Sendmail: Difference between revisions

From ArchWiki
VisualWikitext
(remove vague history; mention Postfix instead)
 
(30 intermediate revisions by 13 users not shown)
Line 1: Line 1:
[[Category:Mail server]]
[[Category:Mail server]]
[[es:Sendmail]]
[[ja:Sendmail]]
[[ja:Sendmail]]
[[zh-CN:Sendmail]]
[[zh-hans:Sendmail]]
Sendmail is the classic SMTP server from the unix world. Arch Linux provides the alternative [[Postfix]] in the [[official repositories]].
{{Related articles start}}
{{Related|Mail server}}
{{Related articles end}}


The goal of this article is to setup Sendmail for local users accounts, '''without using mysql or other database''', and allowing also the creation of ''mail-only accounts''.
[[Wikipedia:Sendmail|Sendmail]] is the classic [[mail transfer agent]] from the Unix world. This article builds upon [[Mail server]].


This article only explains the required steps configuring Sendmail; after that, you probably want to add IMAP and POP3 access, so you could follow the [[Dovecot]] article.
The goal of this article is to setup Sendmail for local user accounts, without using MySQL or other databases, and also allowing the creation of ''mail-only accounts''.


==Installation==
== Installation ==
[[Install]] the {{AUR|sendmail}}, {{Pkg|procmail}} and {{Pkg|m4}} packages.


==DNS Records==
{{Accuracy|sendmail can be used with other MDAs than procmail.|Talk:Sendmail#MDA_compatibility}}
You should have a domain, and edit your MX records to point your server. Remember some servers have problems with MX records pointing to CNAMEs, so your MX should point to an A record instead.


==Adding users==
[[Install]] the {{AUR|sendmail}}, {{AUR|procmail}} and {{Pkg|m4}} packages.
Create a [[Users and groups|Linux user]] for each user that wants to receive email at ''username@your-domain.com''. To add ''mail-only accounts'', that is, users who can get email, but can't have shell access or login on X, you can add them like this:
 
== Adding users ==
 
Create a [[Users and groups|Linux user]] for each user that wants to receive email at ''username@your-domain.com''. To add ''mail-only accounts'', that is, users who can get email, but cannot have shell access or login on X, you can add them like this:
  # useradd -m -s /usr/bin/nologin ''username''
  # useradd -m -s /usr/bin/nologin ''username''


==Configuration==
== Configuration ==
=== Create SSL certs ===
 
=== Obtain TLS certificate ===
 
{{Warning|If you deploy [[Wikipedia:TLS|TLS]], be sure to follow [https://weakdh.org/sysadmin.html weakdh.org's guide] and [https://disablessl3.com/ disable SSLv3] to prevent vulnerabilities. For more information see [[Server-side TLS]].}}


{{Warning|If you plan on implementing SSL/TLS, know that some variations and implementations are [https://weakdh.org/#affected still] [[wikipedia:Transport_Layer_Security#Attacks_against_TLS.2FSSL|vulnerable to attack]]. For details on these current vulnerabilities within SSL/TLS and how to apply appropriate changes to Sendmail, visit http://disablessl3.com/ and https://weakdh.org/sysadmin.html}}
To obtain a certificate, see [[OpenSSL#Usage]].


Generate a key and obtain a certificate. See [[OpenSSL#Self-signed certificate]] for private use or [[Let's Encrypt]] for a free publicly-trusted certificate.
=== sendmail.cf ===
 
{{Accuracy|Are those quotes correct and those end-of-line {{ic|dnl}} statements necessary?}}


===sendmail.cf===
Create the file {{ic|/etc/mail/sendmail.mc}}.  
Create the file {{ic|/etc/mail/sendmail.mc}}.  
You can read all the options for configuring sendmail on the file {{ic|/usr/share/sendmail-cf/README}}.
You can read all the options for configuring sendmail on the file {{ic|/usr/share/sendmail-cf/README}}.
Line 61: Line 69:
  # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf


===local-host-names===
=== local-host-names ===
 
Put your domains on the {{ic|local-host-names}} file:
Put your domains on the {{ic|local-host-names}} file:
{{hc|/etc/mail/local-host-names|
{{hc|/etc/mail/local-host-names|
Line 72: Line 81:
Make sure the domains are also resolved by your {{ic|/etc/hosts}} file.
Make sure the domains are also resolved by your {{ic|/etc/hosts}} file.


===access.db===
=== access.db ===
 
Create the file {{ic|/etc/mail/access}}  and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on {{ic|10.5.0.0/24}}, and you want to relay mails from any ip in that range:
Create the file {{ic|/etc/mail/access}}  and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on {{ic|10.5.0.0/24}}, and you want to relay mails from any ip in that range:
{{hc|/etc/mail/access|
{{hc|/etc/mail/access|
Line 82: Line 92:
  # makemap hash /etc/mail/access.db < /etc/mail/access
  # makemap hash /etc/mail/access.db < /etc/mail/access


===aliases.db===
=== aliases.db ===
 
Edit the file {{ic|/etc/mail/aliases}}  and  uncomment the line {{ic|#root:        human being here}} and change it to be like this:
Edit the file {{ic|/etc/mail/aliases}}  and  uncomment the line {{ic|#root:        human being here}} and change it to be like this:
{{bc|root:        your-username}}
 
{{hc|/etc/mail/aliases|
root:        your-username
}}


You can add aliases for your usernames there, like:
You can add aliases for your usernames there, like:
{{bc|coolguy:      your-username
 
somedude:    your-username}}
{{hc|/etc/mail/aliases|
coolguy:      your-username
somedude:    your-username
}}


Then process it with
Then process it with
  # newaliases
  # newaliases


===virtusertable.db===
=== virtusertable.db ===
 
Create your {{ic|virtusertable}} file and put there aliases that includes domains (useful if your server is hosting several domains)
Create your {{ic|virtusertable}} file and put there aliases that includes domains (useful if your server is hosting several domains)
{{hc|/etc/mail/virtusertable|
{{hc|/etc/mail/virtusertable|
your-username@your-domain.com        your-username
your-username@your-domain.com        your-username
joe@my-other.tk                      joenobody
joe@my-other.tld                      joenobody
}}
}}


Line 104: Line 123:


=== Start on boot ===
=== Start on boot ===
Enable and start the following services. Read [[Daemons]] for more datails.
 
[[Enable/start]] the following units.
 
* {{ic|saslauthd.service}}
* {{ic|saslauthd.service}}
* {{ic|sendmail.service}}
* {{ic|sendmail.service}}
Line 110: Line 131:


=== SASL authentication ===
=== SASL authentication ===
Add a user to the SASL database for SMTP authentication.
Add a user to the SASL database for SMTP authentication.
  # saslpasswd2 -c your-username
  # saslpasswd2 -c your-username


== Tips and tricks ==
== Tips and tricks ==
=== Forward all the mail of one domain to certain user ===
=== Forward all the mail of one domain to certain user ===
To forward all mail addressed to any user in the '''my-other.tk''' domain to '''your-username@your-domain.com''', add to the {{ic|/etc/mail/virtusertable}} file:
{{bc|@my-other.tk        your-username@your-domain.com}}


Do not forget to process it again with  
To forward all mail addressed to any user in the '''my-other.tld''' domain to '''your-username@your-domain.com''':
 
{{hc|/etc/mail/virtusertable|
@my-other.tld        your-username@your-domain.com
}}
 
Do not forget to process it again with
 
  # makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
  # makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

Latest revision as of 11:56, 7 March 2023

Related articles

Sendmail is the classic mail transfer agent from the Unix world. This article builds upon Mail server.

The goal of this article is to setup Sendmail for local user accounts, without using MySQL or other databases, and also allowing the creation of mail-only accounts.

Installation

The factual accuracy of this article or section is disputed.

Reason: sendmail can be used with other MDAs than procmail. (Discuss in Talk:Sendmail#MDA_compatibility)

Install the sendmailAUR, procmailAUR and m4 packages.

Adding users

Create a Linux user for each user that wants to receive email at username@your-domain.com. To add mail-only accounts, that is, users who can get email, but cannot have shell access or login on X, you can add them like this: 

# useradd -m -s /usr/bin/nologin username

Configuration

Obtain TLS certificate

Warning: If you deploy TLS, be sure to follow weakdh.org's guide and disable SSLv3 to prevent vulnerabilities. For more information see Server-side TLS.

To obtain a certificate, see OpenSSL#Usage.

sendmail.cf

The factual accuracy of this article or section is disputed.

Reason: Are those quotes correct and those end-of-line dnl statements necessary? (Discuss in Talk:Sendmail)

Create the file /etc/mail/sendmail.mc. You can read all the options for configuring sendmail on the file /usr/share/sendmail-cf/README.

Warning: If you create your own sendmail.mc file, remember that plaintext auth over non-TLS is very risky. Using the following example forces TLS and is therefore more safe unless you know what are you doing

Here is an example using auth over TLS. The example has comments explaing how it works. The comments start with dnl . 

/etc/mail/sendmail.mc
include(`/usr/share/sendmail-cf/m4/cf.m4')
define(`confDOMAIN_NAME', `your-domain.com')dnl
FEATURE(use_cw_file)
dnl  The following allows relaying if the user authenticates,
dnl  and disallows plaintext authentication (PLAIN/LOGIN) on
dnl  non-TLS links:
define(`confAUTH_OPTIONS', `A p y')dnl
dnl
dnl  Accept PLAIN and LOGIN authentications:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
dnl
dnl Make sure this paths correctly point to your SSL cert files:
define(`confCACERT_PATH',`/etc/ssl/certs')
define(`confCACERT',`/etc/ssl/cacert.pem')
define(`confSERVER_CERT',`/etc/ssl/certs/server.crt')
define(`confSERVER_KEY',`/etc/ssl/private/server.key')
dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable.db')dnl
OSTYPE(linux)dnl
MAILER(local)dnl
MAILER(smtp)dnl

Then process it with 

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

local-host-names

Put your domains on the local-host-names file: 

/etc/mail/local-host-names
localhost
your-domain.com
mail.your-domain.com
localhost.localdomain

Make sure the domains are also resolved by your /etc/hosts file.

access.db

Create the file /etc/mail/access and put there the base addresses where you want to be able to relay mail. Lets suppose you have a vpn on 10.5.0.0/24, and you want to relay mails from any ip in that range: 

/etc/mail/access
10.5.0 RELAY
127.0.0 RELAY

Then process it with 

# makemap hash /etc/mail/access.db < /etc/mail/access

aliases.db

Edit the file /etc/mail/aliases and uncomment the line #root: human being here and change it to be like this: 

/etc/mail/aliases
root:         your-username

You can add aliases for your usernames there, like: 

/etc/mail/aliases
coolguy:      your-username
somedude:     your-username

Then process it with 

# newaliases

virtusertable.db

Create your virtusertable file and put there aliases that includes domains (useful if your server is hosting several domains) 

/etc/mail/virtusertable
your-username@your-domain.com         your-username
joe@my-other.tld                      joenobody

Then process it with 

# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

Start on boot

Enable/start the following units.

  • saslauthd.service
  • sendmail.service
  • sm-client.service

SASL authentication

Add a user to the SASL database for SMTP authentication. 

# saslpasswd2 -c your-username

Tips and tricks

Forward all the mail of one domain to certain user

To forward all mail addressed to any user in the my-other.tld domain to your-username@your-domain.com: 

/etc/mail/virtusertable
@my-other.tld        your-username@your-domain.com

Do not forget to process it again with 

# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable
Retrieved from "https://wiki.archlinux.org/index.php?title=Sendmail&oldid=771502"