Sendmail

I believe that Sendmail is included automatically when FreeBSD is installed. If so, what configuring do I need to do to start sending and recieving mail?

I have a FreeBSD VPS so need to be able to configure it remotely and don't want it to crash on me so am a little wary of messing something up.
 
I believe that Sendmail is included automatically when FreeBSD is installed. If so, what configuring do I need to do to start sending and receiving mail?
By default Sendmail will send all your e-mails. The problem is by default nobody will accept them without valid MX record, reverse DNS and static IP. Letting Sendmail listen on an external interface and accepting e-mails is the fastest way to become spam zombie. I would suggest that you firstly better describe what kind e-mails you want to send and to whom and whose e-mails are you supposed to receive. If you can't give very specific answer to that question (for example I am running OpenSMTPd to forward emails generated by daemons like SMART from my internal network to a mailing list) you have no business touching default Sandmail configuration.
 
By default Sendmail will send all your e-mails. The problem is by default nobody will accept them without valid MX record, reverse DNS and static IP.

I've tried sending an email using mail from the cmd line on my VPS to my gmail account just as a test to see what happens.
Code:
Jun 20 09:09:17 vps31950 sendmail[4976]: u5K79HZ3004976: from=root, size=78, class=0, rcpts=1, msgid=<201606200709.u5K79HZ3004976@vps31950.localdomain>, relay=root@localhost
Jun 20 09:09:17 vps31950 sendmail[4976]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 20 09:09:17 vps31950 sm-mta[4977]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 20 09:09:17 vps31950 sm-mta[4977]: u5K79HDe004977: from=root@vps31950.localdomain>, size=418, class=0, nrcpts=1, msgid=<201606200709.u5K79HZ3004976@vps31950.localdomain>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Jun 20 09:09:17 vps31950 sendmail[4976]: u5K79HZ3004976: to=****@gmail.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30078, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u5K79HDe004977 Message accepted for delivery)
Jun 20 09:09:17 vps31950 sm-mta[4979]: STARTTLS=client, relay=gmail-smtp-in.l.google.com.,version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Jun 20 09:09:20 vps31950 sm-mta[4979]: u5K79HDe004977: to=<****@gmail.com>, ctladdr=<root@vps31950.localdomain> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30418, relay=gmail-smtp-in.l.google.com. [64.233.161.26], dsn=2.0.0, stat=Sent (OK 1466406561 i188si27202900lfe.82 - gsmtp)

Clearly, vps31950.localdomain is unsatisfactory - it's the hostname given by hosting company, although I do have a static IP address and a resolvable domain name for this host, I'm just not sure where to configure it since sendmail seems to have so many configuration files.

In /etc/mail/access.sample it mentions
Code:
# Mail relay access control list.  Default is to reject mail unless the
# destination is local, or listed in /etc/mail/local-host-names

There is no /etc/mail/local-host-names, not even a sample so I don't know what to put in, so I'm not sure if this is all I need to change to enable sending mail.
 
Make sure your hostname is set correctly in /etc/rc.conf. This is what Sendmail will use by default.
Then go into /etc/mail and run make.
Code:
# cd /etc/mail
# make
You should now have a file called server.hostname.mc. This is the file you should use to configure any Sendmail settings such as smart hosts, DNSRBL, etc. (Even editing this 'simplified' Sendmail configuration is a bit beyond a forum post but there's lots of info on the net). The defaults should be good enough to get email working though.
When you edit this file, run the following to generate the new configuration:
Code:
# make install restart
Running make on its own will generate server.hostname.cf configuration from server.hostname.mc. make install will install this file as sendmail.cf. make restart restarts Sendmail.

By default it will only accept emails addressed to someuser@server.hostname. If you want to accept for other domains, add them to /etc/mail/local-host-names, one per line. To configure specific addresses add them to /etc/mail/virtusertable. After editing these files run make install restart again. (Can't remember 100% if install is required here)

local-host-names
Code:
somedomain.com
otherdomain.com
virtusertable
Code:
user@somedomain.com         localuser
You will also want to make sure that server.hostname points to the correct IP address in DNS, and the reverse DNS for the IP address also maps to server.hostname. Clients or MX records can use any hostname you want such as mail.somedomain.com.
 
Make sure your hostname is set correctly in /etc/rc.conf. This is what Sendmail will use by default.

As I understand it the hostname in /etc/rc.conf is only read at boot up, and since this is running on a remote VPS I am a bit reluctant to reboot the system. Is there any way to refresh hostname without rebooting?
 
You could try # hostname my.hostname then restart Sendmail.
If you telnet to localhost on port 25, Sendmail should output the hostname it is using. Then just type quit to exit back to the shell.
 
You could try # hostname my.hostname then restart Sendmail.
If you telnet to localhost on port 25, Sendmail should output the hostname it is using. Then just type quit to exit back to the shell.

I tried to telnet localhost 25 on the actual system and it did show 'myhostname' - I believe the system had been rebooted so the hostname may have been changed through that. But when I try telnet 'myhostname' 25 from my LAN I get

Code:
Trying 176.122.227.xxx...
telnet: connect to address 176.122.227.xxx: Connection refused
telnet: Unable to connect to remote host

So it looks like Sendmail is not accepting incoming mail.
 
I did have this in/etc/rc.conf but have now added it, although I have not yet run

service sendmail start. Instead I ran service sendmail status which showed
Code:
service sendmail status
sendmail is running as pid 8141.
sendmail_msp_queue is running as pid 8143.

So I guess it is already running...
 
Unfortunately mail doesn't get through... I need to do something with MX records at the ISP hosting my domain.

It's a long time since I dabbled with MX records...
 
For a start I find the following command extremely useful to make sure Sendmail is configured to do the right thing with a specific email address:
Code:
# sendmail -bv me@somedomain.com
me@somedomain.com... deliverable: mailer local, user myusername
That shows that the email address is configured to be accepted by the local Sendmail mailer, and will be delivered to the local user myusername.

MX records are pretty simple, you just need to point it at your mail server's hostname.
Code:
somedomain.com IN MX 10 mailserver.hostname.

If the mail server is on a LAN, you'll need to forward port 25 through to it from the gateway router.
 
For a start I find the following command extremely useful to make sure Sendmail is configured to do the right thing with a specific email address:
If the mail server is on a LAN, you'll need to forward port 25 through to it from the gateway router.

No, the mail server is on some distant VPS. I'm trying to send mail to it from my local LAN.

It's weird that I can telnet to port 25, but I can't send mail to it via gmail...
 
Mail is sent to the MX address(es) of the domain. If the domain doesn't have an MX record (or it points to the wrong server) mail cannot be sent to it.

So if you want to send an email to test@example.com the example.com domain must have an MX record pointing to the mail server that can receive for the example.com domain. Just because you have an open port 25 it doesn't mean other mailservers are able to find it.
 
Code:
Jun 22 00:00:00 mydomain newsyslog[21367]: logfile turned over
Jun 22 03:08:30 mydomain sendmail[22896]: u5M18UWt022896: from=root, size=17738, class=0, nrcpts=1, msgid=<201606220108.u5M18UWt022896@mydomain.org>, relay=root@localhost
Jun 22 03:08:30 mydomain sendmail[22896]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 22 03:08:30 mydomain sm-mta[22927]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 22 03:08:31 mydomain sm-mta[22927]: u5M18UAK022927: from=<root@mydomain.org>, size=18064, class=0, nrcpts=1, msgid=<201606220108.u5M18UWt022896@mydomain.org>, proto=ESMTP, daemon=IPv4, relay=localhost [127.0.0.1]
Jun 22 03:08:31 mydomain sendmail[22896]: u5M18UWt022896: to=root, ctladdr=root (0/0),delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=47738, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u5M18UAK022927 Message accepted for delivery)
Jun 22 03:08:31 mydomain sm-mta[22945]: u5M18UAK022927: to=<root@mydomain.org>, ctladdr=<root@mydomain.org> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=48399, relay=local, dsn=2.0.0, stat=Sent
Jun 22 03:08:45 mydomain sendmail[22953]: u5M18jC4022953: from=root, size=1550, class=0, nrcpts=1, msgid=<201606220108.u5M18jC4022953@mydomain.org>, relay=root@localhost
Jun 22 03:08:45 mydomain sendmail[22953]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 22 03:08:45 mydomain sm-mta[22955]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Jun 22 03:08:45 mydomain sm-mta[22955]: u5M18jQR022955: from=<root@mydomain.org>, size=1876, class=0, nrcpts=1, msgid=<201606220108.u5M18jC4022953@mydomain.org>, proto=ESMTP, daemon=IPv4, relay=localhost [127.0.0.1]
Jun 22 03:08:45 mydomain sendmail[22953]: u5M18jC4022953: to=root, ctladdr=root (0/0),delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31550, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u5M18jQR022955 Message accepted for delivery)
Jun 22 03:08:45 mydomain sm-mta[22956]: u5M18jQR022955: to=<root@mydomain.org>, ctladdr=<root@mydomain.org> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32211, relay=local, dsn=2.0.0, stat=Sent
Jun 22 06:40:35 mydomain sm-mta[24397]: u5M4eZh9024397: mail.ndscorp.vn [203.171.31.60] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4

I assume most of these entries are just as a result of admin tasks which are done automatically, although I'm not sure what triggers them.

I don't have an MX record setup yet so am not sure what brought about the last entry - I guess it was just a random spammer.
 
I don't have an MX record setup yet so am not sure what brought about the last entry - I guess it was just a random spammer.
Yeah, although you don't have an MX record yet as soon as you open port 25 (or any other port) bots are going to find it and will try to abuse it. So, especially with mailservers, make sure your server is configured correctly as it is really easy to get abused as a spam relay.
 
Yeah, although you don't have an MX record yet as soon as you open port 25 (or any other port) bots are going to find it and will try to abuse it. So, especially with mailservers, make sure your server is configured correctly as it is really easy to get abused as a spam relay.

What do I need to ensure to prevent being used as a spam relay?
 
Since you're not actually using it (as you don't have an MX record for it) I would suggest simply taking it off the internet. To send email you don't require a port listening on the internet. What's not open can never be abused.
 
There's one thing puzzling me here. When looking at the originally shared log snippet then I can't help notice this one:

Code:
Jun 20 09:09:17 vps31950 sm-mta[4979]: STARTTLS=client, relay=gmail-smtp-in.l.google.com.,version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Jun 20 09:09:20 vps31950 sm-mta[4979]: u5K79HDe004977: to=<****@gmail.com>, ctladdr=<root@vps31950.localdomain> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30418, relay=gmail-smtp-in.l.google.com. [64.233.161.26], dsn=2.0.0, stat=Sent (OK 1466406561 i188si27202900lfe.82 - gsmtp)
That last line is a clear indication that your MTA offered the e-mail up to Google which then accepted it. As such your e-mail did get through. Did you check your spam folders and such?
 
Since you're not actually using it (as you don't have an MX record for it) I would suggest simply taking it off the internet. To send email you don't require a port listening on the internet. What's not open can never be abused.

I am intending to receive mail, I just want to ensure I'm not creating a spam gateway before creating an MX record and that I don't get bombarded with unwanted mail.
 
There's one thing puzzling me here. When looking at the originally shared log snippet then I can't help notice this one:


That last line is a clear indication that your MTA offered the e-mail up to Google which then accepted it. As such your e-mail did get through. Did you check your spam folders and such?

I was able to send from my VPS and the mail did get through. I'm just looking at what I need to do to be able to receive...
...apart from getting an MX record in place.
 
Back
Top