Sendmail is one of the most common MTAs or Mail Transfer Agent email servers using on Linux. There are also several other viable email daemon alternatives like Postfix, Qmail, etc. So why did I initially pick and still STAY with Sendmail? Well, Sendmail is the most common email server out there and it's well documented. Some TrinityOS users also email me complaining that Sendmail is slow, bloated, or insecure when compared to other MTAs. In the past, this argument had some real truth to it but not with modern versions of Sendmail. Sendmail is now just as fast, secure, and probably MORE powerful than any other MTA out there. Ultimately, it's your decision but I think picking Sendmail is a good one.
Though configuring Sendmail and running might seem compilicated, it isn't too bad. Just take it a step at a time and you'll do fine. Yes, many of the commands are terse but the included configs are pretty good. If you don't trust TrinityOS's configs, check out http://www.sendmail.org for more details.
********
**
** Currently, Sendmail 8.12.9 and 8.11.7 (patched) are the latest known
** SECURE versions of Sendmail though there is a KNOWN issue with the
** "smrsh" shell. This isn't an issue for the TrinityOS configuration but
** patches are available if you need smrsh functionality. If you are
** running an older version, please UPGRADE.
** -------
** If you aren't sure what version of Sendmail you are running or what
** features were compiled into your version of Sendmail, try this command:
**
** Generic method: sendmail -d0.1 </dev/null
**
** Redhat: rpm -qa | grep sendmail
**
********
-----------------------------------------------------------------------------
NOTE: The following Sendmail configs are:
1. Tuned for Anti-SPAM via blackhole lists. Please note that
I'm 100% sure you will drop email from some of your friends
because their ISP is associated with UCE or SPAM. Until
the SPAM situation improves, drastic measures like this are
required. It should be noted that I'm coming to the conclusion
that these anti-spam blackhole systems DON'T work very well and
cause more problems than they are worth. Stay tuned as I'm
not going to let this continue.
2. Tailored to MASQ users that have 1+ machines on an internal LAN
3. Users of Sendmail >= 8.9.x
Sendmail 8.8.x users can find 8.8.x in the TrinityOS-Retired
documentation available at:
http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS/RETIRED/TrinityOS-Retired.html
BUT these configs also apply to:
2. Linux users that are NOT doing MASQ will *STILL* need to make some
of the changes below if they plan to have their Linux box send
email whatsoever.
-----------------------------------------------------------------------------
As Sendmail continues to evolve to fill the needs of various users, the configuration files, file locations, and mechanisms have changed. Here is a small table of the changes that effect TrinityOS users:
Sendmail 8.11.x+
Sendmail 8.9.x+
Sendmail 8.8.x
Distribution Specific
tar czvf /root/backup/sendmail-old.tgz /etc/aliases /etc/sendmail.* /etc/mail/* /usr/sbin/sendmail /usr/lib/sendmail-cf/*
Thoughts on the use of binary RPMs vs. compiling source code
BIND (dns) and Sendmail (smtp)
With that said...
Installing via RPMs:
cd /usr/src/archive/sendmail
gpg --import PGPKEYS
gpg --verify sendmail.8.11.6.rpm
Make sure it says "Good Signature" at the top. There might be some trust warnings but don't worry about that.
rpm -Uvh sendmail-*.rpm
The recommended TrinityOS approach to installing Sendmail is via COMPILING it. See the "Thoughts" item in the RPMs paragraph above.
cd /usr/src/archive/sendmail
gunzip sendmail.8.11.6.tar.gz
gpg --import PGPKEYS
gpg --verify sendmail.8.11.6.tar.sig
Make sure it says "Good Signature" at the top. There might be some trust warnings but don't worry about that.
tar -xvf sendmail.8.11.6.tar
LIBS= ifdef(`confLIBS', `confLIBS')
LIBS= ifdef(`confLIBS', `confLIBS') -lresolv
trinityos.mc file shown below will hide this info from most Sendmail
responses, it cannot do them all. THIS will and I bet it will help protect
you from any current and even possible future Sendmail-specific Internet worms.
Edit the file sendmail/version.c file and change the version number in
the quotes to something like "TrinityOS Hardened".
Sendmail 8.11.x+ : sh Build
or
Sendmail 8.9.x : make
make install
If Sendmail is already running, shut it down :
/etc/rc.d/init.d/sendmail stop
kill -9 `ps aux | grep sendmail | grep -v -e grep | awk '{print $2}'`
Finally, I recommend to move over the new Sendmail docs to their proper resting place. For this example, I put Sendmail in /usr/src/archive/Sendmail/Sendmail-8.11.x and it will goto /usr/lib/sendmail-if/ :
cd /usr/src/archive/sendmail/sendmail-8.11.x/cf
tar cf - . | (cd /usr/lib/sendmail-cf/; tar xvf -)
Currently, Sendmail 8.12.9 and 8.11.7 have a "smrsh" security bug. It's patchable but TrinityOS doesn't use it. So, I recommend to just disable it by running:
chmod 500 /usr/sbin/smrsh
Next, regardless if you are going to run a MASQ or non-MASQed network, edit or create the following. Please note that the /etc/mail/local-host-names is very important since it tells Sendmail WHAT DOMAINS TO ACCEPT EMAIL FOR. In this file, put in **ALL** of the domain names you registered with the Internic. Basically, /any/ hosts listed via the "whois" command for a given Internet domain you want to be the FINAL destination for should be listed in this file.
NOTE: If you are going to be a BACKUP email server (temporary email storage) for other domains, the hostnames of those remote servers for those domain names should NOT be listed in this file.
Sendmail 8.11.x - 8.10.x
/etc/mail/local-host-names
--
acme123.com
--
Sendmail - 8.9.x
/etc/mail/sendmail.cw
--
acme123.com
--
*********************************************************************** ** Supporting more than one Internet domain - NOT being a backup MX ** ** If you are going to host MULTIPLE Internet domains on this one ** box (ie. acme123.com and newdomain.com), simply add all ** the other domain names that you want to be able to receive ** email for in the files for your Sendmail version as shown above ** and you'll be set! ** ** This is NOT for being a backup email server for remote domains. ***********************************************************************
=================================================================
All users, regardless of using the RPMs or compiling the source:
=================================================================
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
Doing it the M4 way (recommended):
mkdir /usr/lib/sendmail-cf tar cpf - /usr/src/archive/sendmail/sendmail-x.x.x/* | (cd /usr/lib/sendmail-cf; tar xpvf -)
Redhat users:
NOTE: You may or may NOT have this file
Make a backup of your old .mc file
cp redhat.mc redhat.mc.old
NOTE #1 - you only have to update the lines that have "acme123.com" in it. Leave the rest alone for LINUX systems.
All of the following configuration options are fully described in /usr/lib/sendmail-cf/README:
/usr/lib/sendmail-cf/cf/trinityos.mc
--
#TrinityOS.mc 8.11.x config - v050402
#
#Give the configuration a version number
VERSIONID(`@(#)trinityos.mc 8.11 (Berkeley) 12/21/01')
#Tell sendmail that the CF file is for the Linux OS
OSTYPE(linux)
#Disable UUCP. Its old and dead.
FEATURE(nouucp,reject)
#When sending email locally, use procmail to send mail vs. sendmail. More efficient.
FEATURE(local_procmail)
#Enable the SMTP protocol - other options are the legacy protocols like UUCP and BitNet
MAILER(smtp)
#Use procmail as the local mailer.
MAILER(procmail)
#Rewrite ALL outgoing email to be from acme123.com and not somehost.acme123.com
MASQUERADE_AS(acme123.com)
MASQUERADE_DOMAIN(acme123.com)
FEATURE(masquerade_entire_domain)
#This also does the above trick but also works more in the header.
FEATURE(masquerade_envelope)
#If you email someone locally, say "greg" without the full domain, Sendmail will
#append acme123.com to the address. "greg@acme123.com"
FEATURE(always_add_domain)
#Enable the use of the various Blackhole lists for automatic SPAM filtering
#
# Make sure that each line is NOT wrapped. Make sure its one long line
#
# WARNING: This is tuned for Anti-SPAM via blackhole lists. Please note that
# I'm 100% sure you will drop email from some of your friends
# because their ISP is associated with UCE or SPAM. Until
# the SPAM situation improves, drastic measures like this are
# required
#
# Note: 083003: Removed the use of relays.osirusoft.com since they are now gone
#
FEATURE(dnsbl, `bl.spamcop.net', `Mail rejected - Open spam relay - see http://spamcop.net/bl.shtml? $&{client_addr}')dnl
FEATURE(dnsbl, `unconfirmed.dsbl.org', `Rejected - See http://unconfirmed.dsbl.org/')dnl
FEATURE(dnsbl, `relays.ordb.org', `Mail rejected - Open spam relay - see http://ordb.org/')dnl
#Use the /etc/mail/sendmail.cw file for what domains to allow the receiving of
#email for. This option is old and has been replaced with the /etc/mail/
#lost-host-names file
FEATURE(use_cw_file)
#Define where sendmail can find procmail
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')
#Delete all the program and version information out of the SMTP header
define(`confSMTP_LOGIN_MSG',`')
#Enhance security by not offering version numbers in the HELP output
define(`HELP_FILE',`')
#Enable more secure operation of Sendmail
define(`confPRIVACY_FLAGS',`authwarnings noexpn novrfy needmailhelo noetrn')
#Enable the new Sendmail access DB support.. needed for backup SMTP setups
FEATURE(access_db)
#Enable to support backup SMTP for remote domains where the remote user is NOT locally defined
#on the local box
FEATURE(relay_mail_from)
--
****************************************************** * Please do NOT use old versions of Sendmail unless * * ABSOLUTELY required to void spam and possible * * security issues!! * ******************************************************
/usr/lib/sendmail-cf/cf/trinityos.mc
-- #TrinityOS.mc 8.9.x config - OBSOLETE - do NOT use # #Give the configuration a version number VERSIONID(`@(#)trinityos.mc 8.10 (Berkeley) 11/26/99') #Tell sendmail that the CF file is for the Linux OS OSTYPE(linux) #Disable UUCP. Its old and dead. FEATURE(nouucp) #When sending email locally, use procmail to send mail vs. sendmail. More efficient. FEATURE(local_procmail) #Use procmail as the local mailer. MAILER(procmail) #Enable the SMTP protocol - other options are the legacy protocols like UUCP and BitNet MAILER(smtp) #Rewrite ALL outgoing email to be from acme123.com and not somehost.acme123.com MASQUERADE_AS(acme123.com) MASQUERADE_DOMAIN(acme123.com) FEATURE(masquerade_entire_domain) #This also does the above trick but also works more in the header. FEATURE(masquerade_envelope) #If you email someone locally, say "greg" without the full domain, Sendmail will #append acme123.com to the address. "greg@acme123.com" FEATURE(always_add_domain) #Enable the use of the Realtime Blackhole list for automatic SPAM filtering FEATURE(rbl) #Use the /etc/sendmail.cw file for what domains to allow the receiving of #email for. This option is old and will be replace with something else. FEATURE(use_cw_file) #Define where sendmail can find procmail define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail') #Delete all the program and version information out of the SMTP header define(`confSMTP_LOGIN_MSG',`') #Enable more secure operation of Sendmail define(`confPRIVACY_FLAGS',`authwarnings noexpn novrfy needmailhelo noetrn') --
The following script will create the "trinityos.cf" file from the just created "trinityos.mc" file. I recommend you save this script so you don't have to type all this in every time you change something in the .mc file.
/usr/lib/sendmail-cf/cf/generate-cf
#!/bin/sh
# TrinityOS - generate.cf script - v050402
#
CFDIR="/usr/lib/sendmail-cf"
SRCFILE="trinityos"
cd $CFDIR
m4 ${CFDIR}/m4/cf.m4 ${CFDIR}/cf/$SRCFILE.mc > ${CFDIR}/cf/$SRCFILE.cf
# Please note this is the destination directory for Sendmail 8.9.x and
# newer
if [ -f ${CFDIR}/cf/$SRCFILE.cf ]; then
mv /etc/mail/sendmail.cf /etc/mail/sendmail-`date +%m%d%y`
cp ${CFDIR}/cf/$SRCFILE.cf /etc/mail/sendmail.cf
echo -e "New CF file created.\n\n `ls -la /etc/mail/sendmail.cf`\n"
echo -e "Restart Sendmail for changes to take effect\n"
else
echo -e "\nError: Output CF file not found\n"
fi
Doing it the hacker way (NOT recommended unless you really REALLY know what you are doing:
DMacme123.com
S94
#R$+ $@ $>93 $1
R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
S94
R$+ $@ $>93 $1
#R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2
In the future, Section 18 of TrinityOS will be inserted here. Until then, please jump to that section to make sure you have any required email aliases setup.
The final step to setting up a email server is DNS. Basically, when you send an email to say "root@acme123.com", the sender's email program has to know what IP address to send this email to.
What happens is the sender's email program will first go out to the Internet and get an IP address of a DNS server that can answer for the "acme123.com" domain. Once this IP address is found, the email program will then ask for an "MX" record for this domain. An MX record or "Mail eXchange" host is basically a record of what hosts will accept email for this domain. You can have as many MX records in DNS as you want. Just be sure the hosts listed are setup to accept email for your domain. In addition to the host name for the MX record, there is a METRIC with each MX record. Lower the MX metric, the more the remote email server will be preferred over the other email servers. Basically, your machine should have the lowest MX metric and all of your backup email servers should have a higher metric.
Anyway, please see Section 24 - DNS for all the specifics on configuring the DNS MX records. Please take SPECIAL note of secondary DNS servers section. If your DNS zone becomes unavailable due to your DNS server being down too long, it won't matter if you have several redundanct email servers or not. If the remote email clients can't resolve the MX record, the mail will bounce.
1) Did you follow the "aliases" instructions in Section 18?
2) Enable Debugging:
Sometimes you will need to run Sendmail in debugging mode to see what is really going on. To do this, follow these steps:
3) I had some issues with the 8.9.3 installation at this point. Specifically, I was getting the following in /var/log/maillog:
Aug 24 22:38:45 trinity2 sendmail[7375]: WAA07051: SYSERR(root): Cannot exec /usr/local/bin/procmail: No such file or directory Aug 24 22:38:45 trinity2 sendmail[7368]: WAA07051: to=<dranch at trinnet dot net>, delay=00:10:10, xdelay=00:00:00, mailer=local, stat=Operating system error
This is because sendmail wasn't looking for procmail in the right place. You can either implement the following hack or fix it the proper way by using the:
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')
paramter in the 8.9.x. trinityos.mc file and then recompile the M4 script into a new resulting sendmail.cf file as shown earlier in this section.
To hack it and just get things running, I had to fix a path ISSUE:
ln -s /usr/bin/procmail /usr/local/bin/procmail
Ok, next, you need to make sure that your mail server is SECURE and RELAY-free:
- When hackers want to hack into a given a email server, they will first want to find out what version of the email server you are running. Once they know what version you are running, they can then run exploits against it. Also, they will try to find out where root and postmaster email goes to. So, what can you do?
1. Always run the newest version of your email server. Be it Sendmail, Qmail, PostFix, etc.
2. Hide the name and version of your email server:
- Sendmail:
The trinityos.mc file already uses the "define(`HELP_FILE')" method to block remote users from MOSTLY determining what version of Sendmail you are running.
The manual way requires you to edit the /etc/sendmail.cf file and change the following lines from:
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
O Privacy Options=authwarnings
O HelpFile=/usr/lib/sendmail.hf
O SmtpGreetingMessage=
O Privacy Options=authwarnings noexpn novrfy needmailhelo noetrn
O HelpFile=
NOTE: The "Privacy Options" and "HelpFile"
changes were already done for you in the above
/usr/lib/sendmail-cf/cf/trinityos.mc file.
A note on Compatiblity :
I have had one user that told me that the "needmailhelo" option was possibly causing "SMTP error 250 - remote protocol error" problems with some remote SMTP servers. Please understand that this is NOT a Sendmail problem on your end. This option exposed a broken SMTP on the remote end.
You should also keep in mind that Sendmail, to this day, is one of the most tolerant SMTP servers when communicating to broken remote SMTP servers. If you were to move over to a different SMTP server, say Qmail, you would notice a LOT more broken SMTP servers out on the Internet.
- Do you need Sendmail to run as a DAEMON:
You now need to determine if you need to have sendmail running all the time or just have it occasionally load up to send email. What's the difference?
- Sendmail ONLY needs to be always running if you have your own FQDN domain such as acme123.com which you registered with the Internic.
If you do have your own domain and want to receive email, make sure to enable Sendmail that was DISABLED in Section 8
If you DON'T have your own domain, you DO NOT NEED Sendmail to always run. Because of this, I recommend to disable Sendmail as a DAEMON as shown in Section 8. If you do disable Sendmail but if you want to SEND email from your Linux box, you still need to have Sendmail (or any other MTA like Qmail, Vmail, PostFix, etc) installed.
If you aren't going to have Sendmail running Daemon mode, your locally sent email should be able to get out fine. But, if there is a problem with your Internet connection, the Internet itself, or the remote mail server, when you originally tried to send that mail, it WON'T be automatically be re-scheduled to be sent at a later time. To get Sendmail to retry later, you need to configure "cron" to try to resend any queued email once an hour.
To have sendmail try sending delayed email:
Redhat:
Create the /etc/cron.hourly/sendmail file
/usr/sbin/sendmail -q
Slackware:
edit the /var/spool/cron/crontabs/root file and add a line:
01 * * * * /usr/sbin/sendmail -q
Now, re-load cron to see the changes:
That's it! Now you need to test Sendmail:
1. First, start it up:
Redhat: /etc/rc.d/init.d/sendmail restart
Slackware: /usr/sbin/sendmail -bd -q1h
2. If you are running your own domain:
2.A. Send an email to the "root" account of your domain (for
example: root@acme123.com) from a remote computer out
on the Internet somewhere. Make sure that this test email
arrives to /your/ INBOX and not root's mailbox.
2.B. Look at the email headers and make sure that the TO: field
looks ok.
3. Regardless, if you DO or DON'T have your own Internet domain name:
3.A. Send email /from/ the local Linux box to a different user on
the local Linux box (via Pine, ELM, etc). Make sure it gets
there.
3.B. Send email from the local Linux box to the "root" account.
Make sure that this email is properly forwarded to the user
configured to receive "root's" email via
Section 18
4. For users that send email via a POP3/IMAP client (Eudora, Netscape,
etc) from an INTERNAL MASQed LAN connection:
4.A. Be sure to configure your POP3/IMAP client properly.
4.B. Send an email to a remote email account that you have
access to or that someone can then forward BACK to you.
4.C. -LOOK- at the email headers. Some programs make you
push some button to look at this information. Eudora needs
the "BlahBlah" button pushed. Pine requires that
you hit "O" for Options and then "H"
for Header Mode (note: these PINE options must be ENABLED in
Pine's configuration menus to even see them).
4.D. Make sure that none of the To, From: Reply, etc. addresses
look odd.
5. For users that send email from a POP3/IMAP client (Eudora, Netscape,
etc.) via the Internet (you are dialed into some other ISP, etc)
5.A. Be sure to configure your POP3/IMAP client and Linux POP/IMAP
server properly.
5.B. Be sure that you can receive email via POP/IMAP from your
Linux server.
*** 5.C. Send a piece of email to a remote account via the local mail
tools like Pine, elm, etc. Can you do it? Probably not!!
The reason for this is because you are trying to to EMAIL RELAY
through your Linux server and this is BAD. This is how you get
a majority of all that SPAM email.
To fix this, add ANY remote network names, either INTERNAL or
EXTERNAL, that you want to send email FROM into the
/etc/mail/relay-domains file. For example, say I'm dialed
into an ISP, say earthlink.net, and I want to send email via
my Linux server. Also, I will want to send email from ANY
machine on the internal MASQ'ed network. For this to work,
I would have to do the following:
--/etc/mail/relay-domains
earthlink.net
192.168.0
--
This can also be done by adding the specific hosts or IPs to
the /etc/mail/access file and marking them as "RELAY"s.
NOTE #1: I hope you realize that by doing line #1, any OTHER
users that use Earthlink.net can ALSO use your Linux server as
a relay site. This is BAD but you might not have any choice.
Your only other (but preferred) choice is to get a STATIC IP
address from your ISP (ie. Earthlink) and then configure in
THAT specific name or TCP/IP address.
NOTE #2: For the second line, you can also add either the
generic network IP address, a specific internal machine's IP
address, your top level FQDN, (acme123.com), or the FQDN of
each internal machine. Your pick.
6. Verify that the Blackhole Anti-Spam filter system is working.
Run the following command from the command line:
--
$ sendmail -bt -C /etc/mail/sendmail.cf
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> .D{client_addr}127.0.0.1
> Basic_check_relay <>
Basic_check_rela input: < >
Basic_check_rela returns: OKSOFAR
> .D{client_addr}127.0.0.2
> Basic_check_relay <>
Basic_check_rela input: < >
Basic_check_rela returns: $# error $@ 5 . 7 . 1 $: "550 Mail from " 127 . 0 . 0
. 2 " refused by blackhole site rbl.maps.vix.com"
> CTRL/D
--
Ahhh.. works like a charm!
7. Make sure that the online HELP system doesn't work:
7.A TELNET to either your external IP, localhost, or internal IP
address (if you have one) on port 25 and issue the HELP
command. Type in QUIT when finished.
telnet localhost 25
--
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ESMTP
HELP
502 5.3.0 Sendmail TrinityOS -- HELP not implemented
quit
221 2.0.0 roadrunner.acme123.com closing connection
Connection closed by foreign host.
--
7.B You will probably notice that the Sendmail version will show
up when you do that "HELP" test. Please note that deleting
all references to the Sendmail version numbers is difficult
but not impossible if you have a minimal or decent
understanding of C code. If you want to delete this specific
instance, edit the Sendmail srcrsmtp.c file and search for
"502 5.3.0". There, delete the "%s" from that line. You
can replace it with anything you wish. As you can see above,
I put in "TrinityOS". :)
8. Send a peice of email the manual way:
8.A TELNET to your EXTERNAL IP address on port 25. From
here, send email from some known good email address to
yourself on your new email server.
telnet 102.200.0.25 25
--
Trying 102.200.0.25
Connected to roadrunner.acme123.com
Escape character is '^]'.
220 ESMTP
helo dranch
250 ns.acme123.com Hello roadrunner.acme123.com [100.200.0.212], pleased to meet you
MAIL FROM: <dranch@backupacme.com>
250 2.1.0 <dranch@backupacme.com>... Sender ok
RCPT TO: <dranch@acme123.com>
250 2.1.5 <dranch@acme123.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
SUBJECT: email test
This is a manual TELNET test of email.
.
250 2.0.0 fBUH8t219012 Message accepted for delivery
quit
221 2.0.0 roadrunner.acme123.com closing connection
Connection closed by foreign host.
--
Errors in the logs:
mail loops back to me (MX problem?)
acme123.com ns.acme123.com roadrunner.acme123.com
Why be a backup SMTP server? Well, if your email server or someone else's email server goes down (Internet connection breaks, power loss, etc.), a backup server will queue up your emails until the original email server is back up. There are several other possible reasons:
Regardless of the reason, here are the steps to configure your Sendmail SMTP server to accept email for other domains. Please note that DNS changes and some backup DNS server is REQUIRED to get this running. Those changes are highlighted in Section 52- "Gracefully transitioning Internet domains through a IP address or ISP change change".
Before we get started, you should understand a little terminology:
When you RELAY email for some domain, the backup server will temporarily store those emails. Every hour, the backup SMTP server will try to re-deliver those emails to the final destination for up to FIVE days. After five days, those emails will be "bounced" back to the original server telling them that the mail could not be delivered.
Unlike being a RELAY, being a FINAL DESTINATION for an Internet domain
is no different than addition an additional domain to your own server.
The difference is that you will use the /etc/mail/aliases take
these emails and forward them to some OTHER email address.
NOTE: It's important to NOT have have ANY of the remote
domain(s) you are trying to be a final destination for be listed in
the /etc/mail/local-host-names. If they are, your email
server won't accept them as a final destination but try to relay
them back to the down server. Understand?
To allow Sendmail to RELAY email for a different domain than your own, you
first need to be sure that you enabled the "FEATURE(access_db)" and
FEATURE(relay_mail_from) options in the trinityos.mc Sendmail M4
script shown earlier in this section. Once you are sure those options are
present, compiled into the resulting /etc/mail/sendmail.cf file,
follow these steps:
# by default we allow relaying from localhost... localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY some-remote-domain.com RELAY yet-another-domain.net RELAY
makemap hash /etc/mail/access < /etc/mail/access
/etc/mail/make-new-access for future use).That's it. Everything SHOULD work ok but you NEED to test it. To test it, follow the steps in Section 25.9.8 above but instead of TELNETing to the 127.0.0.1 address, TELNET to your one of your external backup MX email servers. If the server accepts your email and if you ultimately get the email on your own email server, then things are working FINE.