Sendmail, which is a standard part of most Linux distributions, is one of the most popular mail server programs on the Internet. You can use Sendmail as an alternative to expensive mail server programs, such as Microsoft Exchange Server, to provide email services for your LAN. This chapter shows you how to set up and use Sendmail on a Linux server.
Spam artists — unscrupulous marketers who clutter the Internet with millions of unsolicited emails — are constantly on the prowl for unprotected Sendmail servers, which they can use to launch their spam campaigns. If you don’t protect your server, sooner or later, a spammer will coax your computer into spending almost all its time sending out the spammer’s email. To protect your server from becoming an indentured spam servant, you can configure it to refuse any mail that merely wants to use your computer to relay messages to other computers. See the sidebar “Don’t be an open relay!” later in this chapter.
Understanding Email
Before I get into the details of installing and configuring Sendmail, I want to review some basics of how Internet email works. First, you need to understand that email consists of messages that are delivered according to an Internet protocol commonly referred to as SMTP. Simple Mail Transfer Protocol was first codified in 1983, long before Al Gore invented the Internet. Several enhancements have been made along the way, but most email on the Internet today is delivered using this nearly ancient protocol.
Interestingly, the software that delivers 70 percent of all the email on the Internet — Sendmail — also originated in the same year. In 1983, Eric Allman developed the first version of the Sendmail program as part of the Berkeley Software Distribution (BSD) of Unix, one of the earliest versions of Unix made publicly available.
The following paragraphs describe some of the key features of email that you should know about if you plan on setting up a Linux server running Sendmail:
Mailbox: A mailbox is a simple text file that holds incoming email messages until they are processed by a mail user agent. In Fedora Linux, each user has a mailbox file in /var/mail.
Mail User Agent (MUA): A program that end-users can use to send and receive mail. The most widely used MUA is Microsoft Outlook. Linux comes with several MUAs. The most basic is Mail, a text-based MUA that lets you read and compose email messages from a console prompt. Fedora also includes a sophisticated graphical MUA called Evolution, which is similar in many ways to Microsoft Outlook. Both are described later in this chapter.
Mail Transfer Agent (MTA): A program that transfers email messages between computers. Sendmail, which most of this chapter is devoted to, is an MTA. When a user uses an MUA to send an email message, the MUA delivers the message to an MTA, which then transfers the message to the intended recipient.
Mail Delivery Agent (MDA): A program that accepts incoming mail from an MTA and places it in the intended recipient's mailbox. A basic MDA simply copies each message to the mailbox, but more advanced MDAs can be used to filter the incoming mail to eliminate spam or check for viruses. The default MDA for Fedora Linux is Procmail. Fedora also includes SpamAssassin, which you can use to filter spam from your incoming mail.
Installing Sendmail
To install Sendmail, open a console or terminal window and enter the following commands:
sudo dnf install sendmail
sudo dnf install sendmail-cf
sudo dnf install m4
Assuming that the Sendmail packages are not already installed, dnf will ask for your permission to install the required packages. Enter y to proceed. Be patient while the package downloads and installs.
Modifying sendmail.mc
Sendmail is probably one of the most difficult programs to configure that you’ll ever encounter. In fact, the basic configuration file, sendmail.cf, is well more than 1,000 lines long. You don't want to mess with this file if you can possibly avoid it.
Fortunately, you don’t have to. The sendmail.cf configuration file is generated automatically from a much shorter file called sendmail.mc. This file contains special macros that are processed by a program called m4. The m4 program reads the macros in the sendmail.mc file and expands them to create the actual sendmail.cf file.
Even so, the sendmail.mc file is a few hundred lines long. Configuring Sendmail isn't for the faint of heart.
You can find the sendmail.mc and sendmail.cf files in the /etc/mail directory. Before you edit these files, you should make backup copies of the current files. That way, if you mess up your mail configuration, you can quickly return to a working configuration by reinstating your backup copies.
After you make backup copies, you can safely edit sendmail.mc. When you're finished, you can regenerate the sendmail.cf file by entering these commands:
cd /etc/mail
m4 sendmail.mc > sendmail.cf
service sendmail restart
The first command changes the current working directory to /etc/mail. Then, the second command compiles the sendmail.mc command into the sendmail.cf command. Finally, the third command restarts the Sendmail service so that the changes will take effect.
You need to be aware of two strange conventions used in the sendmail.mc file:
Comments: Unlike most configuration files, comments don't begin with a hash mark (#). Instead, they begin with the letters dnl.
Strings: Strings are quoted in an unusual way. Instead of regular quotation marks or apostrophes, strings must begin with a backquote (`), which is located to the left of the numeral 1 on the keyboard and ends with an apostrophe ('), located to the right of the semicolon. So a properly quoted string looks like this:
MASQUERADE_AS(`mydomain.com')
Pretty strange, eh?
The following sections describe the common configuration changes that you may need to make to sendmail.mc.
Enabling connections
The default configuration allows connections only from localhost. If you want Sendmail to work as a server for other computers on your network, look for the following line in the sendmail.mc file:
Add dnl to the beginning of this line to make it a comment.
Enabling masquerading
Masquerading allows all the mail being sent from your domain to appear as if it came from the domain (for example, wally@cleaver.net) rather than from the individual hosts (like wally@wally.cleaver.net). To enable masquerading, add lines similar to these:
MASQUERADE_AS(`cleaver.net')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
MASQUERADE_DOMAIN(`cleaver.net')dnl
Setting up aliases
An alias — also known as a virtual user — is an incoming email address that is automatically routed to local users. For example, you may want to create a generic account such as sales@mydomain.com and have all mail sent to that account delivered to a user named willie. To do that, you edit the file /etc/mail/virtusers. This file starts out empty. To create a virtual user, just list the incoming email address followed by the actual recipient.
For example, here’s a virtusers file that defines several aliases:
sales@mydomain.com willie
bob@mydomain.com robert
marketing@mydomain.com robert
After you make your changes, you should restart the Sendmail service.
Using SpamAssassin
SpamAssassin is a spam-blocking tool that uses a variety of techniques to weed the spam out of your users' mailboxes. SpamAssassin uses a combination of rule filters that scan for suspicious message content and other telltale signs of spam, as well as blacklists from known spammers. The following sections explain how to install and use it.
Installing SpamAssassin
To configure SpamAssassin for basic spam filtering, follow these steps:
Ensure that Procmail is installed as your MDA.
In Fedora, Procmail is installed by default. To make sure it’s enabled, open the file /etc/mail/sendmail.mc and make sure it includes the following line:
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
If this line is missing, add it and then restart Sendmail.
Ensure that the spamassassin daemon is running.
You can do that by entering this command at a console prompt:
sudo service spamassassin status
If SpamAssassin isn't running, enter this command:
sudo chkconfig -–level 35 spamassassin on
Whenever you make a configuration change, you should stop and restart the service with this command:
sudo service spamassassin restart
Create a file named procmailrc in the /etc directory.
Use gedit or your favorite text editor. The file should contain these two lines:
:0fw
| /usr/bin/spamc
These lines cause Procmail to run all incoming mail through the SpamAssassin client program.
Restart Sendmail and SpamAssassin.
You can do this from Applications⇒ Server Settings⇒ Services, or you can enter these commands at a console prompt:
sudo service sendmail restart
sudo service spamassassin restart
SpamAssassin should now be checking for spam. To make sure it's working, send some email to one of the mailboxes on your system and then open the mailbox file for that user in \var\mail and examine the message that was sent. If the message headers include several lines that begin with X-Spam, SpamAssassin is doing its job.
Customizing SpamAssassin
You can configure SpamAssassin by editing the configuration file /etc/mail/spamassassin/local.cf. This file contains SpamAssassin rules that are applied system wide although you can override these rules for individual users by creating a user_prefs file in each user's $HOME/.spamassassin directory.
In Fedora, the default local.cf file contains the following lines:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
These lines cause SpamAssassin to add the word [SPAM] to the start of the subject line for any message that scores 5 or higher on SpamAssassin's spam scoring algorithm.
Although you can configure SpamAssassin to automatically delete messages that score above a specified value, most antispam experts recommend against it. Instead, adding a word such as [SPAM] to the header lets each user decide how he wants to handle spam by using a message filter on his email client that either deletes the marked messages or moves them to a Spam folder.
No matter how you configure SpamAssassin, you will inevitably get some false positives. For example, a long-lost friend who moved to Nigeria will email you a joke about Viagra using a Hotmail account. Odds are good that SpamAssassin will mark this message as spam. That’s why arbitrarily deleting messages marked as spam isn’t such a great idea, especially on a system-wide basis. Better to simply mark the messages and then let your users decide how to deal with the spam.
Blacklisting and whitelisting email addresses
SpamAssassin lets you blacklist or whitelist a specific email address or an entire domain. When you blacklist an address, any mail from the address will automatically be blocked, regardless of the message contents. Conversely, when you whitelist an address, all mail from the address will be allowed through, even if the message would otherwise be blocked as spam.
Whitelisting is a powerful tool for making sure that the people you correspond with on a regular basis don’t get their email accidentally blocked by SpamAssassin. As a result, it’s a good idea to add your friends, relatives, and especially your customers to a whitelist.
Likewise, blacklisting lets you mark spammers who have managed to get their spam into your system in spite of SpamAssassin’s best efforts to detect their true intent.
To whitelist an address, add a line such as the following to /etc/mail/spamassassin/local.rc:
whitelist_from wally@cleaver.com
This allows all mail from wally@cleaver.com to be delivered, even if the mail might otherwise look like spam.
To blacklist an address, add a line like this:
blacklist_from auntida@myrelatives.com
This blocks all mail from your Aunt Ida.
Using the Mail Console Client
The most basic client for creating and reading email is the mail command. Although it doesn't have many advanced features, it is fast, so some Linux users like to use it for sending simple messages. (It is also sometimes used in scripts.) To install the mail command, open a terminal window and enter the following command:
sudo dnf install mailx
To read mail, open a command console, log on using the account whose mail you want to read, and enter the command mail. A list of all messages in your mailbox will be displayed. You can then use any of the commands listed in Table 7-1 to work with the messages in the mailbox or compose new mail messages.
Type the specified messages. For example, t 3 types message 3, and t 4 5 types messages 4 and 5.
dlist
Deletes one or more messages. For example, d 4 deletes message 4.
Rlist
Reply to message sender.
r list
Reply to message sender and all recipients.
m user
Compose a new message addressed to the specified user.
To compose a new message from a command prompt, follow these steps:
Type mail followed by the email address of the recipient.
For example:
mail wally@cleaver.com
Mail responds by prompting you for the subject.
Type the subject line and press Enter.
Mail then waits for you to enter the text of the message.
Type the message text. Use the Enter key to start new lines.
You can enter as many lines as you want for the message.
To send the message, enter a line consisting of only a period.
You’re done! The message is on its way.
Using Evolution
Evolution is a graphical email client that’s similar in many ways to Microsoft Outlook, as Figure 7-1 shows. It includes not only email features, but also a contact list, a calendar, a task manager, and other Outlook-like features.
Evolution is installed automatically as part of a Fedora Workstation install. You can install it manually with the following command:
sudo dnf install evolution.x86_64
To start Evolution, click the E-mail icon that’s located in the panel at the top of the GNOME screen. The first time you run Evolution, a configuration wizard will guide you through the necessary configuration. You need to supply basic information about your email account, such as your email address and the name of your mail server.
Looking at how email works
Spam artists — unscrupulous marketers who clutter the Internet with millions of unsolicited emails — are constantly on the prowl for unprotected Sendmail servers, which they can use to launch their spam campaigns. If you don’t protect your server, sooner or later, a spammer will coax your computer into spending almost all its time sending out the spammer’s email. To protect your server from becoming an indentured spam servant, you can configure it to refuse any mail that merely wants to use your computer to relay messages to other computers. See the sidebar “Don’t be an open relay!” later in this chapter.
Whenever you make a configuration change, you should stop and restart the service with this command: 