|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 22. Software -Server/Mail Network||Next|
The /etc/sendmail.mc file for the Central Mail Hub, instead of having each individual server or workstation in a network handle its own mail, it can be advantageous to have powerful central server that handles all mail. Such a server is called a Mail Hub. The advantage of a Central Mail Hub is:
All incoming mail is sent to the hub, and no mail is sent directly to a client machine.
All outgoing mail from clients is sent to the Hub, and the Hub then forwards that mail to its ultimate destination.
All outgoing mail appears to come from a single server and no client's name needs to be known to the outside world.
No client needs to run a sendmail daemon to listen for mail.
The sendmail.cf is the first file reading by Sendmail when it runs and one of the most important for Sendmail. Among the many items contained in that file are the locations of all the other files, the default permissions for those files and directories that Sendmail needs. The m4 macro preprocessor program of Linux is used by Sendmail V8 to produce a Sendmail configuration file. This macro program will produce the /etc/mail/sendmail.cf configuration file by processing a file whose name ends in .mc.
For this reason, we'll create this file sendmail.mc and put the necessary macro values in it to allow the m4 program to process, read its input and gathers definitions of macros, and then replaces those macros with their values and output the result to create our sendmail.cf file. Please refer to the Sendmail documentation and README file under the cf subdirectory of the V8 Sendmail source distribution for more information.
Create the sendmail.mc file, touch /var/tmp/sendmail-version/cf/cf/sendmail.mc and add the following lines:
define(`confDEF_USER_ID',``8:12'')dnl OSTYPE(`linux')dnl DOMAIN(`generic')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`LOCAL_MAILER_FLAGS', `ShPfn')dnl define(`LOCAL_MAILER_ARGS', `procmail -a $h -d $u')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl FEATURE(`redirect')dnl FEATURE(`always_add_domain')dnl FEATURE(`use_cw_file')dnl FEATURE(`local_procmail')dnl FEATURE(`access_db')dnl FEATURE(`blacklist_recipients')dnl FEATURE(`dnsbl')dnl MAILER(`local')dnl MAILER(`smtp')dnl MAILER(`procmail')dnl
This tells the sendmail.mc file to set itself up for this particular configuration with:
This configuration option specifies the default user id. In our case the user mail and group mail, which correspond to ID number 8:12 see the /etc/passwd and /etc/group file.
This configuration option specifies the default operating system Sendmail wil bel running on; in our case the linux system. This item is one of the minimal pieces of information required by the mc file.
This configuration option will specify and describe a particular domain appropriated for your environment.
This configuration option specifies whether the receiving server is the best MX for a host and if so, try connecting to that host directly.
This configuration option, if set to true, means Sendmail will _not_insert the names and addresses of any local interfaces into the $=w class, list of known equivalent addresses.
This configuration option sets the path to the procmail program installed in your server. Since the path in Red Hat Linux differs from other Linux versions, we must specify the new path with this macro. It's important to note that this macro is also used by FEATURE(`local_procmail') as defined later in this file.
This configuration option defines the flags that must be used by the local mailer (procmail). See your Sendmail documentation for more information of each one.
This configuration option defines the arguments that must be passed to the local mailer (procmail). See your Sendmail documentation for more information on each one.
This m4 macro enables the use of smrsh, the sendmail restricted shell, instead of the default /bin/sh for mailing programs. With this feature you can control what program gets run via e-mail through the /etc/mail/aliases and ~/.forward files. The default location for the smrsh program is /usr/libexec/smrsh. Since we have installed smrsh in another location, we need to add an argument to the smrsh feature to indicate the new placement /usr/sbin/smrsh. The use of smrsh is recommended by CERT, so you are encouraged to use this feature as often as possible.
This m4 macro enables the use of mailertable database selects new delivery agents. A mailertable is a database that maps host.domain names to special delivery agent and new domain name pairs. With this feature, mail can be delivered through the use of a specified or particular delivery agent to a new domain name. Usually, this feature must be available only on a Central Mail Hub server.
This m4 macro enables the use of virtusertable, support for virtual domains, which allow multiple virtual domains to be hosted on one machine. A virtusertable is a database that maps virtual domains into new addresses. With this feature, mail for virtual domains can be delivered to a local, remote, or single user address. Usually this feature must be available only on a Central Mail Hub server.
This m4 macro enables the use of redirect support for address.REDIRECT. With this feature, mail addressed to a retired user account wahib, for example, will be bounced with an indication of the new forwarding address. The retired accounts must be set up in the aliases file on the mail server. Usually this feature must be available only on a Central Mail Hub server.
This m4 macro enables the use of always_add_domain, add the local domain even on local mail. With this feature, all addresses that are locally delivered will be fully qualified. It is safe and recommended to set this feature for security reasons.
This m4 macro enables the use of use_cw_file, use /etc/mail/local-host-names file for local hostnames. With this feature you can declare a list of hosts in the /etc/mail/local-host-names file for which the local host is acting as the MX recipient. In other word this feature causes the file /etc/mail/local-host-names to be read to obtain alternative names for the local host.
This m4 macro enables the use of local_procmail use procmail as local delivery agent. With this feature you can use procmail as a Sendmail delivery agent.
This m4 macro enables the access database feature. With this feature you have the ability through the access db to allow or refuse to accept mail from specified domains. Usually this feature must be available only in a Central Mail Hub server.
This m4 macro enables the ability to block incoming mail for certain recipient usernames, hostnames, or addresses. With this feature you can, for example, block incoming mail to user nobody, host foo.mydomain.com, or firstname.lastname@example.org.
This m4 macro enables Sendmail to reject mail from any site in the Realtime Blackhole List database rbl.maps.vix.com. The DNS based rejection is a database maintained in DNS of spammers. For details, see http://maps.vix.com/rbl/.
This m4 macro enables the use of local, smtp, and procmail as delivery agents in Sendmail by default, delivery agents are not automatically declared. With this feature, you can specify which ones you want to support and which ones to ignore. The MAILER(`local'), MAILER(`smtp'), and MAILER(`procmail') options cause support for local, smtp, esmtp, smtp8, relay delivery agents and procmail to be included. It's important to note that MAILER(`smtp') should always precede MAILER(`procmail').
: Sometimes, a domain with which you wish to continue communications may end up in the RBL list. In this case, Sendmail allows you to override these domains to allow their e-mail to be received. To do this, simply edit the /etc/mail/access file and add the appropriate domain information.