The recommended configuration for an ISP environment should not be that different from that of the corporate but there are some considerations to take into account. ISPs tend to have a very heavy POP3 load as their clients generally use POP3 to get their mail. A medium to large ISP (particularly one which is growing rapidly) might want to consider separating their MX host from their POP3 host. The POP3 host would not need to be an MX host and its MTA could be configured to only accept mail inbound from the primary MX for the domain which would then be delivered locally to the customer's mail spool. In networks where the client load is very, very high a third machine could be added to the architecture which would only accept mail from the provider's dial-up customers and then send it out to its destination. In this way the primary MX for the domain would only accept inbound mail from the world and route it to the POP3 host and the effective load on all three machines would be reduced. The important thing to do with this is to apply limits to what mail is accepted by the non-MX hosts. Here are some sample configurations and comments:
divert(-1)
include(`/usr/lib/sendmail-cf/m4/cf.m4')
dnl let's define our OS type. This one is mandatory.
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')
dnl the following line moves the default alias file location to /etc/mail Doing it this way
dnl allows the newaliases command to function properly with the aliases file
dnl once it's moved from the Red Hat default location in /etc.
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
dnl if the net were a kinder gentler place we wouldn't need the next line.
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl
dnl if it's not immediately deliverable let us know in 4 hours and return it if it's
dnl not been delivered after 4 days.
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
dnl Let's tell the system where procmail lives
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl we want all mail sent to the pop3 host for delivery
define(`MAIL_HUB', `pop3.isp.net')
dnl we don't need either one of the next two entries so lets remove the default.
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY') dnl
dnl when people move on it will really help to give them an informative bounce
FEATURE(`redirect')dnl
dnl we are 'isp.net' after all. Let's make it so.
FEATURE(`always_add_domain')dnl
dnl let's set up class w as a text file. It's easier to manage that way. Since this host is designed
dnl to relay be careful about what you put in this file
FEATURE(`use_cw_file')dnl
dnl we defined the path to procmail now let's implement it
FEATURE(`local_procmail')dnl
dnl we won't be doing any uucp
FEATURE(`nouucp')dnl
dnl with the mailertable we can redirect mail anywhere we want. Very handy. Particularly for an ISP.
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
dnl with the virtusertable we can have multiple mail accounts with the same name
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
dnl the access file gives us fine grained control of our relay capability
FEATURE(`access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
dnl note that we patched our version of sendmail to be able to use more than one rbl entry
dnl see section 2.3.2 of this document for more information and a HOWTO. These next 3
dnl entries are completely optional but recommended if you'd like to limit the amount
dnl of spam you receive inbound to your domain
FEATURE(rbl,`rbl.maps.vix.com',` Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/rbl/')dnl
FEATURE(rbl,`dul.maps.vix.com',`Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/dul/')dnl
FEATURE(rbl,`relays.mail-abuse.org',` Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/rss/')dnl
dnl the default MDA with Red Hat Linux is procmail so let's use it. We need this line.
MAILER(procmail)dnl
MAILER(smtp)dnl
|
divert(-1)
include(`/usr/lib/sendmail-cf/m4/cf.m4')
dnl let's define our OS type. This one is mandatory.
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')
dnl the following line moves the default alias file location to /etc/mail. Doing it this way
dnl allows the newaliases command to function properly since we've moved the aliases file
dnl from the default Red Hat Linux location in /etc.
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
dnl if the net were a kinder gentler place we wouldn't need the next line.
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl
dnl if it's not immediately deliverable let us know in 4 hours and return it if it's
dnl not been delivered after 4 days.
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
dnl Let's tell the system where procmail lives
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl we don't need either one of the next two entries so lets remove the default.
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY') dnl
dnl let's set up class w as a text file. It's easier to manage that way.
FEATURE(`use_cw_file')dnl
dnl we defined the path to procmail now let's implement it
FEATURE(`local_procmail')dnl
dnl we won't be doing any uucp
FEATURE(`nouucp')dnl
dnl with the mailertable we can redirect mail anywhere we want. Very handy.
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
dnl with the virtusertable we can have multiple mail accounts with the same name
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
dnl the access file gives us fine grained control of our relay capability
FEATURE(`access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
dnl note that we patched our version of sendmail to be able to use more than one rbl entry
dnl see section 2.3.2 of this document for more information and a HOWTO. These next 3
dnl entries are completely optional but recommended if you'd like to limit the amount
dnl of spam you receive inbound to your domain
FEATURE(rbl,`rbl.maps.vix.com',` Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/rbl/')dnl
FEATURE(rbl,`dul.maps.vix.com',`Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/dul/')dnl
FEATURE(rbl,`relays.mail-abuse.org',` Mail from $&{client_addr} rejected; see http://www.mail-abuse.org/rss/')dnl
dnl the default MDA with Red Hat Linux is procmail so let's use it. We need this line.
MAILER(procmail)dnl
MAILER(smtp)dnl
|
divert(-1)
include(`/usr/lib/sendmail-cf/m4/cf.m4')
dnl let's define our OS type. This one is mandatory.
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')
dnl the following line moves the default alias file location to /etc/mail Doing it this way
dnl allows the newaliases command to function properly with the aliases file
dnl once it's moved from the Red Hat Linux default location in /etc. We've also added a majordomo
dnl aliases file as this machine would be the right one to be the listserv if your service needs one.
define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo')dnl
dnl if the net were a kinder gentler place we wouldn't need the next line.
define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy')dnl
dnl if it's not immediately deliverable let us know in 4 hours and return it if it's
dnl not been delivered after 4 days.
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
dnl we don't need either one of the next two entries so lets remove the default.
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY') dnl
dnl Let's tell the system where procmail lives
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl we are 'isp.net' after all. Let's make it so.
FEATURE(`always_add_domain')dnl
dnl Let's set up masquerading since we will need it.
MASQUERADE_AS(`isp.net')dnl
dnl Let's also set it up so that we can have all of our domains listed in an unmapped text file. This way clients with custom or vanity
dnl domains can send mail with a from address that uses their domain.
MASQUERADE_DOMAIN_FILE(`/etc/mail/masq-domains')dnl
dnl we won't be doing any uucp
FEATURE(`nouucp')dnl
dnl The genericstable gives us the ability to manipulate outbound addresses so we should use it here on
dnl the outbound host.
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl
dnl We need the mailertable on this machine to handle cases where the mail is intended for other local users on the same service.
dnl We would add the following to the mailertable:
dnl @isp.net SMTP:pop3.isp.net
FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl
dnl The access file gives us fine grained control of our relay capability. For our outbound host we must be sure to explicitly allow
dnl all of our dialup IP addresses by adding them to the access table
FEATURE(`access_db', `hash -o /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
dnl The default MDA with Red Hat Linux is procmail so let's use it. We need this line.
MAILER(procmail)dnl
MAILER(smtp)dnl
|
So as you can see what we've done is setup our three machines to handle three associated mail tasks separately. Smaller service providers can handle all three tasks plus any listserv functionality required on a single host by combining the features highlighted here in a single configuration. But in this config your clients will never touch the inbound SMTP host. They would set their POP3 value in their MDA to pop3.isp.net and their SMTP value to out.isp.net. Note that the access file for the outgoing mail host has to include an explicit RELAY authorization for all of your dial-up ports, otherwise your clients will get rejected when they try to send mail. Whet we've actually done here is distributed the load amongst three machines and in an ISP with a significant number of dial-up clients this can really improve performance.