Friday 4 October 2013

Step by Step SENDMAIL + SMTP AUTH & "Maildir format for Mailbox" Configuration

Sendmail is most popular MTA for mail services. It is an open source which comes with Linux OS.
I am configuring Sendmail on CentOS 6.3 64 bit machine. I have already configured yum on CentOS which I am not covering in this document.

1.       Check, whether server is 64 bit machine or not.

[root@mail01 ~]# getconf LONG_BIT
64

2.       Checking the OS version and Linux kernel used for installation.

[root@mail01 ~]# cat /etc/redhat-release
CentOS release 6.3 (Final)

[root@mail01 ~]# uname -a
Linux mail01.example.com 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

3.       Install Sendmail on server using yum and checking the installed Sendmail version.

[root@mail01 ~]# yum install sendmail*

[root@mail01 ~]# rpm -qa | grep sendmail                          
sendmail-cf-8.14.4-8.el6.noarch
sendmail-8.14.4-8.el6.x86_64

4.       I will use M4 language to convert the configuration file from sendmail.mc to sednmail.cf. So install m4 package and check the installed version.

[root@mail01 ~]# yum install sendmail*

[root@mail01 ~]# rpm -qa | grep m4
m4-1.4.13-5.el6.x86_64

5.       The mail configuration files of Sendmail store in /etc/mail directory. The mail configuration file is sendmail.mc which could be edited as per our requirement on mailing server.
 

Comment the following line so that other system can use this mail server. Otherwise mail will work only on localhost.

From:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

 To:
dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

6.       Allow the SMTP authentication with secure connection. Uncomment the following lines.

define(`confAUTH_OPTIONS', `A ')dnl

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL DiIGEST-MD5 CRAM-MD5 LOGIN PLAIN ')dnl

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

LOCAL_DOMAIN(`example.com')dnl

I used example.com domain for my mail setup. Here you can provide your domain of mails.

7.       I will create a SSL certificate so that STARTTLS will function. Run the following commands to create a Certificate Authority (CA).

[root@mail01 mail]# mkdir  /etc/pki/tls/certs
[root@mail01 mail]#cd  /etc/pki/tls/certs

[root@mail01 certs]#  openssl req -new -x509 -keyout cakey.pem -out ca-bundle.crt -days 1865
[root@mail01 certs]# openssl req –nodes –new  -x509 -keyout  sendmail.pem –out sendmail.pem –days  1865

[root@mail01 certs]# chmod 600 sendmail.pem

We can verify the content of Certificate.

[root@mail01 certs]# openssl x509 –noout –text –in sendmail.pem

8.       Now start up the saslauth daemon and run the following.

[root@mail01 certs]# /etc/init.d/saslauthd start
[root@mail01 certs]# chkconfig saslauthd on

This command tells SASLv2 to look at the /etc/shadow file for authentication. There are other ways to authenticate but are beyond the scope of this howto. I’ve also read that the saslauth daemon does not support CRAM-MD5 or DIGEST-MD5.

9.       Convert the sendmail.mc file sendmail.cf using m4 language. And restart the Sendmail daemon.

[root@mail01 certs]# cd /etc/mail
[root@mail01 mail]# m4 sendmail.mc > sendmail.cf

[root@mail01 mail]# service sendmail restart
[root@mail01 mail]# chkconfig sendmail on

10.To accept the entry of local hostname Make entry into /etc/mail/local-host-name. Place any domains or hosts that Sendmail will receive mail for. For example, to configure a mail server to accept mail for the domain example.com and the host mail.example.com, add these entries to local-host-names

example.com
mail.example.com

11.   Make entry of your domain into /etc/mail/access file and update database.

Connect:example.com               RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY

12.   Update the access file database.

[root@mail01 mail]# makemap hash access.db < access

13.   By default Sendmail uses Mailbox format into mbox format which performs slower. So for better performance I will use Maildir format. For changing this configuration create a file /etc/procmailrc and add the following entries.
 
[root@mail01 mail]# vi /etc/procmailrc

ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/

14.   Restart the sendmail service on server.


[root@mail01 mail]# service sendmail restart
Posted by at

3 comments:

  1. Anonymous9 October 2014 at 20:37

    Hi ,

    Can we configure multiple domains such as abc.com , pwq.com , dff.com under the root domain and users will be able to send and receive emails on each individual domain.

    Thanks,

    ReplyDelete
  2. Anonymous14 October 2014 at 19:16

    Same problem how to configure multiple domains abs.cz def.cz and certificates for them?

    Email client say that there is problem with target name of certificate ...

    ReplyDelete
  3. Editor18 February 2020 at 12:26


    Thank you for sharing this Information.
    I also found Various useful links related to Devops, Docker & Kubernetes

    Kubernetes Kubectl Commands CheatSheet

    Introduction to Kubernetes Networking

    Basic Concept of Kubernetes

    Kubernetes Interview Question and Answers

    Kubernetes Sheetsheat

    Docker Basic Tutorial

    Linux Sar Command Tutorial

    Linux Interview Questions and Answers

    Docker Interview Question and Answers

    OpenStack Interview Questions and Answers

    ReplyDelete

Subscribe to: Post Comments (Atom)