sendmail setup

Giorgos Keramidas keramida at ceid.upatras.gr
Fri Sep 3 18:13:18 PDT 2004


On 2004-09-03 16:57, chip at wiegand.org wrote:
> Could someone please just explain what is needed to make it send mail
> out to the world from just one machine on the lan. It can't be as hard
> as it appears to be.

The setup of my workstation at work to forward outgoing email to the
mail gateway available to all the machines of the internal network is
the following:


Sendmail options in rc.conf
===========================

The following options are in my `/etc/rc.conf' file:

    % grep sendmail /etc/rc.conf
    sendmail_enable="NO"
    sendmail_outbound_enable="NO"
    sendmail_submit_enable="YES"
    sendmail_submit_flags="-L sm-mta -bd -q5m -ODaemonPortOptions=Addr=localhost"
    sendmail_msp_queue_enable="YES"
    sendmail_msp_queue_flags="-L sm-msp -Ac -q30m"
    %

The two enabled sendmail processes have the following function:

    submit
	This listens on 127.0.0.1:25 and allows local processes (including
	the msp_queue process) to post messages.  It uses sendmail.cf as
	its configuration file and can forward all your outgoing messages
	to the mail gateway of your LAN (see the SMART_HOST option below).

    msp_queue
	This sendmail process scans periodically the messages in the queue
	/var/spool/clientmqueue and makes sure they don't get stuck there.


The genericstable address rewriting rules
=========================================

The file /etc/mail/genericstable contains the following:

    % cat /etc/mail/genericstable
    keramida at internal-host.internal.domain	keramida at ceid.upatras.gr
    %

Thus, all messages posted by user `keramida' on my workstation will have
their address rewritten to keramida at ceid.upatras.gr, which is certainly
more useful to the rest of the world than my internal workstation address.


The mailertable message routing table
=====================================

I want all my company email routed through our VPN to the internal email
server, instead of travelling through the Internet to reach the same
server's external interface.  To accomplish this I use a mailertable with
the following entries:

    % cat /etc/mail/mailertable
    .company.com			smtp:internal-mx.company.com
    company.com				smtp:internal-mx.company.com
    %

Custom envelope from addresses
==============================

Some times I run scripts under my uid that want to "fake" their envelope
from address.  Thus, I have created a file called /etc/mail/trusted-users
with a list of usernames that are allowed to set their envelope from
address with sendmail -f user at host without having a warning added
automagically by Sendmail in their header:

    % cat /etc/mail/trusted-users
    keramida
    %


The local hostnames
===================

The file local-host-names as you already mentioned contains the list of
hostnames that my workstation should consider `local' and attempt to
deliver to a local user:

    % cat /etc/mail/local-host-names
    internal-host.internal.domain
    internal-host
    %

I've added both the `internal-host' and `internal-host.internal.domain'
names, in case some locally running program tries to send mail using only
the hostname and not the fully qualified domain name of the workstation in
the local LAN.


The hostname.mc file
====================

The Makefile in /etc/mail will look for a file called `hostname.mc' where
hostname is the short host name of your machine and use that as the source
for generating `sendmail.cf'.  If this file does not exist `freebsd.mc' is
copied to `hostname.mc' and the rest of the Makefile works as before.

The differences of my hostname.mc file from the freebsd.mc installed by
FreeBSD 6.0-CURRENT are:

    +FEATURE(genericstable, `hash -o /etc/mail/genericstable')
    -dnl define(`SMART_HOST', `your.isp.mail.server')
    +define(`SMART_HOST', `smtp.internal.domain')
    +FEATURE(masquerade_entire_domain)
    +FEATURE(masquerade_envelope)
    +MASQUERADE_AS(`company.com')
    +MASQUERADE_DOMAIN(`internal.domain')
    +FEATURE(use_cw_file)
     define(`confCW_FILE', `-o /etc/mail/local-host-names')
    +FEATURE(use_ct_file)
    +define(`confCT_FILE', `-o /etc/mail/trusted-users')
    -DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

After what I wrote above the changes and their reasoning should be easy to
understand, except these few lines:

    +FEATURE(masquerade_entire_domain)
    +FEATURE(masquerade_envelope)
    +MASQUERADE_AS(`company.com')
    +MASQUERADE_DOMAIN(`internal.domain')

    -DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

The first one is to make sure that all email sent from my workstation (or
forwarded from my workstation, in case I enable an internal SMTP server
later) will use @company.com addresses.

The second one is because I've removed IPv6 support from my kernel and I
don't like having Sendmail bother me about failed IPv6 connection attempts.


The Final Steps
===============

*   Make sure you don't have different map types defined in your
    hostname.mc and in the Makefile of `/etc/mail' (i.e. a hardwired map
    type of `btree' in hostname.mc for the access.db table and a default
    map type of `hash' in Makefile).

*   Update the generated files of /etc/mail:

	# cd /etc/mail
	# make && make install && make restart

*   That's all.



More information about the freebsd-questions mailing list