Sendmail is a powerful and flexible Mail Transfer Agent (MTA) used to route and deliver email on Unix-based systems. It is known for its reliability and configurability, making it a preferred choice for mail servers. This guide provides a step-by-step process to install, configure, and secure Sendmail on your server.
Benefits of Using Sendmail
- Highly Configurable: Supports complex routing and policy configurations.
- Scalability: Suitable for both small and large-scale mail delivery systems.
- Compatibility: Works seamlessly with other mail tools like SpamAssassin and ClamAV.
- Security: Offers TLS encryption and access controls to secure communications.
Prerequisites
- A Unix/Linux-based system (e.g., Ubuntu, CentOS, or Debian).
- Root or sudo access.
- Basic knowledge of Linux command-line operations.
Step 1: Installing Sendmail
On Ubuntu/Debian
sudo apt update sudo apt install sendmail
On CentOS/RHEL
sudo yum install sendmail sendmail-cf m4
Step 2: Configuring Sendmail
1. Check Sendmail Configuration
The main configuration file for Sendmail is located at:
/etc/mail/sendmail.mc
2. Customize the Configuration
Open the sendmail.mc
file for editing:
sudo nano /etc/mail/sendmail.mc
To enable mail relay for a specific network (e.g., 192.168.1.0/24), add the following line:
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl FEATURE(`access_db')dnl LOCAL_NETS(`192.168.1.0/24')dnl
Save and exit the editor.
3. Compile the Configuration
Use the m4
macro processor to apply changes:
sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
Step 3: Setting Up Access Control
Edit the access file to define allowed or denied email addresses and domains:
sudo nano /etc/mail/access
Example entries:
# Allow local network 192.168.1 RELAY # Block spam domain spammer.com REJECT
Update the access database:
sudo makemap hash /etc/mail/access < /etc/mail/access
Step 4: Configuring DNS for Sendmail
Ensure you have correct MX and A records for your domain. Example example.com
zone:
example.com. IN MX 10 mail.example.com. mail IN A 192.168.1.100
Verify DNS setup:
dig MX example.com
Step 5: Enabling and Starting Sendmail
Enable Sendmail to start on boot:
sudo systemctl enable sendmail
Start the Sendmail service:
sudo systemctl start sendmail
Check the status:
sudo systemctl status sendmail
Step 6: Testing Sendmail
Send a test email:
echo "Test email" | mail -s "Sendmail Test" user@example.com
Check mail logs for issues:
tail -f /var/log/maillog
Step 7: Securing Sendmail
Enable TLS Encryption
- Generate a TLS certificate (using Let’s Encrypt or OpenSSL).
- Edit
/etc/mail/sendmail.mc
and add:
define(`confCACERT_PATH', `/etc/ssl/certs')dnl define(`confCACERT', `/etc/ssl/certs/ca-certificates.crt')dnl define(`confSERVER_CERT', `/etc/ssl/certs/sendmail-cert.pem')dnl define(`confSERVER_KEY', `/etc/ssl/private/sendmail-key.pem')dnl
- Rebuild configuration:
sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf sudo systemctl restart sendmail
Restrict Open Relay
Ensure only authorized networks can relay emails:
FEATURE(`relay_entire_domain')dnl
Step 8: Troubleshooting Sendmail
- Verify configuration:
sendmail -d0.1 -bv root
- Check logs:
tail -f /var/log/maillog
- Test mail sending and delivery:
echo "Test" | mail -s "Test Email" user@example.com
Conclusion
Setting up Sendmail involves installation, configuration, and applying security best practices. With the steps outlined above, you can deploy a secure and reliable mail server to handle your email traffic effectively.