Tutorial on Sendmail

C:Direct

You all probably know what Sendmail is, or you would not be reading this =) But anyway, Sendmail is a classic MTA (Mail Transport Agent). Or, you can simply call it a mail server.
*** Note: ALWAYS start Sendmail with an absolute pathname, or it may not function properly due to relativity.
REQUIREMENTS for Sendmail:
- The FULLY QUALIFIED name of the machine running sendmail has to be in DNS or /etc/hosts
- When sending straight to a domain (user@somedomain.com), the MX (mail exchanger) record is being looked up.
An example is: (partial output of "dig MX somedomain.com")
;; ANSWER SECTION:
somedomain.com. 86374 IN MX 10 mail.somedomain.com.
This means that all mail for somedomain.com will be routed to machine mail.somedomain.com.
10 is the cost value. The lower it is, the higher the preference of this particular MX record.
If there are 2+ servers with the same cost value, DNS will rotate them using round robin.
If there are 2+ servers with different cost values, the one with the lowest value will get the mail, unless it is down.
If all MX servers are down, the message is queued for lated delivery.
INSTALLATION:
1. Download the latest non-beta version from ftp.sendmail.org (or
[color="#eee3ff"]www.sendmail.org
).
2. gzip -dc sendmail* | tar xvf -
3. cd sendmail*
4. Read README, RELEASE_NOTES (optional), FAQ (optional), and doc/op/op.ps (optional)
5. cd sendmail
6. ./makesendmail -m
[color="#eee3ff"]www.sleepycat.com,
install it, and recompile sendmail
(optional) Installing Berkeley DB:
- unzip + untar
- cd db-*
- cd build_unix
- ../dist/configure (or, CC=gcc ../dist/configure)
- make
- make install
Then unzip + untar sendmail again, and start from step 6:
6. ./makesendmail -m -I/usr/local/BerkeleyDB.4.0/include -L/usr/local/BerkeleyDB.4.0/lib
or
6. ./makesendmail -n -I/usr/local/BerkeleyDB.4.0/include -L/usr/local/BerkeleyDB.4.0/lib
7. ./makesendmail
8. cd ../obj.*/sendmail
9. ./sendmail -d0.1 -bt   
[color="#eee3ff"]tweety@yahoo.com
- Create a simple list:
accountants: tweety, sylvester, grandma
- Combine two existing lists into a third one:
list1: tweety, sylvester
list2: grandma, root
list3: list1, list2
- If you don't want "tweety" to be run against the alias database again:
list1:         weety, sylvester
- Create an owner for a mailing list. That user will receive error messages (bounces, etc):
list1: tweety, sylvester
owner-list1: postmaster
- Set the same owner for all existing mailing lists:
owner-owner: postmaster  -- checks if the user exists.
- expn (short for expand) -- expand the name of a mailing list and see the recipients.
- check "P" lines in sendmail.cf - deliery agent (P=/bin/mail). If P= (like /tmp/mail) --> suspicious.
- securing .forward files -- change "P=/bin/sh" to "P=/usr/lib/smrsh", and set "A=smrsh". Then, only stuff residing
in /var/adm/sm.bin/ will be executed. If the program is not found there, the message bounces.
- have /etc/, /etc/mail/, and /etc/mail/* owned by root and writeable only by root.
- be careful with permissions of the include files, if those are used.
- when sending e-mail to a program, you should be careful of things like setuid and setgid as well as write permissions.
- check the alias file (/etc/aliases by default) to make sure that no mail is being sent to programs.
- protect the mail queue directory -- /var/, /var/spool/, and /var/spool/mqueue/ should be writable only by root.
- examine sendmail.cf for "Ct" flag. Any user listed here can hide their username using "sendmail -f  ..."
Also, the "T" flag has the same effect. These users should be in the "Trusted Users" section of the config file.
Also, the "Ft" flag has the same effect, however it simply lists an external file containing trusted users.
- you can adjust the log verbosity of sendmail by modifying the LogLevel setting.
- you can edit the PostmasterCopy option in sendmail.cf -- send every bounced message to a specific user.
- restrict the list of people able to use "mailq" -- add "restrictmailq" to PrivacyOptions.
- restrict who can process the queue -- add "restrictqrun" to PrivacyOptions.
- prevent mail being sent to special files (devices, etc) -- set "SafeFileEnvironment=/"
- secure temporary files -- set "TempFileMod=0600".
*** THE QUEUE:
* Sendmail does all operations relative to the queue directory. Therefore, relative paths, etc, have to match.
- change the default queue directory -- set the QueueDirectory option in sendmail.cf
- ordinary users should not even be allowed to enter the queue directory.
- 2 types of files in the queue directory -- df (mail contents), and qf (headers, etc).
- process the queue manually -- "/usr/lib/sendmail -q".
- while processing the queue, sendmail renames the "qf" file to a "tf" file, edits it, and renames it back to "qf".
- when a message is sent to multiple recepients, an "xf" file is also created -- contains delivery results.
- Start sendmail with "/usr/lib/sendmail -bd -q15m" -- run as a daemon, process the queue every 15 minutes.
- see how sendmail processes the queue -- "/usr/lib/sendmail -v -q" (verbose)
*** LOGGING AND STATISTICS:
* Sendmail send various information to syslog (config /etc/syslog.conf). Log messages are identified by a number.
The lower the error number, the higher the error. Here is a table (info=11+, critical=1):
1 Log_Crit and Log_Alert
2-8 Log_Notice
9-10 Log_Info
11+ Log_Debug
* By default, sendmail logs its activities via syslog in /var/log/syslog.
- Configure sendmail to produce statistics -- add to sendmail.cf: "O StatusFile=/etc/mail/sendmail.st".
This file has to exist before sendmail can use it -- "touch /etc/mail/sendmail.st".
- To stop collecting statistics, remove the option or rename the file.
- To start over with statistics, empty the file -- "cp /dev/null /etc/mail/sendmail.st".
* The sendmail daemon responds to the following kill signals:
SIGINT -- perform an orderly shutdown: unlocks queue, cancels deliveries, resets identity, exists with EX_OK.
SIGHUP -- reread sendmail.cf, and the PID will change.
SIGUSR1 -- dump the current running state to the syslog daemon.
- Log every transaction with sendmail ("-X") -- "/usr/lib/sendmail -X /var/adm/sendmail_log"
*** OPTIONS:
"O QueueDirectory=/var/spool/mqueue" = "OQ/var/spool/mqueue"
* List of required options:
Option Name Shortcut Type Description
==================================================
==================================================
========
Queue Directory Q String Location of the queue
------------------------------------------------------------------------------------------------------------
Timeout r String Set various timeouts
------------------------------------------------------------------------------------------------------------
Delivery Mode d Char Set delivery mode
------------------------------------------------------------------------------------------------------------
TempFileMode F Octal Permissions for temp files (0600-0666)
------------------------------------------------------------------------------------------------------------
DefaultUser u String Default delivery agent identity (user:group)
------------------------------------------------------------------------------------------------------------
LogLevel L Number Set logging level
------------------------------------------------------------------------------------------------------------
OldStyleHeaders o Boolean Allow spaces in recipient list (default: comma)
------------------------------------------------------------------------------------------------------------
BlankSub B Char Replaces a space with a dot (blah com => blah.com)
------------------------------------------------------------------------------------------------------------
* List of non-required but interesting options:
O AliasFile=/path/filename -- multiple alias files can be used.
O AllowBogusHELO (Yes/No) -- turn on or off DNS lookup of the sender's hostname.
O AutoRebuildAliases (Yes/No) -- automatically rebuild the alias database when the alias file is updated.
O CheckAliases (Yes/No) -- make sure the final alias name is a valid e-mail address.
O MaxDaemonChildren (number) -- how many child processes will sendmail be allowed to spawn.
O MaxMessageSize (maxsize) -- any e-mail messages over this size will bounce.
O MeToo (Yes/No) -- when the owner of a mailing list sends a message to the list, should he/she receive it too?
O SmtpGreetingsMessage (text/variables) -- self explanatory =)
O StatusFile (/path/filename) -- the full path to the file containing all statistics.
O TimeZoneSpec (zone) -- use a different time zone for sendmail.
* See a list of options -- "/usr/lib/sendmail -d37.1 -bt
[color="#eee3ff"]sylvester@yahoo.com
" -- when tweety sends mail, the sender will appear as
[color="#eee3ff"]sylvester@yahoo.com
!!! Difference between an alias entry and a user database entry:
- aliases can point to other aliases. They can be processed over and over before the final destination is reached.
- user database entries MUST point to final addresses (either local users, or fully qualified e-mail addresses).
* USERDB is recommended only if such simple tasks are needed. All aliases (incoming and outgoing) are kept in a single file.
** The Access Database:
- accept or reject e-mails based on source or destination.
- typically a hash or btree database and usually resides under /etc/mail as access_db.
- each line in the ASCII file contains two fields -- address field and action field.
- address field: user, e-mail, source IP, partial network address, domain, "To:", "From:", "Connect:".
- action field: DISCARD (drop), OK (accept), REJECT (bounce), RELAY (pass through), [ERROR:[dsn:]] code text - return RFC 821
Examples:
[color="#eee3ff"]nobody@here.com
REJECT -- any mail to or from
[color="#eee3ff"]nobody@here.com
will be rejected with an error message.
From:spammer@here.com DISCARD -- any mail from
[color="#eee3ff"]spammer@here.com
will be dropped. No error will be sent back.
To:spammer@here.com OK -- any mail to
[color="#eee3ff"]spammer@here.com
will be sent.
yahoo.com OK -- any mail to or from yahoo.com will be accepted.
10.1.1 RELAY -- if mail is coming from 10.1.1.*, we will act as a relay host.
* Names in the access database apply to inbound mail only. To make this work for outbound mail, "blacklist_recipients" needs
to be added to sendmail.cf.
** The virtusertable:
- similar to the alias file, but you can define mail by partial domain names.
- don't forget to add an MX record in your DNS server for each of the virtual domains.
- you can set a "catch all" address for a domain -- will accept mail for any non-existant user in the domain.
- each entry in the virtusertable has two fields -- virtual domain name and delivery address.
- virtual domain name -- complete address (tweety@somedomain.com), or partial address (@somedomain.com).
Examples:
[color="#eee3ff"]tweety@somedomain.com
sylvester -- any mail for
[color="#eee3ff"]tweety@somedomain.com
will be locally delivered to sylvester.
@somedomain.com sylvester -- "catch all" for somedomain.com -- will be sent locally to sylvester.
[color="#eee3ff"]tweety@thisdomain.com

[color="#eee3ff"]tweety@yahoo.com
-- simple mail routing to an external (valid) address.
** The genericstable -- for sending out mail -- rewrites the sender's e-mail address:
- has two fields: local username and the name it is rewritten to.
- Example:
tweety
[color="#eee3ff"]sylvester@somedomain.com
-- outgoing mail from tweety will appear from
[color="#eee3ff"]sylvester@somedomain.com
** makemap -- convert ASCII text files to database format.
- usage: makemap database_type database_name
[color="#eee3ff"]http://mail-abuse.org/.
*** HEADERS:
* Headers are information that sendmail appends to the e-mail message. All header lines begin with a capital H.
* RFC 822 requires the two headers -- "From:" and "Received:".
- "From:" means who sent the message.
- Each machine that relays a message adds its own "Received:" header to the message. This can be used to determine the path.
* Other headers:
- "Full Name:" -- displays the full name of the sender. This data comes from /etc/passwd.
- "Date:" -- shows the time and date the message originated. It is used by timeout counters on the MTAs.
- "Message-ID:" -- used to uniquely identify each message.
- "Reply-To:" -- used when you want the recepient to repond to a different e-mail address.
*** MACROS (variables):
* Macros can be defined ones and then reused multiple times. Most of them have predefined names and meaning.
* In sendmail, all macros begin with a capital D.
- Example: "DSmailhost.somedomain.com" tells sendmail to send all outgoing mail to mailhost.somedomain.com (relay).
* Some common variables and their meaning:
- n -- identity of the error message sender.
- v -- version of sendmail currently running.
- w -- the short hostname.
- j -- the fully qualified hostname.
- m -- the domain name.
- k -- the UUCP nodename.
- b -- date in RFC1123 format.
- _ -- identification information.
- opMode -- current operating mode (sendmail v8.7 and greater).
* To see all defined macros and their values, use the following command:
/usr/lib/sendmail -d35.9 -bt   sendmail.cf
cd /etc/mail
cp /usr/lib/mail/cf/sendmail.cf .
- Then HUP sendmail so it can reread its configuration.
*** RULESETS:
* For information on rulesets (and more!), consult the bat book (O'Reilly's "Sendmail").


本文來自ChinaUnix博客，如果查看原文請點(diǎn)：http://blog.chinaunix.net/u/10290/showart_48829.html