sendmail Cookbook

Summary

More often than not, the words "sendmail configuration" strike dread in the hearts of sendmail and system administrators--and not without reason. sendmail configuration languages are as complex as any other programming languages, but used much more infrequently--only when sendmail is installed or configured. The average system administrator doesn't get enough practice to truly master this inscrutable technology.

Fortunately, there's help. The sendmail Cookbook provides step-by-step solutions for the administrator who needs to solve configuration problems fast. Say you need to configure sendmail to relay mail for your clients without creating an open relay that will be abused by spammers. A recipe in the Cookbook shows you how to do just that. No more wading through pages of dense documentation and tutorials and creating your own custom solution--just go directly to the recipe that addresses your specific problem.

Each recipe in the sendmail Cookbook outlines a configuration problem, presents the configuration code that solves that problem, and then explains the code in detail. The discussion of the code is critical because it provides the insight you need to tweak the code for your own circumstances.

The sendmail Cookbook begins with an overview of the configuration languages, offering a quick how-to for downloading and compiling the sendmail distribution. Next, you'll find a baseline configuration recipe upon which many of the subsequent configurations, or recipes, in the book are based. Recipes in the following chapters stand on their own and offer solutions for properly configuring important sendmail functions such as:

• Delivering and forwarding mail
  
• Relaying
  
• Masquerading
  
• Routing mail
  
• Controlling spam
  
• Strong authentication
  
• Securing the mail transport
  
• Managing the queue
  
• Securing sendmail

sendmail Cookbook is more than just a new approach to discussing sendmail configuration. The book also provides lots of new material that doesn't get much coverage elsewhere--STARTTLS and AUTH are given entire chapters, and LDAP is covered in recipes throughout the book. But most of all, this book is about saving time--something that most system administrators have in short supply. Pick up the sendmail Cookbook and say good-bye to sendmail dread.   

Table of Contents

Preface

1. Getting Started

      1.1 Downloading the Latest Release 

      1.2 Installing sendmail 

      1.3 Compiling sendmail to Use LDAP 

      1.4 Adding the regex Map Type to sendmail 

      1.5 Compiling sendmail with SASL Support 

      1.6 Compiling sendmail with STARTTLS Support 

      1.7 Compiling in STARTTLS File Paths 

      1.8 Building a sendmail Configuration 

      1.9 Testing a New Configuration 

      1.10 Logging sendmail 

2. Delivery and Forwarding

      2.1 Accepting Mail for Other Hosts 

      2.2 Fixing the Alias0 Missing Map Error and Creating Simple Aliases 

      2.3 Reading Aliases via LDAP 

      2.4 Configuring Red Hat 7.3 to Read Aliases from a NIS Server 

      2.5 Configuring Solaris 8 to Read Aliases from a NIS Server 

      2.6 Forwarding to an External Address 

      2.7 Creating Mailing Lists 

      2.8 Migrating Ex-Users to New Addresses 

      2.9 Delivering Mail to a Program 

      2.10 Using Program Names in Mailing Lists 

      2.11 Allowing Nonlogin Users to Forward to Programs 

      2.12 Fixing a .forward Loop 

      2.13 Enabling the User Database 

3. Relaying

      3.1 Passing All Mail to a Relay 

      3.2 Passing Outbound Mail to a Relay 

      3.3 Passing Local Mail to a Mail Hub 

      3.4 Passing Apparently Local Mail to a Relay 

      3.5 Passing UUCP Mail to a Relay 

      3.6 Relaying Mail for All Hosts in a Domain 

      3.7 Relaying Mail for Individual Hosts 

      3.8 Configuring Relaying on a Mail Exchanger 

      3.9 Loading Class $=R via LDAP 

      3.10 Relaying Only Outbound Mail 

4. Masquerading

      4.1 Adding Domains to All Sender Addresses 

      4.2 Masquerading the Sender Hostname 

      4.3 Eliminating Masquerading for the Local Mailer 

      4.4 Forcing Masquerading of Local Mail 

      4.5 Masquerading Recipient Addresses 

      4.6 Masquerading at the Relay Host 

      4.7 Limiting Masquerading 

      4.8 Masquerading All Hosts in a Domain 

      4.9 Masquerading Most of the Hosts in a Domain 

      4.10 Masquerading the Envelope Address 

      4.11 Rewriting the From Address with the genericstable 

      4.12 Rewriting Sender Addresses for an Entire Domain

      4.13 Masquerading with LDAP 

      4.14 Reading the genericstable via LDAP 

5. Routing Mail

      5.1 Routing Mail to Special Purpose Mailers 

      5.2 Sending Error Messages from the mailertable 

      5.3 Disabling MX Processing to Avoid Loops 

      5.4 Routing Mail for Local Delivery 

      5.5 Reading the mailertable via LDAP 

      5.6 Routing Mail for Individual Virtual Hosts 

      5.7 Routing Mail for Entire Virtual Domains 

      5.8 Reading the virtusertable via LDAP 

      5.9 Routing Mail with LDAP 

      5.10 Using LDAP Routing with Masquerading 

6. Controlling Spam

      6.1 Blocking Spam with the access Database 

      6.2 Preventing Local Users from Replying to Spammers

      6.3 Reading the access Database via LDAP 

      6.4 Using a DNS Blackhole List Service 

      6.5 Building Your Own DNS Blackhole List 

      6.6 Whitelisting Blacklisted Sites 

      6.7 Filtering Local Mail with procmail 

      6.8 Filtering Outbound Mail with procmail 

      6.9 Invoking Special Header Processing 

      6.10 Using Regular Expressions in sendmail 

      6.11 Identifying Local Problem Users 

      6.12 Using MILTER 

      6.13 Bypassing Spam Checks 

      6.14 Enabling Spam Checks on a Per-User Basis 

7. Authenticating with AUTH

      7.1 Offering AUTH Authentication 

      7.2 Authenticating with AUTH 

      7.3 Storing AUTH Credentials in the authinfo File 

      7.4 Limiting Advertised Authentication Mechanisms 

      7.5 Using AUTH to Permit Relaying 

      7.6 Controlling the AUTH= Parameter 

      7.7 Avoiding Double Encryption 

      7.8 Requiring Authentication 

      7.9 Selectively Requiring Authentication 

8. Securing the Mail Transport

      8.1 Building a Private Certificate Authority 

      8.2 Creating a Certificate Request 

      8.3 Signing a Certificate Request 

      8.4 Configuring sendmail for STARTTLS 

      8.5 Relaying Based on the CA 

      8.6 Relaying Based on the Certificate Subject 

      8.7 Requiring Outbound Encryption 

      8.8 Requiring Inbound Encryption 

      8.9 Requiring a Verified Certificate 

      8.10 Requiring TLS for a Recipient 

      8.11 Refusing STARTTLS Service 

      8.12 Selectively Advertising STARTTLS 

      8.13 Requesting Client Certificates 

9. Managing the Queue

      9.1 Creating Multiple Queues 

      9.2 Using qf, df, and xf Subdirectories 

      9.3 Defining Queue Groups 

      9.4 Assigning Recipients to Specific Queues 

      9.5 Using Persistent Queue Runners 

      9.6 Using a Queue Server 

      9.7 Setting Protocol Timers 

10. Securing sendmail

      10.1 Limiting the Number of sendmail Servers 

      10.2 Limiting the Number of Network Accessible Servers 

      10.3 Updating to Close Security Holes 

      10.4 Patching to Close Security Holes 

      10.5 Disabling Delivery to Programs 

      10.6 Controlling Delivery to Programs 

      10.7 Disabling Delivery to Files 

      10.8 Bypassing User .forward Files 

      10.9 Controlling Delivery to Files 

      10.10 Running sendmail Non-Set-User-ID root 

      10.11 Setting a Safe Default User ID 

      10.12 Defining Trusted Users 

      10.13 Identifying the sendmail Administrator 

      10.14 Limiting the SMTP Command Set 

      10.15 Requiring a Valid HELO 

      10.16 Restricting Command-Line Options 

      10.17 Denying DoS Attacks 

Index

摘要

往往，「sendmail配置」這個詞會讓sendmail和系統管理員心生恐懼，並且不無道理。sendmail配置語言和其他編程語言一樣複雜，但使用頻率更低，只有在安裝或配置sendmail時才會用到。普通系統管理員很少有機會練習，無法真正掌握這種晦澀難懂的技術。

幸運的是，有了幫助。《sendmail Cookbook》為需要快速解決配置問題的管理員提供了逐步解決方案。假設你需要配置sendmail以為客戶轉發郵件，而不會創建被垃圾郵件發送者濫用的開放中繼。Cookbook中的一個配方就可以解決這個問題。不再需要翻閱密集的文檔和教程，也不需要自己創建自定義解決方案，只需直接找到解決你特定問題的配方。

《sendmail Cookbook》中的每個配方都概述了一個配置問題，提供解決該問題的配置代碼，然後詳細解釋代碼。對代碼的討論至關重要，因為它提供了你需要調整代碼以適應自己情況的洞察力。

《sendmail Cookbook》首先概述了配置語言，提供了一個快速指南，介紹如何下載和編譯sendmail發行版。接下來，你會找到一個基準配置配方，後續章節中的許多配置或配方都是基於此配方的。以下章節中的配方獨立存在，提供了正確配置重要sendmail功能的解決方案，例如：

• 傳遞和轉發郵件
  
  


• 中繼
  
  


• 偽裝
  
  


• 路由郵件
  
  


• 控制垃圾郵件
  
  


• 強制身份驗證
  
  


• 保護郵件傳輸
  
  


• 管理郵件隊列
  
  


• 保護sendmail

<《sendmail Cookbook》不僅是一種新的討論sendmail配置的方法。該書還提供了許多在其他地方很少涉及的新材料——STARTTLS和AUTH各有一整章，LDAP在整本書中都有涉及。但最重要的是，這本書節省時間——這是大多數系統管理員時間短缺的情況。拿起《sendmail Cookbook》，告別對sendmail的恐懼。   

目錄

前言

1. 入門

      1.1 下載最新版本

      1.2 安裝sendmail

      1.3 編譯sendmail以使用LDAP

      1.4 將regex映射類型添加到sendmail

      1.5 編譯支持SASL的sendmail

      1.6 編譯支持STARTTLS的sendmail

      1.7 編譯STARTTLS文件路徑

      1.8 構建sendmail配置

      1.9 測試新配置

      1.10 記錄sendmail

2. 傳遞和轉發

      2.1 接受其他主機的郵件

      2.2 修復Alias0缺失映射錯誤並創建簡單別名

      2.3 通過LDAP讀取別名

      2.4 配置Red Hat 7.3以讀取A```