SendMail under CentOS 6.2

I wanted a dedicated mail server that would handle outgoing messages from web applications on the same subnet.

1. yum remove postfix
postfix is the mail server installed by default with CentOS 6.2

If in doubt that you have postfix using up port 25, use these instructions to see what is running on port 25.

lsof

2. yum install sendmail
yum install sendmail.cf

3. cd /etc/mail
cp sendmail.mc sendmail.mc.original
cp sendmail.cf sendmail.cf.original

Most important part is to back up the MC macro file because that generates the CF file.

4. vi sendmail.mc
vi access
make -C /etc/mail

You must study the documentation to figure out what syntax to put into the sendmail.mc file. sendmail configuration readme PDF.


5. /sbin/service sendmail start

6. ps ax|grep sendmail
should show a line about accepting connections; if not, check the log for errors

cd /var/log
cat maillog|more


FIREWALL: use the # setup program when you have a KVM available, or try your luck with iptables from the console http://www.blogger.com/img/blank.gif(danger warning do not enter; http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ is reasonable but read the comments ( useful to know how to refer to a subnet: 192.168.100.0/24 ) ).

One of the non-obvious things about the CentOS 6 Firewall Configuration is that you can get to it as soon you login with a GUI Desktop. It is on the menu, under System > Administration > Firewall. For this use case, what we want to do is AVOID granting access to the MAIL server on the Trusted Services page and instead use a CUSTOM RULE file. The custom rule file will be of type filter (not mangle) and will contain 3 lines which first grant our own subnet (123.123.123.*) access and then drop the connection to anyone else playing with port 25.

-A INPUT -i eth10 -p tcp -s 123.123.123.0/24 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 25 -j DROP

Comments

confDOMAIN_NAME was required in sendmail.mc to control the HELO subdomain shown when clients connected to the smtp server.

CLIENT_OPTIONS(`Family=inet, Address=x.x.x.z')

was required in sendmail.mc to control the ip number used when the smtp server connected to other hosts such as mx.google.com in order to relay the email.

These issues came up because the physical machine has more than one ip number and was defaulting to the "other" subdomain and ip.
To avoid "relay denied" errors, make sure that the sending-computer has a reverse DNS entry for the ip number that the email client uses when connecting to the smtp server.
Anonymous said…
Actually... you need the reverse DNS entry and you need an entry in the /etc/mail/access file for the ip number, and if there is a firewall then that needs to be suitable as well.

Popular Posts