Sendmail Notes

These notes are intended to detail the set up of: These all use the default sendmail that comes with Fedora Linux.

Main Mail Server (Mail Hub) Configuration

This server is the main mail hub for the domain guyton.net, and all mail outbound from any machine in the guyton.net network (ie saturn.guyton.net) should be rewritten (masqueraded) so as to appear to come from guyton.net. Additionally, several other domains may send mail from this server - those should not be masqueraded.

First, edit /etc/mail/sendmail.mc:

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST', `mailhost.houston.rr.com')dnl  Our ISP or other host that can send mail to the Internet
define(`confDEF_USER_ID',``8:12'')dnl  User "mail", group "mail"
define(`confTO_CONNECT', `1m')dnl      Timeout waiting for an initial connect() to complete
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl  We don't care about different configs for different interfaces
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl  This is used by local_procmail, below
define(`ALIAS_FILE', `/etc/aliases')dnl      Can be multivalued sep by comma, all in one quote set
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl  Restrict what functions the public interface will do
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/mail.guyton.net.pem')  TLS Support
define(`confSERVER_KEY',`/usr/share/ssl/certs/mail.guyton.net.key')
define(`confTO_QUEUEWARN', `4h')dnl    Time to warn sender of delivery problems, default 4 hours
define(`confTO_QUEUERETURN', `5d')dnl  Time to notify sender that mail failed, default 5 days
define(`confQUEUE_LA', `12')dnl        Load level where mail is queued only and sending is deferred, default 8 * num processors
define(`confREFUSE_LA', `18')dnl       Load level where mail is not accepted, default 12 * num processors
define(`confMAX_DAEMON_CHILDREN', 18)dnl	Prevent DOS,etc - limit number of processes sendmail will fork.  Past this, sendmail refuses to accept connctions.  Useful if the server does more than just house mail.
define(`confCONNECTION_RATE_THROTTLE', 6)dnl	Prevent DOS - limit the number of new connections per second
define(`confTO_IDENT', `0')dnl         Timeout waiting for a response to an IDENT query
FEATURE(`no_default_msa',`dnl')dnl     Don't generate an MSA daemon (in conjunction with DAEMON OPTIONS)
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl  sendmail restricted shell; security
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl   Used to override routing for particular domains
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl  Allows domain-specific aliasing
FEATURE(redirect)dnl                   Enable .REDIRECT in aliases file
FEATURE(always_add_domain)dnl          Not necessary, but clean
FEATURE(use_cw_file)dnl                Use /etc/mail/local-host-names file
FEATURE(use_ct_file)dnl                Use /etc/mail/trusted-users for those that can set envelope address using -f without generating a warning
FEATURE(relay_entire_domain)dnl        
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl  Use procmail as the local mailer
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl  Ability to refuse or accept mail from specified domains
FEATURE(`blacklist_recipients')dnl     Ability to block incoming mail for certain recipient usernames, hostnames, or addresses, ie news@guyton.net
FEATURE(`dnsbl', `relays.ordb.org',`"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl  
EXPOSED_USER(`root')dnl                Do not masquerade mail from this user
DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl  Port to run the daemon on
LOCAL_DOMAIN(`localhost.localdomain')dnl Accept email sent to "localhost.localdomain" as local email.
MASQUERADE_AS(`guyton.net')dnl         
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl   
MASQUERADE_EXCEPTION(`rentalorders.com')dnl        
MASQUERADE_EXCEPTION(`awesomemoonwalks.com')dnl
MASQUERADE_EXCEPTION(`awesomefacepainting.com')dnl
MASQUERADE_EXCEPTION(`novaffxi.com')dnl             
MAILER(smtp)dnl      These two should always come at the end of the file
MAILER(procmail)dnl  The local mailer is included automatically.
After making changes to this file, you will need to regenerate the /etc/mail/sendmail.cf file by performing a
make -C /etc/mail
and then
service sendmail restart

Client Mail Server Configurations

These servers should have all mail bound for them sent over to the mail hub instead. (Note that there may be problems if there are accounts receiving mail here that do not exist on the mail hub). Additionally, all outbound mail should be sent to the mail hub for further consideration and routing.
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`LOCAL_RELAY', `mail.guyton.net')dnl For unqualified names, ie: "apache"
define(`MAIL_HUB', `mail.guyton.net')dnl    For qualified name of the local host, ie: "apache@thishost.guyton.net"
define(`SMART_HOST', `mail.guyton.net')dnl  For qualified name of some other host, or IP addresses
define(`confDEF_USER_ID',``8:12'')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(use_ct_file)dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl  sendmail needs to be running to do the relay, but is specified here to listen to localhost only
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl

Redundant Relay Mail Server Configuration

The redundant mail server should be listed as a higher cost MX record in DNS:
<guytonw@sitescope5>/home/guytonw% nslookup
> set type=mx
> guyton.net
Server:         205.174.7.248
Address:        205.174.7.248#53

guyton.net      mail exchanger = 10 mail.guyton.net.
guyton.net      mail exchanger = 20 mail2.guyton.net.
In this case, mail.guyton.net is the mail hub, and mail2.guyton.net is the backup mail server that will accept mail bound for guyton.net in the event that the mail.guyton.net is unreachable. mail2 is merely configured to relay mail for guyton.net. There are explicit ways to define the relaying rules, but fortunately sendmail makes it easy to do so in a scalable way:
  FEATURE(`relay_based_on_MX')dnl
This tells sendmail to allow relaying for any domain that lists the relay server in its MX records. One caveat: IF the name mail2.guyton.net is not the name of the server (ie: the name the server knows itself as), then sendmail will not realize that it is the second MX host and will try to forward to itself after failing to reach the first host, and you will get the error, "mail loops back to itself". To fix this, put the mx hostname in /etc/mail/local-host-names. Once this is done, if mail.guyton.net goes down, mail will start to queue up in /var/spool/mqueue on mail2 until mail.guyton.net comes back, and then will be automatically delivered.

To explicitly relay domains instead of using the feature above, you can use the file /etc/mail/??...? not sure

To allow specific clients to relay mail through this server, you can use /etc/mail/relay-domains. Q: Can you use wildcards? No, but unless you used FEATURE(relay_hosts_only) then it will relay for any host name that ends in an entry in this file; same for IP subset.

Additional Settings

I have not researched how to set these up with sendmail.mc, but you should probably put these in sendmail.cf and restart sendmail...