Sendmail: Difference between revisions
(remove vague history; mention Postfix instead) |
PolarianDev (talk | contribs) |
||
(30 intermediate revisions by 13 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Mail server]] | [[Category:Mail server]] | ||
[[es:Sendmail]] | |||
[[ja:Sendmail]] | [[ja:Sendmail]] | ||
[[zh- | [[zh-hans:Sendmail]] | ||
{{Related articles start}} | |||
{{Related|Mail server}} | |||
{{Related articles end}} | |||
[[Wikipedia:Sendmail|Sendmail]] is the classic [[mail transfer agent]] from the Unix world. This article builds upon [[Mail server]]. | |||
The goal of this article is to setup Sendmail for local user accounts, without using MySQL or other databases, and also allowing the creation of ''mail-only accounts''. | |||
==Installation== | == Installation == | ||
{{Accuracy|sendmail can be used with other MDAs than procmail.|Talk:Sendmail#MDA_compatibility}} | |||
==Adding users== | [[Install]] the {{AUR|sendmail}}, {{AUR|procmail}} and {{Pkg|m4}} packages. | ||
Create a [[Users and groups|Linux user]] for each user that wants to receive email at ''username@your-domain.com''. To add ''mail-only accounts'', that is, users who can get email, but | |||
== Adding users == | |||
Create a [[Users and groups|Linux user]] for each user that wants to receive email at ''username@your-domain.com''. To add ''mail-only accounts'', that is, users who can get email, but cannot have shell access or login on X, you can add them like this: | |||
# useradd -m -s /usr/bin/nologin ''username'' | # useradd -m -s /usr/bin/nologin ''username'' | ||
==Configuration== | == Configuration == | ||
=== | |||
=== Obtain TLS certificate === | |||
{{Warning|If you deploy [[Wikipedia:TLS|TLS]], be sure to follow [https://weakdh.org/sysadmin.html weakdh.org's guide] and [https://disablessl3.com/ disable SSLv3] to prevent vulnerabilities. For more information see [[Server-side TLS]].}} | |||
To obtain a certificate, see [[OpenSSL#Usage]]. | |||
=== sendmail.cf === | |||
{{Accuracy|Are those quotes correct and those end-of-line {{ic|dnl}} statements necessary?}} | |||
Create the file {{ic|/etc/mail/sendmail.mc}}. | Create the file {{ic|/etc/mail/sendmail.mc}}. | ||
You can read all the options for configuring sendmail on the file {{ic|/usr/share/sendmail-cf/README}}. | You can read all the options for configuring sendmail on the file {{ic|/usr/share/sendmail-cf/README}}. | ||
Line 61: | Line 69: | ||
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf | # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf | ||
===local-host-names=== | === local-host-names === | ||
Put your domains on the {{ic|local-host-names}} file: | Put your domains on the {{ic|local-host-names}} file: | ||
{{hc|/etc/mail/local-host-names| | {{hc|/etc/mail/local-host-names| | ||
Line 72: | Line 81: | ||
Make sure the domains are also resolved by your {{ic|/etc/hosts}} file. | Make sure the domains are also resolved by your {{ic|/etc/hosts}} file. | ||
===access.db=== | === access.db === | ||
Create the file {{ic|/etc/mail/access}} and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on {{ic|10.5.0.0/24}}, and you want to relay mails from any ip in that range: | Create the file {{ic|/etc/mail/access}} and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on {{ic|10.5.0.0/24}}, and you want to relay mails from any ip in that range: | ||
{{hc|/etc/mail/access| | {{hc|/etc/mail/access| | ||
Line 82: | Line 92: | ||
# makemap hash /etc/mail/access.db < /etc/mail/access | # makemap hash /etc/mail/access.db < /etc/mail/access | ||
===aliases.db=== | === aliases.db === | ||
Edit the file {{ic|/etc/mail/aliases}} and uncomment the line {{ic|#root: human being here}} and change it to be like this: | Edit the file {{ic|/etc/mail/aliases}} and uncomment the line {{ic|#root: human being here}} and change it to be like this: | ||
{{ | |||
{{hc|/etc/mail/aliases| | |||
root: your-username | |||
}} | |||
You can add aliases for your usernames there, like: | You can add aliases for your usernames there, like: | ||
{{ | |||
somedude: your-username}} | {{hc|/etc/mail/aliases| | ||
coolguy: your-username | |||
somedude: your-username | |||
}} | |||
Then process it with | Then process it with | ||
# newaliases | # newaliases | ||
===virtusertable.db=== | === virtusertable.db === | ||
Create your {{ic|virtusertable}} file and put there aliases that includes domains (useful if your server is hosting several domains) | Create your {{ic|virtusertable}} file and put there aliases that includes domains (useful if your server is hosting several domains) | ||
{{hc|/etc/mail/virtusertable| | {{hc|/etc/mail/virtusertable| | ||
your-username@your-domain.com your-username | your-username@your-domain.com your-username | ||
joe@my-other. | joe@my-other.tld joenobody | ||
}} | }} | ||
Line 104: | Line 123: | ||
=== Start on boot === | === Start on boot === | ||
Enable | |||
[[Enable/start]] the following units. | |||
* {{ic|saslauthd.service}} | * {{ic|saslauthd.service}} | ||
* {{ic|sendmail.service}} | * {{ic|sendmail.service}} | ||
Line 110: | Line 131: | ||
=== SASL authentication === | === SASL authentication === | ||
Add a user to the SASL database for SMTP authentication. | Add a user to the SASL database for SMTP authentication. | ||
# saslpasswd2 -c your-username | # saslpasswd2 -c your-username | ||
== Tips and tricks == | == Tips and tricks == | ||
=== Forward all the mail of one domain to certain user === | === Forward all the mail of one domain to certain user === | ||
Do not forget to process it again with | To forward all mail addressed to any user in the '''my-other.tld''' domain to '''your-username@your-domain.com''': | ||
{{hc|/etc/mail/virtusertable| | |||
@my-other.tld your-username@your-domain.com | |||
}} | |||
Do not forget to process it again with | |||
# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable | # makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable |
Latest revision as of 11:56, 7 March 2023
Sendmail is the classic mail transfer agent from the Unix world. This article builds upon Mail server.
The goal of this article is to setup Sendmail for local user accounts, without using MySQL or other databases, and also allowing the creation of mail-only accounts.
Installation
Install the sendmailAUR, procmailAUR and m4 packages.
Adding users
Create a Linux user for each user that wants to receive email at username@your-domain.com. To add mail-only accounts, that is, users who can get email, but cannot have shell access or login on X, you can add them like this:
# useradd -m -s /usr/bin/nologin username
Configuration
Obtain TLS certificate
To obtain a certificate, see OpenSSL#Usage.
sendmail.cf
Create the file /etc/mail/sendmail.mc
.
You can read all the options for configuring sendmail on the file /usr/share/sendmail-cf/README
.
Here is an example using auth over TLS. The example has comments explaing how it works. The comments start with dnl
.
/etc/mail/sendmail.mc
include(`/usr/share/sendmail-cf/m4/cf.m4') define(`confDOMAIN_NAME', `your-domain.com')dnl FEATURE(use_cw_file) dnl The following allows relaying if the user authenticates, dnl and disallows plaintext authentication (PLAIN/LOGIN) on dnl non-TLS links: define(`confAUTH_OPTIONS', `A p y')dnl dnl dnl Accept PLAIN and LOGIN authentications: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl dnl dnl Make sure this paths correctly point to your SSL cert files: define(`confCACERT_PATH',`/etc/ssl/certs') define(`confCACERT',`/etc/ssl/cacert.pem') define(`confSERVER_CERT',`/etc/ssl/certs/server.crt') define(`confSERVER_KEY',`/etc/ssl/private/server.key') dnl FEATURE(`virtusertable', `hash /etc/mail/virtusertable.db')dnl OSTYPE(linux)dnl MAILER(local)dnl MAILER(smtp)dnl
Then process it with
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
local-host-names
Put your domains on the local-host-names
file:
/etc/mail/local-host-names
localhost your-domain.com mail.your-domain.com localhost.localdomain
Make sure the domains are also resolved by your /etc/hosts
file.
access.db
Create the file /etc/mail/access
and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on 10.5.0.0/24
, and you want to relay mails from any ip in that range:
/etc/mail/access
10.5.0 RELAY 127.0.0 RELAY
Then process it with
# makemap hash /etc/mail/access.db < /etc/mail/access
aliases.db
Edit the file /etc/mail/aliases
and uncomment the line #root: human being here
and change it to be like this:
/etc/mail/aliases
root: your-username
You can add aliases for your usernames there, like:
/etc/mail/aliases
coolguy: your-username somedude: your-username
Then process it with
# newaliases
virtusertable.db
Create your virtusertable
file and put there aliases that includes domains (useful if your server is hosting several domains)
/etc/mail/virtusertable
your-username@your-domain.com your-username joe@my-other.tld joenobody
Then process it with
# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
Start on boot
Enable/start the following units.
saslauthd.service
sendmail.service
sm-client.service
SASL authentication
Add a user to the SASL database for SMTP authentication.
# saslpasswd2 -c your-username
Tips and tricks
Forward all the mail of one domain to certain user
To forward all mail addressed to any user in the my-other.tld domain to your-username@your-domain.com:
/etc/mail/virtusertable
@my-other.tld your-username@your-domain.com
Do not forget to process it again with
# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable