sendmail configuration

Craig White plug-discuss@lists.PLUG.phoenix.az.us
Thu, 16 Aug 2001 09:36:13 -0700 

Thomas Mondoshawan Tate wrote:
> 
> On Thu, Aug 16, 2001 at 12:07:06AM -0700, John (EBo) David wrote:
> > Thomas Mondoshawan Tate wrote:
> > >
> > > I had to do this very thing with my own sendmail configuration. There should
> > > be a set of files in /etc/mail called access and relay-domains, along with
> > > corresponding access.db and relay-domains.db files. These contain the rules
> > > for who can access the mail server, etc. The first two (without the .db
> > > extension) are plain text files. You'll need to edit the access file and add
> > > a line that says "<yourdomain> RELAY" (no anglebrackets). After editing that,
> > > do a "makemap hash /etc/mail/access.db < /etc/mail/access". This will rebuild
> > > the database. Restart sendmail and test it with a mail client on the new
> > > domain.
> >
> > Thanks Thomas,
> >
> >   As it turns out, I do not have either access or relay-domains in
> > /etc/mail.
> >
> >
> > I've also crawled around /usr/lib/mail and took a gander at the
> > configuration definitions. and found that I have the feature
> > "relay_entire_domain" defined in
> > /usr/lib/mail/domain/<Qualified_domain_name>.m4.  I am thinking that I
> > should probably try changing it to "relay_hosts_only" as the definitions
> > read:
> >
> > relay_entire_domain
> >                 By default, only hosts listed as RELAY in the access db
> >                 will be allowed to relay.  This option also allows any
> >                 host in your domain as defined by the 'm' class ($=m).
> >
> > relay_hosts_only
> >                 By default, names that are listed as RELAY in the access
> >                 db and class 'R' ($=R) are domain names, not host names.
> >                 For example, if you specify ``foo.com'', then mail to or
> >                 from foo.com, abc.foo.com, or a.very.deep.domain.foo.com
> >                 will all be accepted for relaying.  This feature changes
> >                 the behaviour to lookup individual host names only.
> >
> > I've tried this too, and think that I have forgotten some magical
> > step...  I remember that there was one magical step that took me hours
> > to find in the docs, and was a one line (ad to do XYZ do bal)...  But
> > like I said, it has been a year...
> 
> If you change that m4 file, you'll have to go through the whole Sendmail
> reconfiguration again to rebuild the configuration file -- that's the hard
> way to do it, but it should work. If you pull down the tarball distribution
> of sendmail, they explain how to do it in detail in the cf/README file. I
> believe it involves editing a file called sendmail.mc that contains your
> site configuration and running it through m4 like this
> "m4 cf.m4 sendmail.mc > newsendmail.cf"
> 
> There is a _much_ easier way to reconfigure Sendmail -- through that
> access.db file I was referring to earlier. Look for a "Kaccess" statement in
> the beginning of the sendmail.cf file -- that's going to tell you where it is.
> That file happens to be that "access db" that they were referencing in the two
> options you mentioned above, and if you can find it, just follow the
> directions I mentioned before.
> 
---------
My standing rule is if you don't understand how m4 works, you have no
business editing sendmail.cf directly.

the sendmail.mc file is relatively straight forward to edit and it isn't
very difficult using the m4 command to generate a new sendmail.cf file
(the instructions are at the top of the /etc/mail/sendmail.mc file that
you edit anyway). TO set up relaying though, you shouldn't need to edit
the sendmail.mc file.

access file is typically located /etc/access and simply editing it
hostname.domain.tld                RELAY
should handle it (yes, you must 'rehash' the access file as stated
earlier in the thread).

note that this file should exist - either in /etc or in /etc/mail and
should already contain at least...
localhost.localdomain	RELAY
localhost		RELAY
127.0.0.1		RELAY

It also helps to have these hosts listed in /etc/hosts or at least in
DNS.

There are other options such as 'promiscuous relay' which allow anyone
to relay mail thru the server - which might be OK behind a firewall but
never on a machine that is exposed to the internet.

Craig