sendmail Cookbook
暫譯: sendmail 食譜

Summary

More often than not, the words "sendmail configuration" strike dread in the hearts of sendmail and system administrators--and not without reason. sendmail configuration languages are as complex as any other programming languages, but used much more infrequently--only when sendmail is installed or configured. The average system administrator doesn't get enough practice to truly master this inscrutable technology.

Fortunately, there's help. The sendmail Cookbook provides step-by-step solutions for the administrator who needs to solve configuration problems fast. Say you need to configure sendmail to relay mail for your clients without creating an open relay that will be abused by spammers. A recipe in the Cookbook shows you how to do just that. No more wading through pages of dense documentation and tutorials and creating your own custom solution--just go directly to the recipe that addresses your specific problem.

Each recipe in the sendmail Cookbook outlines a configuration problem, presents the configuration code that solves that problem, and then explains the code in detail. The discussion of the code is critical because it provides the insight you need to tweak the code for your own circumstances.

The sendmail Cookbook begins with an overview of the configuration languages, offering a quick how-to for downloading and compiling the sendmail distribution. Next, you'll find a baseline configuration recipe upon which many of the subsequent configurations, or recipes, in the book are based. Recipes in the following chapters stand on their own and offer solutions for properly configuring important sendmail functions such as:

• Delivering and forwarding mail
  
• Relaying
  
• Masquerading
  
• Routing mail
  
• Controlling spam
  
• Strong authentication
  
• Securing the mail transport
  
• Managing the queue
  
• Securing sendmail

sendmail Cookbook is more than just a new approach to discussing sendmail configuration. The book also provides lots of new material that doesn't get much coverage elsewhere--STARTTLS and AUTH are given entire chapters, and LDAP is covered in recipes throughout the book. But most of all, this book is about saving time--something that most system administrators have in short supply. Pick up the sendmail Cookbook and say good-bye to sendmail dread.   

Table of Contents

Preface

1. Getting Started

      1.1 Downloading the Latest Release 

      1.2 Installing sendmail 

      1.3 Compiling sendmail to Use LDAP 

      1.4 Adding the regex Map Type to sendmail 

      1.5 Compiling sendmail with SASL Support 

      1.6 Compiling sendmail with STARTTLS Support 

      1.7 Compiling in STARTTLS File Paths 

      1.8 Building a sendmail Configuration 

      1.9 Testing a New Configuration 

      1.10 Logging sendmail 

2. Delivery and Forwarding

      2.1 Accepting Mail for Other Hosts 

      2.2 Fixing the Alias0 Missing Map Error and Creating Simple Aliases 

      2.3 Reading Aliases via LDAP 

      2.4 Configuring Red Hat 7.3 to Read Aliases from a NIS Server 

      2.5 Configuring Solaris 8 to Read Aliases from a NIS Server 

      2.6 Forwarding to an External Address 

      2.7 Creating Mailing Lists 

      2.8 Migrating Ex-Users to New Addresses 

      2.9 Delivering Mail to a Program 

      2.10 Using Program Names in Mailing Lists 

      2.11 Allowing Nonlogin Users to Forward to Programs 

      2.12 Fixing a .forward Loop 

      2.13 Enabling the User Database 

3. Relaying

      3.1 Passing All Mail to a Relay 

      3.2 Passing Outbound Mail to a Relay 

      3.3 Passing Local Mail to a Mail Hub 

      3.4 Passing Apparently Local Mail to a Relay 

      3.5 Passing UUCP Mail to a Relay 

      3.6 Relaying Mail for All Hosts in a Domain 

      3.7 Relaying Mail for Individual Hosts 

      3.8 Configuring Relaying on a Mail Exchanger 

      3.9 Loading Class $=R via LDAP 

      3.10 Relaying Only Outbound Mail 

4. Masquerading

      4.1 Adding Domains to All Sender Addresses 

      4.2 Masquerading the Sender Hostname 

      4.3 Eliminating Masquerading for the Local Mailer 

      4.4 Forcing Masquerading of Local Mail 

      4.5 Masquerading Recipient Addresses 

      4.6 Masquerading at the Relay Host 

      4.7 Limiting Masquerading 

      4.8 Masquerading All Hosts in a Domain 

      4.9 Masquerading Most of the Hosts in a Domain 

      4.10 Masquerading the Envelope Address 

      4.11 Rewriting the From Address with the genericstable 

      4.12 Rewriting Sender Addresses for an Entire Domain

      4.13 Masquerading with LDAP 

      4.14 Reading the genericstable via LDAP 

5. Routing Mail

      5.1 Routing Mail to Special Purpose Mailers 

      5.2 Sending Error Messages from the mailertable 

      5.3 Disabling MX Processing to Avoid Loops 

      5.4 Routing Mail for Local Delivery 

      5.5 Reading the mailertable via LDAP 

      5.6 Routing Mail for Individual Virtual Hosts 

      5.7 Routing Mail for Entire Virtual Domains 

      5.8 Reading the virtusertable via LDAP 

      5.9 Routing Mail with LDAP 

      5.10 Using LDAP Routing with Masquerading 

6. Controlling Spam

      6.1 Blocking Spam with the access Database 

      6.2 Preventing Local Users from Replying to Spammers

      6.3 Reading the access Database via LDAP 

      6.4 Using a DNS Blackhole List Service 

      6.5 Building Your Own DNS Blackhole List 

      6.6 Whitelisting Blacklisted Sites 

      6.7 Filtering Local Mail with procmail 

      6.8 Filtering Outbound Mail with procmail 

      6.9 Invoking Special Header Processing 

      6.10 Using Regular Expressions in sendmail 

      6.11 Identifying Local Problem Users 

      6.12 Using MILTER 

      6.13 Bypassing Spam Checks 

      6.14 Enabling Spam Checks on a Per-User Basis 

7. Authenticating with AUTH

      7.1 Offering AUTH Authentication 

      7.2 Authenticating with AUTH 

      7.3 Storing AUTH Credentials in the authinfo File 

      7.4 Limiting Advertised Authentication Mechanisms 

      7.5 Using AUTH to Permit Relaying 

      7.6 Controlling the AUTH= Parameter 

      7.7 Avoiding Double Encryption 

      7.8 Requiring Authentication 

      7.9 Selectively Requiring Authentication 

8. Securing the Mail Transport

      8.1 Building a Private Certificate Authority 

      8.2 Creating a Certificate Request 

      8.3 Signing a Certificate Request 

      8.4 Configuring sendmail for STARTTLS 

      8.5 Relaying Based on the CA 

      8.6 Relaying Based on the Certificate Subject 

      8.7 Requiring Outbound Encryption 

      8.8 Requiring Inbound Encryption 

      8.9 Requiring a Verified Certificate 

      8.10 Requiring TLS for a Recipient 

      8.11 Refusing STARTTLS Service 

      8.12 Selectively Advertising STARTTLS 

      8.13 Requesting Client Certificates 

9. Managing the Queue

      9.1 Creating Multiple Queues 

      9.2 Using qf, df, and xf Subdirectories 

      9.3 Defining Queue Groups 

      9.4 Assigning Recipients to Specific Queues 

      9.5 Using Persistent Queue Runners 

      9.6 Using a Queue Server 

      9.7 Setting Protocol Timers 

10. Securing sendmail

      10.1 Limiting the Number of sendmail Servers 

      10.2 Limiting the Number of Network Accessible Servers 

      10.3 Updating to Close Security Holes 

      10.4 Patching to Close Security Holes 

      10.5 Disabling Delivery to Programs 

      10.6 Controlling Delivery to Programs 

      10.7 Disabling Delivery to Files 

      10.8 Bypassing User .forward Files 

      10.9 Controlling Delivery to Files 

      10.10 Running sendmail Non-Set-User-ID root 

      10.11 Setting a Safe Default User ID 

      10.12 Defining Trusted Users 

      10.13 Identifying the sendmail Administrator 

      10.14 Limiting the SMTP Command Set 

      10.15 Requiring a Valid HELO 

      10.16 Restricting Command-Line Options 

      10.17 Denying DoS Attacks 

Index