The problem

This document explains how to configure sendmail to route all mail generated by /usr/sbin/sendmail or local mail on a host through James on the same host, including mail to local addresses without @host.

All sendmail configuration file locations are for Redhat Linux 7.2, other installations may have different locations.

We take no responsibility for the quality of the information in this document.

You should back-up any configuration files *before* you alter them.

Solution

Step 1: Stop sendmail from running as an SMTP daemon

Ok so you want to use James for everything, including delivering mail from localhost to local users.

Well the first step is to stop sendmail from starting up as the SMTP Daemon on port 25, otherwise it will route mail to itself and who knows what will happen then.

Open the sendmail configuration file /etc/sysconfig/sendmail Change the line:

DAEMON=yes
into
DAEMON=no
Restart sendmail with:
[root@apache root]# /etc/rc.d/init.d/sendmail restart
This will make sendmail process its outgoing queue, but not listen on port 25 for incoming mail.

Step 2: Set up sendmail to use relay

Ok, so far so good, now you need to tell sendmail to relay everything, regardless of its rules, through James. James will take the roles of "local relay" (destination for all unqualified local addresses), "mail hub" (destination for all qualified local addresses) and "smart relay" (destination for all other mail) for this instance of sendmail, thereby catching everything.

So open /etc/sendmail.cf and..

  • Look for the line beginning DS make this line DSesmtp:localhost
  • Look for the line beginning DR make this line DResmtp:localhost
  • Look for the line beginning DH make this line DHesmtp:localhost
Now that wasn't too hard was it?

What we have done is to tell sendmail to use its "mailer" called esmtp to relay mail using ESMTP to localhost for each role.

Of course no-one in their right mind would relay mail to localhost, because it would loop forever right?

Step 3: Stop sendmail complaining about mail apparently looping back

The developers of sendmail have, wisely, built sendmail in such a way as to prevent, by default, mail being sent by sendmail back to itself, this is done by making a quick check on outgoing mail to see if its destination is our machine. If it is you'll see this message config error: mail loops back to me when you try to send mail.

But we *want* to relay mail to localhost, and because sendmail isn't receiving our mail, James is, we won't be creating a loop. (make sure you've followed step one though).

So open /etc/sendmail.cf again and go to the bottom of the file, start scrolling upwards until you see the declaration of the esmtp mailer it'll look something like this
Mesmtp,     P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
        T=DNS/RFC822/SMTP,
        A=TCP $h
You need to change it so its more like this: :-D
Mesmtp,     P=[IPC], F=kmDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
        T=DNS/RFC822/SMTP,
        A=TCP $h
But seriously, we've added a k to the "F=" list F=mDFMuXa becomes F=kmDFMuXa

And again, thats it, sendmail will now skip the loopback test on mail leaving through the esmtp mailer. Now you have to make some tests.

Try each of the following, replace names in [] with names of the kind described.
/[root@apache root]# mail -v [real-localusername]

[root@apache root]# mail -v [nonexistant-localusername]

[root@apache root]# mail -v [real-localusername]@localhost

[root@apache root]# mail -v [real-localusername]@[myhostname.mydomainname]

[root@apache root]# mail -v [real-username]@[real-remote-account]
Sendmail echoes each conversation to STDOUT so you can see what its trying to do with each mail.

Step 4: If that wasn't enough James requires SMTP AUTH

SMTP AUTH is a different Kettle of Fish.

The scenario is that you're using SMTP AUTH on James to restrict SMTP relaying to authenticated users, allowing them to connect from any IP address but still not letting James become an open relay for spam, cool.

However you now want to let sendmail relay through James, so you need to tell it how to authenticate.

So open /etc/sendmail.cf again and this time..

  • Look for the line beginning O AuthMechanisms= If this line is commented out with a leading #, remove the # then make sure LOGIN and PLAIN are at the beginning of this line like this O AuthMechanisms=LOGIN PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
  • Look for the line beginning O DefaultAuthInfo= If this line is commented out with a leading #, remove the # then make this line O DefaultAuthInfo=/etc/mail/default-auth-info
  • Create a user account on James for sendmail to login as.
  • Create the file /etc/mail/default-auth-info
  • It should contain this
    username
    username
    password
    localhost
    Yes the username appears twice.
  • Replace username and password with the details of the account you just created.
  • This file has to be chmod'ed 600 (-rw------) or sendmail won't read it.
  • Look for the line beginning O AuthOptions= If this line is commented out with a leading #, remove the # and it should be O AuthOptions=A

Ta-da!

Now you're ready to run the tests in Step3, all of the mail should be accepted, the most likely rejection will be the final one.
Thats it, good luck and happy mailing :)

Danny Angus