- Table of Contents
- Copyright
- About the Author
- Acknowledgments
- Tell Us What You Think!
- Introduction
- Part I: Introduction to Mac OS X
- Chapter 1. Mac OS X Component Architecture
- Chapter 2. Installing Mac OS X
- Chapter 3. Mac OS X Basics
- Chapter 4. The Finder: Working with Files and Applications
- Chapter 5. Running Classic Mac OS Applications
- Part II: Inside Mac OS X
- Chapter 6. Native Utilities and Applications
- Chapter 7. Internet Communications
- Chapter 8. Installing Third-Party Applications
- Part III: User-Level OS X Configuration
- Chapter 9. Network Setup
- Chapter 10. Printer and Font Management
- Chapter 11. Additional System Components
- Part IV: Introduction to BSD Applications
- Chapter 12. Introducing the BSD Subsystem
- Chapter 13. Common Unix Shell Commands: File Operations
- Part V: Advanced Command-Line Concepts
- Chapter 14. Advanced Shell Concepts and Commands
- Chapter 15. Command-Line Applications and Application Suites
- Chapter 16. Command-Line Software Installation
- Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
- Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
- Part VI: Server/Network Administration
- Chapter 19. X Window System Applications
- Chapter 20. Command-Line Configuration and Administration
- Chapter 21. AppleScript
- Chapter 22. Perl Scripting and SQL Connectivity
- Chapter 23. File and Resource Sharing with NetInfo
- Chapter 24. User Management and Machine Clustering
- Chapter 25. FTP Serving
- Chapter 26. Remote Access and Administration
- Chapter 27. Web Serving
- Part VII: Server Health
- Chapter 28. Web Programming
- Chapter 29. Creating a Mail Server
- Chapter 30. Accessing and Serving a Windows Network
- Chapter 31. Server Security and Advanced Network Configuration
- Chapter 32. System Maintenance
- Appendix A. Command-Line Reference
- Appendix B. Administration Reference
Sendmail Configuration
Setting up Sendmail is an interesting experience. Although it might appear that the main configuration file /etc/mail/sendmail.cf is the central setup point, it is and it isn't. The Sendmail configuration file is generated by a series of macros run by the m4 macro processor. By adding very simple directives to the macro files, users can create extremely complex configurations. The final output is the /etc/mail/sendmail.cf file, but some of the most useful configuration options are specified in the macro files before sendmail.cf is even generated.
Generating sendmail.cf
You've already seen a very basic change that must be made to the /etc/mail/sendmail.cf file to accommodate the Mac OS X file system. Let's backtrack a bit and see how sendmail.cf is created and can be fine-tuned using m4 macros.
To re-create the default sendmail.cf file at any time, use these commands:
cd /usr/share/sendmail/conf/m4 m4 cf.m4 ../cf/generic-darwin.mc > /etc/mail/sendmail.cf
This will overwrite the existing /etc/mail/sendmail.cf file and return the system to its initial state. To add macro-level features to the configuration, first copy the generic-darwin.mc file to a copy that you can edit:
cd /usr/share/sendmail/conf/cf cp generic-darwin.mc myosxconfig.mc
You'll be making changes to the new /usr/share/sendmail/conf/cf/myosxconfig.mc file from this point forward. These changes can then be compiled into the master sendmail.cf file with
cd /usr/share/sendmail/conf/m4 m4 cf.m4 ../cf/myosxconfig.mc > /etc/mail/sendmail.cf
The following configuration directives (called features) can be added to your myosxconfig. mc file to increase functionality and security. You should not remove any of the default lines, or your mail server might not start.
RealTime Blacklisting
One of the first features to enable on any Internet-connected Sendmail server should be realtime blacklisting (RBL). RBL services maintain a list of known open relay mail servers and spammers. By enabling RBL service on the Mac OS X mail server, it automatically checks each incoming message to determine whether it is from a known open relay or spammer. If it is, the message is returned as undeliverable. Include this feature to your myosxconfig.mc file by adding the line
FEATURE(`dnsbl')
Blacklisting does run a slight risk of denying messages from legitimate sources that happen to be using a mail server configured as an open relay. This, however, is becoming increasingly rare and shouldn't dissuade you from implementing RBL on your system.
Relaying
The version of Sendmail that ships with Mac OS X (8.10.2) is not configured as an open relay. This means that you can start the server without worrying about whether or not it will be used to send spam. As the administrator, you will, however, need to make choices on what relaying capabilities the server should have.
If a server must be accessible by clients across the country or around the globe, it becomes very difficult to nail down what client computers should be allowed to use Sendmail as a relay. The best possible situation is to be running a mail server that allows relaying for a local domain and perhaps a few ISPs. In a situation such as this, you should create and edit the file /etc/mail/relay-domains. Add to this file a list of domains or IP addresses that should be allowed to send e-mail via the server. For example
[primal:/etc/mail] jray% more relay-domains 192.168.0.50 poisontooth.com ag.ohio-state.edu osu.edu
Here, there are three named domains (poisontooth.com, ag.ohio-state.edu, osu.edu) and one specific client (192.168.0.50), that are allowed to access the SMTP server.
After editing the relay file, open and edit the /etc/mail/local-host-names file. Enter into this file all the names for which your mail server should accept e-mail. Even if relays are properly configured, mail might be rejected if addressed to an alternative hostname for the server. For example, I want to be able to accept e-mail for poisontooth. com, mail.poisontooth.com, and mail.shadesofinsanity.com. Each of these hostnames' DNS entry points directly to the server. To make sure that Sendmail accepts e-mail for all the names, my local-host-names file would look like this:
[primal:/etc/mail] jray% more local-host-names poisontooth.com mail.poisontooth.com mail.shadesofinsanity.com
For most small organizations, or even some large ones, this should be sufficient. Unfortunately, as was mentioned earlier, some organizations might need more control over the relay system. The following features provide more exacting control over the relay process:
- FEATURE(`relay_entire_domain')— This is the most dangerous feature available. When used, the Mac OS X Sendmail server becomes an open relay, accessible by any user. This should not be used unless the server traffic is limited by another means, such as a firewall.
- FEATURE(`relay_local_from')— Although not as bad as the first feature, this option is still quite dangerous. When used, the server enables any remote host to relay, as long as the messages being sent include a from header that consists of an address in your local domain. E-mail headers (including the mail from header) are easily forged, so this provides protection from only the most simplistic spam attacks.
- FEATURE(`accept_unresolvable_domains')— This feature enables messages to be accepted with an invalid hostname in the mail from header.
- FEATURE(`relay_hosts_only')— Activates relaying for hosts on your local network. If a client hostname has the same base domain name as the server, it is allowed to access the SMTP server. This is a very good feature to include if your network is the only place that should be able to send e-mail via the Mac OS X Sendmail daemon.
Advanced Access Control
In addition to blacklisting/relay-control features, you can create an access table that controls user access at an even lower level—down to the individual e-mail addresses that are being used. To enable this table, add these lines to your myosxconfig.mc file:
FEATURE(`access_db') FEATURE(`blacklist_recipients')
The first line enables the access database, whereas the second enables the administrator to add individual e-mail accounts to which the server will refuse to send e-mail.
The access table is built as a plain text file, such as /etc/mail/access. To be used by Sendmail, it must be hashed using the following command:
makemap hash /etc/mail/access < /etc/mail/access
The access control table is built using simple single-line commands. Each line consists of a host, domain, or e-mail address and an action to take if it is matched. Table 29.1 lists the possible reactions to a match.
Table 29.1. Access Control Actions
| Action | Description |
| OK | Accept mail regardless of other rules. This overrides any other relay configuration. |
| RELAY | Accept e-mail to or from the named domain. |
| REJECT | Reject e-mail from or to the recipient with a generic message. |
| DISCARD | Discard e-mail from or to the recipient. |
| ERROR: <### Text> | Identical to REJECT, but enables the administrator to set a customized error message. |
For example, consider the following file:
wespamalot.com ERROR:"550 We don't accept mail from your domain" goodguy.wespamalot.com OK poisontooth.com RELAY 192.168.0 RELAY spammer@yahoo.com REJECT
In this example, the mail from domain wespamalot.com is rejected with a custom error message. The host goodguy.wespamalot.com is allowed because the OK action overrides the initial ERROR. The domain poisontooth.com and subnet 192.168.0 are both allowed to use the server as a relay. Finally, e-mail from or to spammer@yahoo.com is rejected.
As you can see, this file can be built upon to grow with the needs of the server. Adding the access_db feature is recommended for any Sendmail installation.
Sendmail.cf Options
Assuming that you've made your changes to the macro setup files and then used m4 to rebuild the main configuration, there are still several things you might want to change in the sen d mail.cf file before calling your server done. There are literally hundreds of configuration options—most books on Sendmail are 800–1000 pages long—this will be the abbreviated version of what's important. Open the /etc/mail/sendmail.cf file and adjust what is appropriate for your machine. Table 29.2 has a few of the more interesting and useful options. Note: These options are already included in sendmail.cf, but must be uncommented (remove the #) and edited to suit the system requirements.
Table 29.2. Interesting and Useful Sendmail.cf Options
| Option | Purpose |
| O Alia s File=/etc/mail/aliases | Actives e-mail aliases on the system. Enables e-mail to be sent to one address and then directed to multiple people or an entirely different e-mail address. |
| O MaxMessageSize=1000000 | Sets a maximum message size on the server. When using a system with relaxed relaying, setting a maximum size is a good idea. |
| O MeToo | When using aliases, the server will cc the sender if he or she is included as part of the alias list. |
| Dj$w.Foo.COM | Manually sets a hostname for the Sendmail server. Used when Sendmail can't determine the name of the Mac OS X computer. |
| O Timeout.queuereturn=5d | Sets the length of time an e-mail will attempt to be delivered before it is returned undeliverable. Formatted using a number followed by d (days) or h (hours). |
| O Timeout.queuewarn=4h | Sets a warning period after which the server will notify a sender that the message has not yet reached its destination. |
Aliases
Most systems employ the AliasFile option to provide simple mailing list functionality, enable users to receive e-mail under multiple names, or forward messages to another e-mail account. Aliases are added to the file /etc/mail/aliases. When inserted, the Sendmail alias database must be rebuilt by running newaliases at the command line. This utility must be run each time a change is made to the alias file.
The alias file contains lines with the username that will receive e-mail, followed by a colon, and then the e-mail address (local or remote) that should get the message
<email username> : <recipient email address>
For example
webmaster: jray jraywork: ray.30@osu.edu root: jray, hlaufman
In this simple alias file, e-mail addressed to Webmaster would be sent to the local user jray, whereas e-mail addressed to jraywork would be forwarded to the account ray.30@osu.edu. Finally, any messages sent to root are automatically sent to both jray and hlaufman—two local-user accounts.
To simplify and modularize aliases that direct e-mail to multiple users, you can include files that list several e-mail addresses. Take a line such as
job-info: :include:/etc/mail/job.list
When this entry is added in the aliases file, it includes the list of e-mail addresses in the file /etc/mail/job.list. This is a convenient way to create a mailing list with very little work.
Mac OS X's Sendmail implementation offers an alternative way to add mail aliases: via the NetInfo database system. This will result in a setup that isn't directly transferable to other Unix systems, but it will allow you to use the NetInfo Manager or nicl command-line utility to quickly add aliases.
To add aliases directly to the /aliases directory within the NetInfo database, you must first create a NetInfo directory with the name of the alias, and then add a members key with the appropriate alias information. Think of this as splitting the lines in the alias file on the first : character. The information to the left of the : is the NetInfo alias name, and the information to the right is the member name. For example, consider this line, as it appears in /etc/mail/aliases:
jraywork: ray.30@osu.edu
This information could be added directly to NetInfo using
[primal:~] jray% sudo nicl / -create /aliases/jraywork [primal:~] jray% sudo nicl / -append /aliases/jraywork members ray.30@osu.edu
The NetInfo GUI tools can be used to perform this action as well. Chapter 23, "File and Resource Sharing with NetInfo," discusses the use of the NetInfo Manager utility.
When your server is properly configured, incoming messages will be stored within the /var/mail directory in a text file named after the intended recipient. You can use command-line tools to read these messages, or configure the Mail client to read e-mail directly from the local mail file. Setting up Mail is covered in Chapter 7, "Internet Communications."
Most system administrators, however, will want to serve their e-mail to remote clients rather than just local users. The next section of this chapter will deal with compiling and installing POP and IMAP servers to create a complete e-mail server package.
Additional Resources
Sendmail has had almost three decades of service, and has continued to grow larger and more powerful with each revision. Advanced configuration will require additional resources. A few excellent sources of information are provided here.
- Sendmail.org—www.sendmail.org/— The home of the free Sendmail software, this site contains information on all the Sendmail features and options. Although the information is extensive, it is not a tutorial.
- UIUC Sendmail Tutorial—www-wsg.cso.uiuc.edu/sendmail/tutorial/— An excellent tutorial on Sendmail and e-mail servers in general. Good for building a solid background in server terminology.
- Sendmail: Theory and Practice, Butterworth-Heinemann Publishing, Frederick M. Avolio, Paul Vixie, ISBN: 155558229X.
- Sendmail, O'Reilly Publishing, Bryan Costales, Eric Allman, ISBN: 1565922220.
University of Washington imapd | Next Section
Account Sign In
View your cart