SendMail Help

brad.mugleston at comcast.net brad.mugleston at comcast.net
Sat Aug 19 06:12:49 UTC 2006 

On Wed, 16 Aug 2006, Rick Stevens wrote:

> On Tue, 2006-08-15 at 20:42 -0600, brad.mugleston at comcast.net wrote:
> > > want to designate a "mail hub" which receives mail from all of your
> > > internal machines and sends it out on behalf of them.
> > >
> > > For security reasons, I recommend a mail hub (only it is exposed to the
> > > internet, centralizes virus and spam filtering, etc.).  So, on all
> > > of the machines EXCEPT the mail hub, make sure you have:
> > >
> > > 	define(`SMART_HOST', `name-of-mail-hub-machine')dnl
> > >
> > > in the sendmail.mc file.  You also should decide if you want the hub
> > > to receive mail on behalf of all your machines.  If so, also define
> > > the MASQUERADE_AS macro:
> > >
> > > 	define(`MASQUERADE_AS', `host.domain.tld')dnl
> > >
> > > Now, as to firewalls, only the mail hub needs to talk to the internet
> > > over port 25.  The rest of the machines in your network will use port
> > > 25 to talk to the mail hub.  So, the firewall rules on the router should
> > > permit the mail hub port 25 access to the internet and should block all
> > > others.  Do NOT block port 25 on any of the internal machines (either
> > > through iptables or Windows firewalls).
> > >
> >
> > OK, sounds good to me BUT I need some translations.
> >
> >
> > Lets make it simple - two machines named LHOST and LCLIENT.
> > LHOST is my mail server and LCLIENT is the machine I'm sitting
> > at.
> >
> > First, what file holds these names and on what physical machine
> > (both for XP and Linux)
>
> The "define(`SMART_HOST', `LHOST')dnl" would be
> put in your LCLIENT's "/etc/mail/submit.mc" file under Linux, after
> which you must restart sendmail via "service sendmail restart".
>
> Under Windows, just modify the SMTP server setting of Outschnook or
> whatever to point at "LHOST".
>
> The "MASQUERADE_AS(`host.domain.tld')dnl" bit would be put
> in LHOST's /etc/mail/sendmail.mc and /etc/mail/submit.mc files.  Again,
> you must restart sendmail via "service sendmail restart".
>
> > Second I'm taking it that "name-of-mail-hub-machine" would be
> > LHOST
>
> Correct.
>
> >
> > for the masquerade command - I may be confused (like normal) but
> > right now my LHOST machine is receiving all of my mail -if your
> > talking about from the Internet.  BUT if your talking about
> > receiving it from the other machines then I need this command but
> > what does "host.domaine.tld" translate into?
>
> The "MASQUERADE_AS" would make all outgoing mail look like it's coming
> from the mail hub machine, not the individual machines on your network.
> Without it, the "From" lines in headers might show up as "user at LCLIENT".
> With it, the "From" lines would show up as "user at LHOST".
>
> As to the format, I screwed up.  The actual format (as I show above) is
>
> 	MASQUERADE_AS(`host.domain.tld')dnl
>
> The "host.domain.tld" would translate to the FQDN of your LHOST machine.
> For example, if your domain is "bmug.com" and your LHOST host name is
> "mailhub", then "host.domain.tld" is "mailhub.bmug.com".
>
> > I'm probably in over my head but I'm use to that.
>
> Sendmail can be a bear to configure at times simply because it's so
> flexible.  With flexibility comes complexity, which is why O'Reilly's
> "bat book" is over 1200 pages in length and costs about $60 US.  It's
> also why people who truly grok sendmail can charge kilobucks for
> configuring mail systems for large companies.
>
> You might find one of the other mail systems such as postfix or qMail
> easier to configure.  The odds are you will never use the advanced
> features of sendmail--few people do.  I did, but I ran a virtual mail
> service with 10,000 domains and 85,000 users.  We sold off that
> business for the most part, but I still have about 400 domains and over
> 1500 users and we still do about 30,000 messages a day.
>
> BTW, I HATE mail administration!  :-p
>
> ----------------------------------------------------------------------
> - Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
> - VitalStream, Inc.                       http://www.vitalstream.com -
> -                                                                    -
> -         Okay, who put a "stop payment" on my reality check?        -
> ----------------------------------------------------------------------
Rick,

As always your a great help - this weekend has gotten more than a
little busy but I'll let you know if I can get it to work.

Brad

More information about the Redhat-install-list mailing list