl
undefine(`ALIAS_FILE')
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirPathSafe')
define(`LUSER_RELAY', `local:duncan')
define(`confDOMAIN_NAME', `$w.domain.com')
define(`SMART_HOST' `mail.mindspring.com')
FEATURE(`smrsh',`/usr/libexec/smrsh')
FEATURE(local_procmail)
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl 
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`access_db')dnl
MAILER(smtp)
MAILER(procmail)

Once again, run the update script:

% sudo ./update
Regenerating sendmail.cf
Restarting mail services

Problem solved.

Conclusion

I've taken you on a whirlwind tour of the major configuration areas of sendmail. To be sure, there is more, quite a bit more, than I could cover in this article. However, after reading this piece, you should have a start on being self-sufficient with sendmail. And when you need to do more, be sure to get sendmail, 2nd Edition by Bryan Costales and Eric Allman. There's a reason it's over a thousand pages long! Also, there's a 3rd edition in the works. Look for it in a few months.

James Duncan Davidson is a freelance author, software developer, and consultant focusing on Mac OS X, Java, XML, and open source technologies. He currently resides in San Francisco, California.


Return to the Mac DevCenter.