Andrew Hudson - Fedora™ Unleashed, 2008 edition

After you have made all your changes to sendmail.mc, you have to rebuild the sendmail.cffile. First, back up your old file:

# cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old

You must run sendmail.mcthrough the m4macro processor to generate a useable configuration file. A command, such as the following, is used to do this:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

This command loads the cf.m4macro file from /usr/share/sendmail-cf/m4/cf.m4and then uses it to process the sendmail.mcfile. The output, normally sent to STDOUT, is then redirected to the file sendmail.cf, and your new configuration file is ready. You have to restart Sendmail before the changes take effect.

Fedora also provides an alternative to using awkto rebuild the Sendmail configuration. As root, execute the following:

# make -C /etc/mail

By default, Sendmail does not relay mail that did not originate from the local domain. This means that if a Sendmail installation running at hudson. orgreceives mail intended for hudzilla.com, and that mail did not originate from hudson. org, the mail is rejected and not relayed. If you want to allow selected domains to relay through you, add an entry for the domain to the file /etc/mail/relay-domains. If the file does not exist, create it in your favorite text editor and add a line containing the name of the domain that you want to allow to relay through you. Sendmail has to be restarted for this change to take effect.

You need a very good reason to relay mail; otherwise, do not do it. Allowing all domains to relay through you makes you a magnet for spammers who want to use your mail server to send spam. This could lead to your site being blacklisted by many other sites, which then will not accept any mail from you or your site's users — even if the mail is legitimate!

Aliases enable you to have an infinite number of valid recipient addresses on your system, without having to worry about creating accounts or other support files for each address. For example, most systems have postmasterdefined as a valid recipient, yet do not have an actual login account named postmaster. Aliases are configured in the file /etc/aliases.Here is an example of an alias entry:

postmaster: root

This entry forwards any mail received for postmasterto the root user. By default, almost all the aliases listed in the /etc/aliasesfile forward to root.

Reading email as rootis a security hazard; a malicious email message can exploit an email client and cause it to execute arbitrary code as the user running the client. To avoid this danger, you can forward all of root's mail to another account and read it from there. You can choose one of two ways for doing this.

You can add an entry to the /etc/mail/aliasesfile that sends root's mail to a different account. For example, root: foobarwould forward all mail intended for rootto the account foobar.

The other way is to create a file named .forwardin root's home directory that contains the address to which the mail should forward.

Any time you make a change to the /etc/mail/aliasesfile, you have to rebuild the aliases database before that change takes effect. This is done with the following:

# newaliases

You read earlier in this chapter that you must be careful with mail relaying to avoid becoming a spam magnet. But what do you do if you are having problems with a certain site sending you spam? You can use the /etc/mail/accessfile to automatically reject mail from certain sites.

You can use several rules in the access file. Table 21.1 lists these rules.

TABLE 21.1 The Various Possible Options for Access Rules

The following is an example of three rules used to control access to a Sendmail account. The first rejects messages from spam.com. The second rejects messages from lamer.comand displays an error message to that site. The third allows mail from the specific host user5.lamer.com, even though there is a rule that rejects mail from the site lamer.com.

For a more personal example of why you would bother to do this, I find that I get a lot of spam from the Hotmail domain, so I would just as soon reject it all. However, my wife uses a Hotmail account for her mail. If I did not allow her mail through, that would be a problem for me.

spam.com REJECT

lamer.com ERROR: "550 Mail from spammers is not accepted at this site."

user5.lamer.com OK

Open the /etc/accessfile, enter the rules of your choice, and then restart Sendmail so that your changes to the access file take effect. That can be done with

# service sendmail restart

or any of the other ways discussed in Chapter 11, "Automating Tasks."

Sendmail has been the de facto MTA of choice for the Internet for a long time. At one point, it was the power behind 90% of the email traffic across the world, although it has now become largely superseded by worthier programs.

One of the more popular programs that have become available is Postfix, which was developed and is exclusively maintained by Wietse Venema. Designed to be a drop-in replacement for Sendmail, Postfix allows the system administrator to replace Sendmail without any detriment to the system.

Postfix was designed from the ground up to retain compatibility with Sendmail but to work in a more efficient fashion. Sendmail is notoriously system intensive when handling either large volumes of mail or large numbers of clients. One command pretty much handles everything, making Sendmail something of a monolith. On the other hand, Postfix works with several individual modules all working together, using modules only when needed.

Postfix is easy to install and configure. The first thing to do is to make a backup of all your Sendmail information that you want to keep, just in case. After you have done this, you need to use yumto remove Sendmailand install Postfix.

After Postfix has been successfully installed, you can begin configuring it. The scripts for Postfix are all located in /etc/postfixand include

► install.cf — The script generated when Postfix is installed. This file lists the locations Postfix uses and can be a big help when working with the main.cffile.