Setting up sendmail for home office / workshop mail relaying

[Article updated 22 Oct, 2016]

Recently, our workshop completed some OS and software upgrades. Here we are posting some field notes on setting up an internal mail relay server, which is one of many long overdue tasks. Hopefully this will benefit anyone working on similar projects.

Why mail relay?

Here in our shop, besides regular desktop workstations which are Microsoft Outlook and Mozilla Thunderbird based, we also have quite a few “low-tech” network devices that communicate using SMTP. These devices such as UPS, Multi-Function Printers, Nagios and Security Cameras all use SMTP for alert and notifications.

Regular desktops occupied the top portion of the network, these workstations equipped with “High-tech” email software like Outlook/Thunderbird, the software initiates all In/Out email delivery automatically.

The mentioned “Low-tech” device sends email outbound only for alerting purposes. However, some of these devices don’t allow security configuration, making them delivery alerts directly to ISP’s mail server impossible.

A mail relay service can solve the problem by listening and relaying all internal mail requests, thus allowing these “low-tech” devices to utilize a common channel for their SMTP transportation.

Let’s get started

Based on your requirements, you are to decide whether a standalone server needed or just piggy pack sendmail on an existing server. In either case, you need to become root and install sendmail:

  • Yum install sendmail
  • Yum install Sendmai-cf
  • Chkconfig sendmail on
  • Install and setup Network Time Protocol (Optional), this allows you to have an actuate time for troubleshooting and logging purposes

[Article updated 22 Oct, 2016] – Information for Debian distribution

  • apt-get update
  • apt-get upgrade
  • apt-get install sendmail-bin
  • apt-get install sendmail

Editing sendmail.mc file

Configure sendmail to listen to internal network (only):

Locate, un-comment or Add this line

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl

and remove loopback address (Addr=127.0.0.1) to allow sendmail to listen and respond to request from internal network.

Configure sendmail to relay to ISP mail server:

Locate, un-comment or Add this line

define(`SMART_HOST',`smtp.myisp.net')dnl

and change smtp.myisp.net to ISP’s SMTP server. Locate, un-comment or Add this line

FEATURE(`authinfo')dnl

Configure sendmail to authenticate on submission port (587)

Locate, un-comment or Add these lines

define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')

Locate, un-comment or Add this line

DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea’)dnl

Locate, un-comment or Add this line

FEATURE(`access_db‘, `hash -T<TMPF> /etc/mail/access_map’)

Once completed the above, save sendmail.mc file and use M4 to re-create sendmail.cf file.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Using FEATURE(`access_db’)

[Article updated 22 Oct, 2016] – Refer to the link [http://www.sendmail.org/~ca/email/doc8.12/cf/m4/anti_spam.html#access_db] for more information.

Create /etc/mail/access file with the following

Connect:localhost.localdomain            RELAY
Connect:localhost                        RELAY
Connect:127.0.0.1                        RELAY
192.168.1                                RELAY

Save the file and hash it

makemap hash /etc/mail/access < /etc/mail/access

Using FEATURE(`authinfo’)

Create /etc/mail/authinfo file with the following

AuthInfo:smtp.myisp.net "U:my_username" "P:my_password" "M:PLAIN"

Of course, change smtp.myisp.net to your ISP’s SMTP server. Provide username and password which you will use to access this SMTP server. Save the file, change permission and hash the file into database.

chmod 600 /etc/mail/authinfo
makemap hash /etc/mail/authinfo < /etc/mail/authinfo

Start the engine

Get sendmail service started

Service sendmail start

Monitor /var/log/maillog and see if there is any error. User “mailq” command to check number of mail in mail queue. Next thing is to have all internal “low-tech” devices point to the mail relay server. Pretty much all set from here.

Security concerns

In this scenario, we are having sendmail relaying everything received from hosts within the internal network. We are assuming all internal hosts are free of virus and whatever causing internal security issues.

Also, due to the relay nature of this sendmail configuration. Under no circumstance the server should face Internet at any time. You should also review all other security settings from within the hosting Linux environment, update and patch all software necessary to conform the latest security requirements.

Enjoy, Team BTF

Leave a Reply

Your email address will not be published. Required fields are marked *