Sendmail

From NST Wiki
Revision as of 09:51, 7 June 2018 by Paul Blankenbaker (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

How To Flush Out All Email Messages From The Sendmail Queue

Sometimes email messages can be queued up with the Mail Transport Agent: "sendmail". The following command line can be used to manually try to immediately flush out All emails queued up by "sendmail". Even though a "sendmail" service may be running, this command is Ok to use, it will only run once and then terminate.

Try To Flush Out The Entire "sendmail" Queue:
[root@probe-222 root]# /usr/local/sbin/sendmail -q -v


How To Flush Out A Specific Email Message From The Sendmail Queue

"sendmail" can be told to only flush out certain emails from the "queue" with an additional argument to "-q". One can flush email messages that match a specific recipient's address:

Try To Flush Out A Specific "sendmail" Queued Email Message:
[root@probe-222 root]# /usr/local/sbin/sendmail -qR "securecomputing.com" -v

All queued email messages with a recipient address that matches: "securecomputing.com" will be flushed out. You can also use "-qS" to match on the "sender" and "-qI" to match on the "queue ID".

Accept/Reject Mail from Selected Domains/Hosts

Edit the /etc/mail/access file and add networks and/or hosts you want to permit access to your sendmail server.

# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the 
# cyrus-sasl-plain package installed.
#
# By default we allow relaying from localhost...
Connect:localhost.localdomain	RELAY
Connect:localhost	RELAY
Connect:127.0.0.1	RELAY
# Permit all machines in range of 10.8.68.0 - 10.8.68.255 to relay mail through this server
Connect:10.8.68	RELAY

Next, compile:

makemap hash /etc/mail/access.db < /etc/mail/access

Then restart the sendmail service.

systemctl restart sendmail.service

How To Enable TLS

The instructions below are based on the SMTP over TLS/SSL article which is an excellent step by step guide for enabling TLS in sendmail.

Create a mail certificate directory and enter the new directory:

mkdir /etc/mail/cert
cd /etc/mail/cert 

Create a key for the sendmail server, you will need to provide a new pass phrase when prompted. The next step will create a non-pass-phrase version.

openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.open 

Create a pass phrase free version of the key (so it is not pass-phrase-protected). Just hit the enter key when prompted and answer any X.509v3 certificate questions appropriately.

openssl req -new -x509 -days 3650 -key server.key.open -out server.crt 

Make the files so only root can read/write them.

chmod 600 server.* 

Add the following lines to your /etc/mail/sendmail.mc file (near the end of the file, but before the MAILER lines).

dnl #                                                                                                                                                                                     
dnl # For SSL/TLS                                                                                                                                                                         
dnl #                                                                                                                                                                                     
define(`confCACERT_PATH', `/etc/mail/cert')dnl
define(`confCACERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_CERT', `/etc/mail/cert/server.crt')dnl
define(`confSERVER_KEY', `/etc/mail/cert/server.key.open')dnl
define(`confCLIENT_KEY', `/etc/mail/cert/server.crt')dnl
dnl#

Recompile your sendmail rules and restart the sendmail service.

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;
systemctl restart sendmail.service

How To Configure for verizon.net

This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication.

Problem: Verizon blocks TCP port 25, therefore a relay setup to smtp.aol.com (Verizon uses AOL email) is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/

Stop the sendmail Service

systemctl stop sendmail.service;

Create authinfo file: "/etc/mail/auth/authinfo"

Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the verizon.net account you will be using to send mail with.

AuthInfo:smtp.aol.com "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"
AuthInfo: "U:USERID@verizon.net" "P:PASSWORD" "M:PLAIN"

Compile

cd "/etc/mail/auth";
makemap hash authinfo < authinfo;

Create Relay Entries

Add the following entries to the file: "/etc/mail/sendmail.mc"

define(`SMART_HOST',`smtp.aol.com')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl

Compile

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;

Start the sendmail Service

systemctl start sendmail.service;

Testing

You can use the following examples to test the sendmail configuration:

FROM="USER@DOMAIN"
TO="USER@DOMAIN"
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
mail;
mailq;
tail -6 /var/log/maillog;
sendmail -d0.1 -bv;


How To Configure for att.net with SSL/TLS

This following shows the procedure and config entries to facilitate using sendmail on an NST system for relay and authentication on a residential AT&T Fiber connection circa 2018. It is similar to the Verizon configuration, but requires TLS for communications to the server.

Problem: AT&T blocks TCP port 25, therefore a relay setup to smtp.mail.att.net is used. Reference: https://www.linuxquestions.org/questions/slackware-14/sendmail-smtp-auth-howto-224543/

Enable TLS

Follow the instructions in the #How To Enable TLS section to enable your sendmail service to use TLS when communicating with the AT&T mail server.

Stop the sendmail Service

systemctl stop sendmail.service;

Create authinfo file: "/etc/mail/auth/authinfo"

Create the auth sub-directory (if not present).

install -d /etc/mail/auth

Following shows contents of /etc/mail/auth/authinfo. NOTE: Change USERID and PASSWORD to the att.net account you will be using to send mail with.

AuthInfo:smtp.mail.att.net "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"
AuthInfo: "U:USERID@att.net" "P:PASSWORD" "M:PLAIN"

Change permissions to 600 so password can only be viewed by the root user.

chmod 600 /etc/mail/auth/authinfo

Compile

cd "/etc/mail/auth";
makemap hash authinfo < authinfo;

Create Relay Entries

Add the following entries to the file: "/etc/mail/sendmail.mc". This can go near the end of the file, but needs to be prior to the MAILER directives.

define(`SMART_HOST',`smtp.mail.att.net')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 465')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/auth/authinfo')dnl

Compile

cd "/etc/mail";
m4 sendmail.mc > /etc/mail/sendmail.cf;

Start the sendmail Service

systemctl start sendmail.service;
systemctl enable sendmail.service;

Testing

You can use the following examples to test the sendmail configuration:

FROM="USER@DOMAIN"
TO="USER@DOMAIN"
echo "Test sent from ${FROM} to ${TO} from host $(hostname) on $(date)" | mailx -v -s "Test from $(hostname)" -r "${FROM}" "${TO}"
mail;
mailq;
tail -6 /var/log/maillog;