SendMail Help
Rick Stevens
rstevens at vitalstream.com
Wed Aug 16 18:55:11 UTC 2006
On Tue, 2006-08-15 at 20:42 -0600, brad.mugleston at comcast.net wrote:
> > want to designate a "mail hub" which receives mail from all of your
> > internal machines and sends it out on behalf of them.
> >
> > For security reasons, I recommend a mail hub (only it is exposed to the
> > internet, centralizes virus and spam filtering, etc.). So, on all
> > of the machines EXCEPT the mail hub, make sure you have:
> >
> > define(`SMART_HOST', `name-of-mail-hub-machine')dnl
> >
> > in the sendmail.mc file. You also should decide if you want the hub
> > to receive mail on behalf of all your machines. If so, also define
> > the MASQUERADE_AS macro:
> >
> > define(`MASQUERADE_AS', `host.domain.tld')dnl
> >
> > Now, as to firewalls, only the mail hub needs to talk to the internet
> > over port 25. The rest of the machines in your network will use port
> > 25 to talk to the mail hub. So, the firewall rules on the router should
> > permit the mail hub port 25 access to the internet and should block all
> > others. Do NOT block port 25 on any of the internal machines (either
> > through iptables or Windows firewalls).
> >
>
> OK, sounds good to me BUT I need some translations.
>
>
> Lets make it simple - two machines named LHOST and LCLIENT.
> LHOST is my mail server and LCLIENT is the machine I'm sitting
> at.
>
> First, what file holds these names and on what physical machine
> (both for XP and Linux)
The "define(`SMART_HOST', `LHOST')dnl" would be
put in your LCLIENT's "/etc/mail/submit.mc" file under Linux, after
which you must restart sendmail via "service sendmail restart".
Under Windows, just modify the SMTP server setting of Outschnook or
whatever to point at "LHOST".
The "MASQUERADE_AS(`host.domain.tld')dnl" bit would be put
in LHOST's /etc/mail/sendmail.mc and /etc/mail/submit.mc files. Again,
you must restart sendmail via "service sendmail restart".
> Second I'm taking it that "name-of-mail-hub-machine" would be
> LHOST
Correct.
>
> for the masquerade command - I may be confused (like normal) but
> right now my LHOST machine is receiving all of my mail -if your
> talking about from the Internet. BUT if your talking about
> receiving it from the other machines then I need this command but
> what does "host.domaine.tld" translate into?
The "MASQUERADE_AS" would make all outgoing mail look like it's coming
from the mail hub machine, not the individual machines on your network.
Without it, the "From" lines in headers might show up as "user at LCLIENT".
With it, the "From" lines would show up as "user at LHOST".
As to the format, I screwed up. The actual format (as I show above) is
MASQUERADE_AS(`host.domain.tld')dnl
The "host.domain.tld" would translate to the FQDN of your LHOST machine.
For example, if your domain is "bmug.com" and your LHOST host name is
"mailhub", then "host.domain.tld" is "mailhub.bmug.com".
> I'm probably in over my head but I'm use to that.
Sendmail can be a bear to configure at times simply because it's so
flexible. With flexibility comes complexity, which is why O'Reilly's
"bat book" is over 1200 pages in length and costs about $60 US. It's
also why people who truly grok sendmail can charge kilobucks for
configuring mail systems for large companies.
You might find one of the other mail systems such as postfix or qMail
easier to configure. The odds are you will never use the advanced
features of sendmail--few people do. I did, but I ran a virtual mail
service with 10,000 domains and 85,000 users. We sold off that
business for the most part, but I still have about 400 domains and over
1500 users and we still do about 30,000 messages a day.
BTW, I HATE mail administration! :-p
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Okay, who put a "stop payment" on my reality check? -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list