Difference between revisions of "Sendmail"
(→How To Flush All Email Messages From The Sendmail Queue) |
|||
(12 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | == How To Flush All Email Messages From The Sendmail Queue == | + | == How To Flush Out All Email Messages From The Sendmail Queue == |
− | Sometimes email messages can be <u>queued</u> <u>up</u> with the Mail Transport Agent: "'''sendmail'''". The following command line can be used to <u>manually</u> try to immediately flush out <u>'''All'''</u> emails queued up by "'''sendmail'''". Even though a "'''sendmail'''" service may be running, this command will only run once and then terminate. | + | Sometimes email messages can be <u>queued</u> <u>up</u> with the Mail Transport Agent: "'''sendmail'''". The following command line can be used to <u>manually</u> try to immediately flush out <u>'''All'''</u> emails queued up by "'''sendmail'''". Even though a "'''sendmail'''" service may be running, this command is <u>'''Ok'''</u> to use, it will only run once and then terminate. |
<div class="screen"> | <div class="screen"> | ||
− | <div class="screenTitle">Try To Flush The Entire ''sendmail'' Queue:</div> | + | <div class="screenTitle">Try To Flush Out The Entire "''sendmail''" Queue:</div> |
<div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -q -v</div> | <div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -q -v</div> | ||
</div> | </div> | ||
+ | |||
+ | |||
+ | == How To Flush Out A Specific Email Message From The Sendmail Queue == | ||
+ | |||
+ | "'''sendmail'''" can be told to <u>only</u> flush out certain emails from the "'''queue'''" with an additional argument to "'''-q'''". One can <u>flush</u> email messages that match a <u>specific</u> recipient's address: | ||
+ | |||
+ | <div class="screen"> | ||
+ | <div class="screenTitle">Try To Flush Out A Specific "''sendmail''" Queued Email Message:</div> | ||
+ | <div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -qR "securecomputing.com" -v</div> | ||
+ | </div> | ||
+ | |||
+ | All '''queued''' email messages with a recipient address that matches: "'''securecomputing.com'''" will be flushed out. You can also use "'''-qS'''" to match on the "'''sender'''" and "'''-qI'''" to match on the "'''queue ID'''". | ||
+ | |||
+ | == Accept/Reject Mail from Selected Domains/Hosts == | ||
+ | |||
+ | Edit the ''/etc/mail/access'' file and add networks and/or hosts you want to permit access to your sendmail server. | ||
+ | |||
+ | # Check the /usr/share/doc/sendmail/README.cf file for a description | ||
+ | # of the format of this file. (search for access_db in that file) | ||
+ | # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc | ||
+ | # package. | ||
+ | # | ||
+ | # If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the | ||
+ | # cyrus-sasl-plain package installed. | ||
+ | # | ||
+ | # By default we allow relaying from localhost... | ||
+ | Connect:localhost.localdomain RELAY | ||
+ | Connect:localhost RELAY | ||
+ | Connect:127.0.0.1 RELAY | ||
+ | # Permit all machines in range of 10.8.68.0 - 10.8.68.255 to relay mail through this server | ||
+ | Connect:10.8.68 RELAY | ||
+ | |||
+ | Next, compile: | ||
+ | |||
+ | makemap hash /etc/mail/access.db < /etc/mail/access | ||
+ | |||
+ | Then restart the '''sendmail''' service. | ||
+ | |||
+ | systemctl restart sendmail.service | ||
+ | |||
+ | == How To Enable TLS == | ||
+ | |||
+ | The instructions below are based on the [https://cromwell-intl.com/open-source/sendmail-ssl.html SMTP over TLS/SSL] article which is an excellent step by step guide for enabling TLS in sendmail. | ||
+ | |||
+ | Create a mail certificate directory and enter the new directory: | ||
+ | |||
+ | mkdir /etc/mail/cert | ||
+ | cd /etc/mail/cert | ||
+ | |||
+ | Create a key for the sendmail server, you will need to provide a new pass phrase when prompted. The next step will create a non-pass-phrase version. | ||
+ | |||
+ | openssl genrsa -des3 -out server.key 1024 | ||
+ | openssl rsa -in server.key -out server.key.open | ||
+ | |||
+ | Create a pass phrase free version of the key (so it is not pass-phrase-protected). Just hit the enter key when prompted and answer any X.509v3 certificate questions appropriately. | ||
+ | |||
+ | openssl req -new -x509 -days 3650 -key server.key.open -out server.crt | ||
+ | |||
+ | Make the files so only ''root'' can read/write them. | ||
+ | |||
+ | chmod 600 server.* | ||
+ | |||
+ | Add the following lines to your ''/etc/mail/sendmail.mc'' file (near the end of the file, but before the ''MAILER'' lines). | ||
+ | |||
+ | dnl # | ||
+ | dnl # For SSL/TLS | ||
+ | dnl # | ||
+ | define(`confCACERT_PATH', `/etc/mail/cert')dnl | ||
+ | define(`confCACERT', `/etc/mail/cert/server.crt')dnl | ||
+ | define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl | ||
+ | define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl | ||
+ | define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl | ||
+ | dnl# | ||
+ | |||
+ | Recompile your sendmail rules and restart the '''sendmail''' service. | ||
+ | |||
+ | cd "/etc/mail"; | ||
+ | m4 sendmail.mc > /etc/mail/sendmail.cf; | ||
+ | systemctl restart sendmail.service | ||
+ | |||
+ | == How To Configure for verizon.net == | ||
+ | |||
+ | This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication. | ||
+ | |||
+ | Problem: Verizon blocks TCP port 25, therefore a relay setup to smtp.aol.com (Verizon uses AOL email) is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/ | ||
+ | |||
+ | === Stop the sendmail Service === | ||
+ | |||
+ | systemctl stop sendmail.service; | ||
+ | |||
+ | === Create authinfo file: "/etc/mail/auth/authinfo" === | ||
+ | |||
+ | Following shows contents of ''/etc/mail/auth/authinfo''. NOTE: Change USERID and PASSWORD to the verizon.net account you will be using to send mail with. | ||
+ | |||
+ | AuthInfo:smtp.aol.com "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN" | ||
+ | AuthInfo: "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN" | ||
+ | |||
+ | === Compile === | ||
+ | |||
+ | cd "/etc/mail/auth"; | ||
+ | makemap hash authinfo < authinfo; | ||
+ | |||
+ | === Create Relay Entries === | ||
+ | |||
+ | Add the following entries to the file: "/etc/mail/sendmail.mc" | ||
+ | |||
+ | define(`SMART_HOST',`smtp.aol.com')dnl | ||
+ | define(`RELAY_MAILER',`esmtp')dnl | ||
+ | define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl | ||
+ | define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl | ||
+ | FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl | ||
+ | |||
+ | === Compile === | ||
+ | |||
+ | cd "/etc/mail"; | ||
+ | m4 sendmail.mc > /etc/mail/sendmail.cf; | ||
+ | |||
+ | === Start the sendmail Service === | ||
+ | |||
+ | systemctl start sendmail.service; | ||
+ | |||
+ | === Testing === | ||
+ | |||
+ | You can use the following examples to test the sendmail configuration: | ||
+ | |||
+ | FROM="USER@DOMAIN" | ||
+ | TO="USER@DOMAIN" | ||
+ | echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}" | ||
+ | mail; | ||
+ | mailq; | ||
+ | tail -6 /var/log/maillog; | ||
+ | sendmail -d0.1 -bv; | ||
+ | |||
+ | |||
+ | == How To Configure for att.net with SSL/TLS == | ||
+ | |||
+ | This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication on a residential AT&T Fiber connection circa 2018. It is similar to the Verizon configuration, but requires TLS for communications to the server. | ||
+ | |||
+ | Problem: AT&T blocks TCP port 25, therefore a relay setup to smtp.mail.att.net is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/ | ||
+ | |||
+ | === Enable TLS === | ||
+ | |||
+ | Follow the instructions in the [[#How To Enable TLS]] section to enable your '''sendmail''' service to use TLS when communicating with the AT&T mail server. | ||
+ | |||
+ | === Stop the sendmail Service === | ||
+ | |||
+ | systemctl stop sendmail.service; | ||
+ | |||
+ | === Create authinfo file: "/etc/mail/auth/authinfo" === | ||
+ | |||
+ | Create the ''auth'' sub-directory (if not present). | ||
+ | |||
+ | install -d /etc/mail/auth | ||
+ | |||
+ | Following shows contents of ''/etc/mail/auth/authinfo''. NOTE: Change USERID and PASSWORD to the att.net account you will be using to send mail with. | ||
+ | |||
+ | AuthInfo:smtp.mail.att.net "U:USERID@att.net" "P:PASSWORD" "M:PLAIN" | ||
+ | AuthInfo: "U:USERID@att.net" "P:PASSWORD" "M:PLAIN" | ||
+ | |||
+ | Change permissions to ''600'' so password can only be viewed by the root user. | ||
+ | |||
+ | chmod 600 /etc/mail/auth/authinfo | ||
+ | |||
+ | === Compile === | ||
+ | |||
+ | cd "/etc/mail/auth"; | ||
+ | makemap hash authinfo < authinfo; | ||
+ | |||
+ | === Create Relay Entries === | ||
+ | |||
+ | Add the following entries to the file: "/etc/mail/sendmail.mc". This can go near the end of the file, but needs to be prior to the ''MAILER'' directives. | ||
+ | |||
+ | define(`SMART_HOST',`smtp.mail.att.net')dnl | ||
+ | define(`RELAY_MAILER',`esmtp')dnl | ||
+ | define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl | ||
+ | define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl | ||
+ | FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl | ||
+ | |||
+ | === Compile === | ||
+ | |||
+ | cd "/etc/mail"; | ||
+ | m4 sendmail.mc > /etc/mail/sendmail.cf; | ||
+ | |||
+ | === Start the sendmail Service === | ||
+ | |||
+ | systemctl start sendmail.service; | ||
+ | systemctl enable sendmail.service; | ||
+ | |||
+ | === Testing === | ||
+ | |||
+ | You can use the following examples to test the sendmail configuration: | ||
+ | |||
+ | FROM="USER@DOMAIN" | ||
+ | TO="USER@DOMAIN" | ||
+ | echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}" | ||
+ | mail; | ||
+ | mailq; | ||
+ | tail -6 /var/log/maillog; |
Latest revision as of 09:51, 7 June 2018
Contents
How To Flush Out All Email Messages From The Sendmail Queue
Sometimes email messages can be queued up with the Mail Transport Agent: "sendmail". The following command line can be used to manually try to immediately flush out All emails queued up by "sendmail". Even though a "sendmail" service may be running, this command is Ok to use, it will only run once and then terminate.
How To Flush Out A Specific Email Message From The Sendmail Queue
"sendmail" can be told to only flush out certain emails from the "queue" with an additional argument to "-q". One can flush email messages that match a specific recipient's address:
All queued email messages with a recipient address that matches: "securecomputing.com" will be flushed out. You can also use "-qS" to match on the "sender" and "-qI" to match on the "queue ID".
Accept/Reject Mail from Selected Domains/Hosts
Edit the /etc/mail/access file and add networks and/or hosts you want to permit access to your sendmail server.
# Check the /usr/share/doc/sendmail/README.cf file for a description # of the format of this file. (search for access_db in that file) # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc # package. # # If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the # cyrus-sasl-plain package installed. # # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY # Permit all machines in range of 10.8.68.0 - 10.8.68.255 to relay mail through this server Connect:10.8.68 RELAY
Next, compile:
makemap hash /etc/mail/access.db < /etc/mail/access
Then restart the sendmail service.
systemctl restart sendmail.service
How To Enable TLS
The instructions below are based on the SMTP over TLS/SSL article which is an excellent step by step guide for enabling TLS in sendmail.
Create a mail certificate directory and enter the new directory:
mkdir /etc/mail/cert cd /etc/mail/cert
Create a key for the sendmail server, you will need to provide a new pass phrase when prompted. The next step will create a non-pass-phrase version.
openssl genrsa -des3 -out server.key 1024 openssl rsa -in server.key -out server.key.open
Create a pass phrase free version of the key (so it is not pass-phrase-protected). Just hit the enter key when prompted and answer any X.509v3 certificate questions appropriately.
openssl req -new -x509 -days 3650 -key server.key.open -out server.crt
Make the files so only root can read/write them.
chmod 600 server.*
Add the following lines to your /etc/mail/sendmail.mc file (near the end of the file, but before the MAILER lines).
dnl # dnl # For SSL/TLS dnl # define(`confCACERT_PATH', `/etc/mail/cert')dnl define(`confCACERT', `/etc/mail/cert/server.crt')dnl define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl dnl#
Recompile your sendmail rules and restart the sendmail service.
cd "/etc/mail"; m4 sendmail.mc > /etc/mail/sendmail.cf; systemctl restart sendmail.service
How To Configure for verizon.net
This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication.
Problem: Verizon blocks TCP port 25, therefore a relay setup to smtp.aol.com (Verizon uses AOL email) is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/
Stop the sendmail Service
systemctl stop sendmail.service;
Create authinfo file: "/etc/mail/auth/authinfo"
Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the verizon.net account you will be using to send mail with.
AuthInfo:smtp.aol.com "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN" AuthInfo: "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"
Compile
cd "/etc/mail/auth"; makemap hash authinfo < authinfo;
Create Relay Entries
Add the following entries to the file: "/etc/mail/sendmail.mc"
define(`SMART_HOST',`smtp.aol.com')dnl define(`RELAY_MAILER',`esmtp')dnl define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
Compile
cd "/etc/mail"; m4 sendmail.mc > /etc/mail/sendmail.cf;
Start the sendmail Service
systemctl start sendmail.service;
Testing
You can use the following examples to test the sendmail configuration:
FROM="USER@DOMAIN" TO="USER@DOMAIN" echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}" mail; mailq; tail -6 /var/log/maillog; sendmail -d0.1 -bv;
How To Configure for att.net with SSL/TLS
This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication on a residential AT&T Fiber connection circa 2018. It is similar to the Verizon configuration, but requires TLS for communications to the server.
Problem: AT&T blocks TCP port 25, therefore a relay setup to smtp.mail.att.net is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/
Enable TLS
Follow the instructions in the #How To Enable TLS section to enable your sendmail service to use TLS when communicating with the AT&T mail server.
Stop the sendmail Service
systemctl stop sendmail.service;
Create authinfo file: "/etc/mail/auth/authinfo"
Create the auth sub-directory (if not present).
install -d /etc/mail/auth
Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the att.net account you will be using to send mail with.
AuthInfo:smtp.mail.att.net "U:USERID@att.net" "P:PASSWORD" "M:PLAIN" AuthInfo: "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"
Change permissions to 600 so password can only be viewed by the root user.
chmod 600 /etc/mail/auth/authinfo
Compile
cd "/etc/mail/auth"; makemap hash authinfo < authinfo;
Create Relay Entries
Add the following entries to the file: "/etc/mail/sendmail.mc". This can go near the end of the file, but needs to be prior to the MAILER directives.
define(`SMART_HOST',`smtp.mail.att.net')dnl define(`RELAY_MAILER',`esmtp')dnl define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
Compile
cd "/etc/mail"; m4 sendmail.mc > /etc/mail/sendmail.cf;
Start the sendmail Service
systemctl start sendmail.service; systemctl enable sendmail.service;
Testing
You can use the following examples to test the sendmail configuration:
FROM="USER@DOMAIN" TO="USER@DOMAIN" echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}" mail; mailq; tail -6 /var/log/maillog;