Difference between revisions of "Sendmail"

From NST Wiki
Jump to navigationJump to search
(How To Flush All Email Messages From The Sendmail Queue)
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== How To Flush All Email Messages From The Sendmail Queue ==
+
== How To Flush Out All Email Messages From The Sendmail Queue ==
 
Sometimes email messages can be <u>queued</u> <u>up</u> with the Mail Transport Agent: "'''sendmail'''". The following command line can be used to <u>manually</u> try to immediately flush out <u>'''All'''</u> emails queued up by "'''sendmail'''". Even though a "'''sendmail'''" service may be running, this command is <u>'''Ok'''</u> to use, it will only run once and then terminate.  
 
Sometimes email messages can be <u>queued</u> <u>up</u> with the Mail Transport Agent: "'''sendmail'''". The following command line can be used to <u>manually</u> try to immediately flush out <u>'''All'''</u> emails queued up by "'''sendmail'''". Even though a "'''sendmail'''" service may be running, this command is <u>'''Ok'''</u> to use, it will only run once and then terminate.  
  
 
<div class="screen">
 
<div class="screen">
   <div class="screenTitle">Try To Flush The Entire "''sendmail''" Queue:</div>
+
   <div class="screenTitle">Try To Flush Out The Entire "''sendmail''" Queue:</div>
 
   <div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -q -v</div>
 
   <div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -q -v</div>
 
</div>
 
</div>
 +
 +
 +
== How To Flush Out A Specific Email Message From The Sendmail Queue ==
 +
 +
"'''sendmail'''" can be told to <u>only</u> flush out certain emails from the "'''queue'''" with an additional argument to "'''-q'''". One can <u>flush</u> email messages that match a <u>specific</u> recipient's address:
 +
 +
<div class="screen">
 +
  <div class="screenTitle">Try To Flush Out A Specific "''sendmail''" Queued Email Message:</div>
 +
  <div class="userInput"><span class="prompt">[root@probe-222 root]# </span>/usr/local/sbin/sendmail -qR "securecomputing.com" -v</div>
 +
</div>
 +
 +
All '''queued''' email messages with a recipient address that matches: "'''securecomputing.com'''" will be flushed out. You can also use "'''-qS'''" to match on the "'''sender'''" and "'''-qI'''" to match on the "'''queue ID'''".
 +
 +
== Accept/Reject Mail from Selected Domains/Hosts ==
 +
 +
Edit the ''/etc/mail/access'' file and add networks and/or hosts you want to permit access to your sendmail server.
 +
 +
# Check the /usr/share/doc/sendmail/README.cf file for a description
 +
# of the format of this file. (search for access_db in that file)
 +
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
 +
# package.
 +
#
 +
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the
 +
# cyrus-sasl-plain package installed.
 +
#
 +
# By default we allow relaying from localhost...
 +
Connect:localhost.localdomain RELAY
 +
Connect:localhost RELAY
 +
Connect:127.0.0.1 RELAY
 +
# Permit all machines in range of 10.8.68.0 - 10.8.68.255 to relay mail through this server
 +
Connect:10.8.68 RELAY
 +
 +
Next, compile:
 +
 +
makemap hash /etc/mail/access.db < /etc/mail/access
 +
 +
Then restart the '''sendmail''' service.
 +
 +
systemctl restart sendmail.service
 +
 +
== How To Enable TLS ==
 +
 +
The instructions below are based on the [https://cromwell-intl.com/open-source/sendmail-ssl.html SMTP over TLS/SSL] article which is an excellent step by step guide for enabling TLS in sendmail.
 +
 +
Create a mail certificate directory and enter the new directory:
 +
 +
mkdir /etc/mail/cert
 +
cd /etc/mail/cert
 +
 +
Create a key for the sendmail server, you will need to provide a new pass phrase when prompted. The next step will create a non-pass-phrase version.
 +
 +
openssl genrsa -des3 -out server.key 1024
 +
openssl rsa -in server.key -out server.key.open
 +
 +
Create a pass phrase free version of the key (so it is not pass-phrase-protected). Just hit the enter key when prompted and answer any X.509v3 certificate questions appropriately.
 +
 +
openssl req -new -x509 -days 3650 -key server.key.open -out server.crt
 +
 +
Make the files so only ''root'' can read/write them.
 +
 +
chmod 600 server.*
 +
 +
Add the following lines to your ''/etc/mail/sendmail.mc'' file (near the end of the file, but before the ''MAILER'' lines).
 +
 +
dnl #                                                                                                                                                                                   
 +
dnl # For SSL/TLS                                                                                                                                                                       
 +
dnl #                                                                                                                                                                                   
 +
define(`confCACERT_PATH', `/etc/mail/cert')dnl
 +
define(`confCACERT', `/etc/mail/cert/server.crt')dnl
 +
define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl
 +
define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl
 +
define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl
 +
dnl#
 +
 +
Recompile your sendmail rules and restart the '''sendmail''' service.
 +
           
 +
cd "/etc/mail";
 +
m4 sendmail.mc > /etc/mail/sendmail.cf;
 +
systemctl restart sendmail.service
 +
 +
== How To Configure for verizon.net ==
 +
 +
This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication.
 +
 +
Problem: Verizon blocks TCP port 25, therefore a relay setup to smtp.aol.com (Verizon uses AOL email) is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/
 +
 +
=== Stop the sendmail Service ===
 +
 +
systemctl stop sendmail.service;
 +
 +
=== Create authinfo file: "/etc/mail/auth/authinfo" ===
 +
 +
Following shows contents of ''/etc/mail/auth/authinfo''. NOTE: Change USERID and PASSWORD to the verizon.net account you will be using to send mail with.
 +
 +
AuthInfo:smtp.aol.com "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"
 +
AuthInfo: "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"
 +
 +
=== Compile ===
 +
 +
cd "/etc/mail/auth";
 +
makemap hash authinfo < authinfo;
 +
 +
=== Create Relay Entries ===
 +
 +
Add the following entries to the file: "/etc/mail/sendmail.mc"
 +
 +
define(`SMART_HOST',`smtp.aol.com')dnl
 +
define(`RELAY_MAILER',`esmtp')dnl
 +
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
 +
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 +
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
 +
 +
=== Compile ===
 +
 +
cd "/etc/mail";
 +
m4 sendmail.mc > /etc/mail/sendmail.cf;
 +
 +
=== Start the sendmail Service ===
 +
 +
systemctl start sendmail.service;
 +
 +
=== Testing ===
 +
 +
You can use the following examples to test the sendmail configuration:
 +
 +
FROM="USER@DOMAIN"
 +
TO="USER@DOMAIN"
 +
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
 +
mail;
 +
mailq;
 +
tail -6 /var/log/maillog;
 +
sendmail -d0.1 -bv;
 +
 +
 +
== How To Configure for att.net with SSL/TLS ==
 +
 +
This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication on a residential AT&T Fiber connection circa 2018. It is similar to the Verizon configuration, but requires TLS for communications to the server.
 +
 +
Problem: AT&T blocks TCP port 25, therefore a relay setup to smtp.mail.att.net is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/
 +
 +
=== Enable TLS ===
 +
 +
Follow the instructions in the [[#How To Enable TLS]] section to enable your '''sendmail''' service to use TLS when communicating with the AT&T mail server.
 +
 +
=== Stop the sendmail Service ===
 +
 +
systemctl stop sendmail.service;
 +
 +
=== Create authinfo file: "/etc/mail/auth/authinfo" ===
 +
 +
Create the ''auth'' sub-directory (if not present).
 +
 +
install -d /etc/mail/auth
 +
 +
Following shows contents of ''/etc/mail/auth/authinfo''. NOTE: Change USERID and PASSWORD to the att.net account you will be using to send mail with.
 +
 +
AuthInfo:smtp.mail.att.net "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"
 +
AuthInfo: "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"
 +
 +
Change permissions to ''600'' so password can only be viewed by the root user.
 +
 +
chmod 600 /etc/mail/auth/authinfo
 +
 +
=== Compile ===
 +
 +
cd "/etc/mail/auth";
 +
makemap hash authinfo < authinfo;
 +
 +
=== Create Relay Entries ===
 +
 +
Add the following entries to the file: "/etc/mail/sendmail.mc". This can go near the end of the file, but needs to be prior to the ''MAILER'' directives.
 +
 +
define(`SMART_HOST',`smtp.mail.att.net')dnl
 +
define(`RELAY_MAILER',`esmtp')dnl
 +
define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
 +
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
 +
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl
 +
 +
=== Compile ===
 +
 +
cd "/etc/mail";
 +
m4 sendmail.mc > /etc/mail/sendmail.cf;
 +
 +
=== Start the sendmail Service ===
 +
 +
systemctl start sendmail.service;
 +
systemctl enable sendmail.service;
 +
 +
=== Testing ===
 +
 +
You can use the following examples to test the sendmail configuration:
 +
 +
FROM="USER@DOMAIN"
 +
TO="USER@DOMAIN"
 +
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
 +
mail;
 +
mailq;
 +
tail -6 /var/log/maillog;

Latest revision as of 09:51, 7 June 2018

How To Flush Out All Email Messages From The Sendmail Queue

Sometimes email messages can be queued up with the Mail Transport Agent: "sendmail". The following command line can be used to manually try to immediately flush out All emails queued up by "sendmail". Even though a "sendmail" service may be running, this command is Ok to use, it will only run once and then terminate.

Try To Flush Out The Entire "sendmail" Queue:
[root@probe-222 root]# /usr/local/sbin/sendmail -q -v


How To Flush Out A Specific Email Message From The Sendmail Queue

"sendmail" can be told to only flush out certain emails from the "queue" with an additional argument to "-q". One can flush email messages that match a specific recipient's address:

Try To Flush Out A Specific "sendmail" Queued Email Message:
[root@probe-222 root]# /usr/local/sbin/sendmail -qR "securecomputing.com" -v

All queued email messages with a recipient address that matches: "securecomputing.com" will be flushed out. You can also use "-qS" to match on the "sender" and "-qI" to match on the "queue ID".

Accept/Reject Mail from Selected Domains/Hosts

Edit the /etc/mail/access file and add networks and/or hosts you want to permit access to your sendmail server.

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the 
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain	RELAY
Connect:localhost	RELAY
Connect:127.0.0.1	RELAY
# Permit all machines in range of 10.8.68.0 - 10.8.68.255 to relay mail through this server
Connect:10.8.68	RELAY

Next, compile:

makemap hash /etc/mail/access.db < /etc/mail/access

Then restart the sendmail service.

systemctl restart sendmail.service

How To Enable TLS

The instructions below are based on the SMTP over TLS/SSL article which is an excellent step by step guide for enabling TLS in sendmail.

Create a mail certificate directory and enter the new directory:

mkdir /etc/mail/cert
cd /etc/mail/cert 

Create a key for the sendmail server, you will need to provide a new pass phrase when prompted. The next step will create a non-pass-phrase version.

openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.open 

Create a pass phrase free version of the key (so it is not pass-phrase-protected). Just hit the enter key when prompted and answer any X.509v3 certificate questions appropriately.

openssl req -new -x509 -days 3650 -key server.key.open -out server.crt 

Make the files so only root can read/write them.

chmod 600 server.* 

Add the following lines to your /etc/mail/sendmail.mc file (near the end of the file, but before the MAILER lines).

dnl #                                                                                                                                                                                     
dnl # For SSL/TLS                                                                                                                                                                         
dnl #                                                                                                                                                                                     
define(`confCACERT_PATH', `/etc/mail/cert')dnl
define(`confCACERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl
define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl
dnl#

Recompile your sendmail rules and restart the sendmail service.

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;
systemctl restart sendmail.service

How To Configure for verizon.net

This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication.

Problem: Verizon blocks TCP port 25, therefore a relay setup to smtp.aol.com (Verizon uses AOL email) is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/

Stop the sendmail Service

systemctl stop sendmail.service;

Create authinfo file: "/etc/mail/auth/authinfo"

Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the verizon.net account you will be using to send mail with.

AuthInfo:smtp.aol.com "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"
AuthInfo: "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"

Compile

cd "/etc/mail/auth";
makemap hash authinfo < authinfo;

Create Relay Entries

Add the following entries to the file: "/etc/mail/sendmail.mc"

define(`SMART_HOST',`smtp.aol.com')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl

Compile

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;

Start the sendmail Service

systemctl start sendmail.service;

Testing

You can use the following examples to test the sendmail configuration:

FROM="USER@DOMAIN"
TO="USER@DOMAIN"
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
mail;
mailq;
tail -6 /var/log/maillog;
sendmail -d0.1 -bv;


How To Configure for att.net with SSL/TLS

This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication on a residential AT&T Fiber connection circa 2018. It is similar to the Verizon configuration, but requires TLS for communications to the server.

Problem: AT&T blocks TCP port 25, therefore a relay setup to smtp.mail.att.net is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/

Enable TLS

Follow the instructions in the #How To Enable TLS section to enable your sendmail service to use TLS when communicating with the AT&T mail server.

Stop the sendmail Service

systemctl stop sendmail.service;

Create authinfo file: "/etc/mail/auth/authinfo"

Create the auth sub-directory (if not present).

install -d /etc/mail/auth

Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the att.net account you will be using to send mail with.

AuthInfo:smtp.mail.att.net "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"
AuthInfo: "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"

Change permissions to 600 so password can only be viewed by the root user.

chmod 600 /etc/mail/auth/authinfo

Compile

cd "/etc/mail/auth";
makemap hash authinfo < authinfo;

Create Relay Entries

Add the following entries to the file: "/etc/mail/sendmail.mc". This can go near the end of the file, but needs to be prior to the MAILER directives.

define(`SMART_HOST',`smtp.mail.att.net')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl

Compile

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;

Start the sendmail Service

systemctl start sendmail.service;
systemctl enable sendmail.service;

Testing

You can use the following examples to test the sendmail configuration:

FROM="USER@DOMAIN"
TO="USER@DOMAIN"
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
mail;
mailq;
tail -6 /var/log/maillog;