Last revised: May 1, 2002
Sendmail has the reputation of having the most hideous configuration file in the history of mankind. It's extremely long and incredibly cryptic. However, it is this very complexity that has made it the most popular MTA (Mail Transport Agent) on the Internet. Its' flexibility allows sendmail to handle the most demanding, disjointed mail routing and serving configurations you can dream up.
The sendmail that's distributed freely is coordinated by the folks at the www.sendmail.org Web site. Downloads, extensive FAQs, and documentation, including Solaris-specific information, are available. It has a big-brother commercial version that's developed and supported by Sendmail, Inc. (www.sendmail.org). While Sendmail, Inc. is a commercial venture, it should be noted that they commit several of their employees to aid in the development of the freely-distributed little brother.
A mail server runs two e-mail related server applications. An MTA daemon and a POP daemon. It also has a sub-directory for each mail user which serves as the mailboxes for storing received messages.
An MTA (Mail Transport Agent) is a server-based service that routes mail messages between itself and other MTA servers. It also routes mail that comes in from mail clients (users) that are sending messages. It does this using SMTP (Simple Mail Transport Protocol).
POP (Post Office Protocol) is a server-based service that allows a user to retrieve their e-mail from their mailbox sub-directory on the server using a mail reader client. POP is used by "remote" clients (i.e. other systems) to communicate over the wire with the mail server.
Note that sendmail has NOTHING to do with the POP process. An MTA conerns itself with sending outgoing messages on their way and taking received messages and putting them into the mailbox sub-directories on the server. Once they're there the MTA's job is done. It's up to you to use POP to get at them.
The sendmail that is installed during the Solaris OS installation is pretty much ready to go. There are just a couple small changes that need to be made which we'll do below using a text editor. However, if you ever want to get into some serious sendmail configurations you'll want to use sendmail's M4 macro processor for generating configuration files. We won't get into M4 here. Just be aware that using a text editor make significant changes to an existing configuration file is normally not done. As a matter of fact, the folks at www.sendmail.org told me they don't support modifying the sendmail configuration files with a text editor at all. You can refer to the /usr/lib/mail/README file for more information.
Sendmail starts automatically when you boot your system. It's set up to allow for e-mailing between various machines on a local network. You can even send mail between different user accounts on the same machine just by entering a user's login ID in the "To:" field. You can verify that sendmail is running by looking for it in the list of currently-running processes using the command:
ps -A | more
The only thing you need to do to turn your system into a serious Internet e-mail server (other than hardening the OS for tight security) is set up an MX (Mail Exchange) DNS record to point to the public IP address assigned to your system's network interface. (Your ISP will usually host your DNS records on their DNS server for a small fee.) You don't have to bother with that if you just want to play around with Internet e-mail serving, but we'll get to that in a bit.
To set up sendmail to work with your domain (even a made-up domain), make the following changes to the sendmail configuration files:
Sendmail only reads the configuration files when it starts up so you'll need to restart it using the following two commands:
So now lets take it for a spin. We're assuming here that you've got our system connected to a network that has access to the Internet. The IP address in your /etc/defaultrouter file should be that of the gateway that leads to the Internet.
Even if this isn't a "real" Internet mail server you can try this. You need to have a bogus domain name entered in your network configuration files though. Make sure it's a domain name that hasn't been registered. If this is going to be a production Internet mail server be sure to harden the OS, services, etc. to prevent crackers from having a party on your system. You'll also want to check the "anti-relaying" articles on www.sendmail.org to help ensure that spammers don't use your server as a relay.
Simply log in to the system as a non-root user, open the Mail program, and send an e-mail to someone. If you're using a bogus domain name you'll have to pick a recipient that doesn't receive their mail via an ISP. That's because most ISP's will DNS the domains of incoming mail as an anti-spam measure. If the domain name in the "From:" field of an incoming message doesn't DNS, the mail will get dropped. Most school districts, universities, local governments and some mid-size companies have their own e-mail servers but don't bother to DNS incoming mail so try recipients at these types of organizations.
In the body of the message ask the recipient to forward the message onto your legitimate e-mail address so you can get a look at it. If you're using a bogus domain name you may also want to put a note in there to not reply to the message. If they did reply, it would just get bounced back to them because your bogus domain can't be found by whatever DNS server they are using. If the recipient does receive the message and they forward it back to you, look at the "From:" line of your original message. It should look like this:
with your legitimate or bogus domain name in place of the bigsunfan.com domain.
If you run into a problem where your network clients are having problems using their MUAs to send e-mail, you can pretend to be an e-mail client by using telnet to issue SMTP commands to the e-mail server. You can use any computer on the same local network to run telnet and connect to port 25 (that's the port SMTP listens on) on the server to issue the commands. The telnet program that comes with Windows 9x/NT won't let you specify a port for a telnet connection so you'll need to use another Linux/Unix system or Windows 2000 (or download a better telnet program for 9x/NT). Using 192.168.1.10 as an example address for the server, start the telnet program and enter:
open 192.168.1.10 25
If you don't have access to another Linux/Unix or Windows 2000 system to try this, you can get on the server system itself and enter:
telnet localhost 25
However, running telnet on the local server system won't tell you if you have a network connection problem with the e-mail server.
Note: If sendmail takes a long time to respond to commands, check to make sure your server can "see" the Internet, either via a mdoem or default gateway. For some reason, sendmail is very slow to respond to commands when there is no pathway to the Internet, even if the commands don't involve entering domain names (which could result in DNS queries).
In the following example, the lines in bold are the commands you enter to pretend you're a mail client sending an e-mail message through the server. The lines in italics are the responses you should see from your server. After you connect via telnet the server will respond and wait for your commands. Note that with some telnet programs you may not see your commands echoed when you type them.
(telnet connection established) 220 solarisi.bigsunfan.com ESMTP Sendmail 8.10.2+Sun/8.10.2; Fri, 26 Apr 2002 20:34:10 -0500 (CDT) helo bigsunfan.com 250 solarisi.bigsunfan.com Hello debian2 [192.168.10.40], pleased to meet you mail from: firstname.lastname@example.org 250 2.1.0 email@example.com... Sender OK rctp to: firstname.lastname@example.org 250 2.1.5 email@example.com... Recipient OK data 354 Enter mail, end with "." on a line by itself This is a test mail message sent to root . 250 2.0.0 g35R498Q270058 Message accepted for delivery quit 220 2.0.0 firstname.lastname@example.org closing connection
In the above example we were sending mail from a non-root user to the root user in the same domain (but on different systems). If you tried to use a rcpt to: address that was not in the same domain you'd likely get a relaying denied error.
Sendmail is constantly being updated to make it more secure and harder for spammers to use. Upgrading is no walk in the park, but if you're the adventurous type yo can get the latest release from the www.sendmail.org Web site. Be sure you fully understand the process before you attempt an upgrade. Making a full backup before you start wouldn't hurt either. You can tell which version of sendmail you're currently running by looking at the initial connection response when you telnet in, or by using the following command at a shell prompt:
echo \$Z | /usr/lib/sendmail -bt -d0
Note that sendmail can do virtual hosting of multiple domains just as the Apache Web server software does. However, the setup is somewhat more sophisticated and is beyond the scope of this document.
Note that SMTP has many more commands than just those shown above and some of them (VRFY, EXPN, etc.) can be used by spammers and hackers. Setting up a secure Internet mail server involves not only hardenng the OS, but appropriately configuring the protocols and the Sendmail application itself also.
Copyright © 2002 by Keith Parkansky. All rights reserved.
Thanks to Keith Parkansky for his contribution and maintenance of the article.