SENDMAIL FOR THE AVERAGE PARANOID Copyright (c) 2005 by Aaron Hsu Feel free to distribute this article, but do not change the contents. If any errors are found, please contact me at . How many of the average OpenBSD user, or any other sendmail wannabe has spent countless hours trying to figure out how to properly configure and use sendmail for the average mail user's needs? Sure, if you are a professional who needs to work on sendmail hours everyday, and you do nothing but work on sendmail based systems, things are not that difficult, but for the average paranoid, it's rather difficult to sift through the documentation, however complete, to discover the secrets to Sendmail's vault of beauty. This little article aims to solve this difficulty. Hopefully, in as few words as possible, I will cover the most essential features of Sendmail for the average OpenBSD desktop user. WHY SENDMAIL? Why use sendmail? Admittedly, there are other, easier to use, simpler, or smaller programs out there. Why should one choose to use this convoluted program? For me, it's a matter of tradition, ubiquity, and integration. First of all, I'm a stickler for tradition, and sendmail fills that spot nicely. It's a very mature and stable piece of software. I know what I'm getting into when I use it, and I know that there is a long history behind the program. It's a program that has clout. Secondly, it's all over the place. If a system can't run sendmail, you don't need to run the system. Any system I can dream of using will be able to run sendmail, and run it well, I don't believe this can be said for most of the other mail software out there. And thirdly, it is well integrated into OpenBSD, meaning that it comes with the main system, you do not have to install anything additionally, and you can be sure of it working. Security-wise, OpenBSD has already answered this question. In short, yes, sendmail has had security issues previously, because it was designed originally before security was a big issue for mailers; however, the author has been receptive to changes, and it is now no less secure than any of the other options existing today. Combine this with the stability, and you have a win-win. ALRIGHT, ENOUGH PROPAGANDA, LET'S GET STARTED Okay, first things first. This article is written for users of an OpenBSD system. Most things should be applicable to the other systems, but keep in mind that I can't guarantee anything on these other systems. For the basic average user, there are three things that are necessary when configuring Sendmail. 1. Most of the time, users are on dynamic ip addresses, meaning that they will generally fall into the "spam IP" range on many ISP's, such as AOL. To solve this, we must use an authorized remailer like your ISP's smtp server. 2. Most users do not have their systems running 24/7 and do not have a reliable enough connection to the Internet to allow them to use their computer as a mail server for receiving mail as well as sending it, as such, in general, the name of your computer on your internal network is generally not going to be the one you want people sending mail and replies to. Most people will have another e-mail address that they want to show up in the "From:" header of their messages. Sendmail must be configured to remap user addresses such as "user@localhost" to someone's desired reply-to address such as "user@myisp.net". 3. Users often have different usernames on their computers than the username they chose with their e-mail address they wish to use. This means that we need to be able to remap usernames as well as hostnames. Now, these are all pretty simple to work with in sendmail, believe it or not. However, they are buried in the documentation quite a ways, which makes it difficult for a new user to figure out exactly what's going on. WHERE THE FILES ARE LOCATED The first thing you should know is that your main configuration file located in /etc/mail/ SHOULD NOT BE EDITED BY HAND! There is a nice and easier to edit file located in /usr/share/sendmail/cf. The documentation is located at /usr/share/sendmail/README, and the configuration file we will be copying is the /usr/share/sendmail/cf/openbsd-localhost.mc file. BASIC IDEA USING The basic process of creating a sendmail configuration is 1) edit your mc file; 2) process your mc file into a corresponding cf file; 3) copy your cf file to /etc/mail; 4) edit rc.conf.local to ensure your cf file is loaded; 5) edit any corresponding /etc/mail files. EDITING THE MC FILE First things first, we're going to make a copy of openbsd-localhost.mc so that we can edit it and not damage the original file. $ cd /usr/share/sendmail/cf $ sudo cp openbsd-localhost.mc myhost.mc Next, we edit the file with our favorite text editor (which, of course, is some form of vi ;-)). We need to find the following lines: MAILER(local)dnl MAILER(smtp)dnl All of our additions to this file are going to be above these two lines. Now, we change the VERSIONID line to look something like: VERSIONID(`@(#)myhost.mc $Revision: 1.0 $') where "myhost" is the name of your file without the "mc" extension. The revision number should probably start at 0.1 and you can increase it as you make changes. Adding the smtp server Now we make sendmail use an external smtp server for all outgoing (read non-local) mail. Add the following line: define(`SMART_HOST', `smtp.myisp.net')dnl You should replace "smtp.myisp.net" with the name of your ISP's smtp server. Keep in mind that you ought to read the documentation for each of these instructions, so that you know what's going on, and can change them to your liking. Using a different hostname Since we don't want to use our computer's hostname, as it will not be receiving the mail, we need to set up what is called "domain masquerading". The main command is MASQUERADE_AS, and should be added as follows: MASQUERADE_AS(`myisp.net')dnl where "myisp.net" is the domain of your e-mail address you want to use in the From header. What this will do is rewrite the From header in your mail replacing your computer's hostname with "myisp.net" whenever it sends a message. Now, there are two other features most users will want to add to their system: FEATURE(`local_no_masquerade')dnl FEATURE(`masquerade_envelope')dnl The first feature tells sendmail not to masquerade mail sent to local users, as in general we don't want to be replying over the Internet to a message sent internally. The other is to masquerade the envelope as well as the From header. Some spam filters will consider a message spam if it detects a forged From header that contains information contrary to what is listed in the rest of the message; adding this feature solves this problem. If you use the same username as you do in your e-mail address, this is all that is necessary in editing your mc file, and you can continue with processing the file. If not, and you use another different username for your e-mail, you are going to need to set up a genericstable, so that you can remap your local username to another username and address. First things you need to do is add the genericstable line from openbsd-proto.mc to your mc file: FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl Then you should locate /etc/mail/genericstable and edit it as follows: localuser: newremoteuser[@newdomain] The [*] stuff is optional, and if you include it, don't include the brackets. What this will do is remap your local username to another name and/or domain if you so desire. It will only do this for non-local mailings, however. Next, make sure you process genericstable after you edit (this goes for any file you edit in /etc/mail) by typing: $ cd /etc/mail $ make This will make the hash files from the human readable files you edit. This should be all that is necessary for most users, and you can save your edited mc file. Next you need to process it with m4. You can read more about this in the documentation. PROCESSING YOUR MC FILE I find it easiest to process your mc file with the following commands: $ cd /usr/share/sendmail $ su # m4 ../m4/cf.m4 myhost.mc > myhost.cf An important note is that you should use su rather than sudo for this command as it's easier, and you don't have to use weird tricks with ">" to make it work. COPY YOUR CF FILE TO /ETC/MAIL You should copy your cf file to /etc/mail under a name other than sendmail.cf or localhost.cf, so that you do not conflict with the current configuration files there, which are installed by default. Run something like: $ cd /usr/share/sendmail $ cp ./myhost.cf /etc/mail EDIT YOUR RC SCRIPTS Next thing you should do is change sendmail so that it uses the new configuration file when you restart your computer. You should start by copying the sendmail_flags line in rc.conf to rc.conf.local. Don't edit rc.conf, as it is better to edit rc.conf.local. Next, replace the current .cf filename with your filename, so the line might look something like: sendmail_flags="-L sm-mta -C/etc/mail/myhost.cf -bd -q30m" Now, when you restart OpenBSD, it will start sendmail by reading the new sendmail file. EDITING YOUR /ETC/MAIL FILES Now that you've done all this, double check that you've edited and processed all your mail files in /etc/mail. This can be a great source of frustration to new users if you don't know where your problems are. Many times it is that they have not properly edited their genericstable and then run "make" in the /etc/mail directory. RESTART YOUR SENDMAIL PROCESS AND TEST Now that you've finished all this, you are almost done! You now need to locate your sendmail process and kill it: $ ps ax | grep sendmail 28739 ?? Is 0:00.05 sendmail: accepting connections (sendmail) $ su # kill 28739 Remember to kill it, and not send it an HUP signal, as you have to give it new arguments for the changes in configuration files to change. Next, restart sendmail with your new args: # sendmail -L sm-mta -C/etc/mail/myhost.cf -bd -q30m If there are any errors, you did something wrong. Make sure you check /var/log/maillog and stdout to make sure that there are no errors. Now you have to test your sendmail configuration and make sure it works: $ mail mylocaluser Subject: Test #1 This is a test message. . $ mail myemail@myisp.net Subject: Test #2 This is a test message, again. . $ Now, you should see the #1 message in your mailbox, and it should contain the local addresses and usernames in the From header, etc. You should then fetch your remote mail, using something such as fetchmail or getmail, and you should receive the #2 message, with the From header, etc. rewritten to contain "myemail@myisp.net". If it did not, you should go back and see what you did wrong. It is helpful to check /var/log/maillog to make sure that the first message was sent out using the local computer as a remailer, and that the second message was sent using your ISP's smtp server. Well, that's all, and I hope now you have a grasp on how sendmail works. You should be able to apply this knowledge to configure a host of other features depending on your needs. TODO LIST I still need to work on setting up an smarthost who uses authentication. I haven't the time or the necessity to work on this, but I will hopefully get around to it sometime.