Sendmail

Everyone knows that Sendmail is huge and scary. But if someone explains you in details, you figure out you can master it.

I don't work heavily with Sendmail, although I may in future. So I write this article that can help me if I need to remind myself with some details about Sendmail (hence this is more theoretical article with some examples on Solaris).

Most companies nowadays use Microsoft Exchange (for storing users' emails), but Sendmail is still present as relay between Exchanges. There are tons of ways how this is implemented, like inbound and outbound relays, etc, etc.

Sendmail can work as MTA and MSP. For each of them Sendmail uses separate configuration files and command line options.

Mail Transfer Agent (receiving and processing emails that comes from other systems, listening on port TCP/25)
Message Submission Process (uses SMTP to submits emails from local users or cron jobs to defined MTA, which is usually MTA on same machine)

MTA (Mail Transfer Agent)

Here are sendmail processes on the test machine.

> ps -ef | grep sendmail
    root  4236 29935   0 08:54:37 pts/2       0:00 grep sendmail
   smmsp   367     1   0   Sep 30 ?           0:03 /usr/lib/sendmail -Ac -q15m
    root   362     1   0   Sep 30 ?           0:49 /usr/lib/sendmail -bd -q15m

I look at line with arguments "-bd -q15m". Things that tell me this is MTA process:

Root is the owner of the process
The switch -b defines operational mode and here is d, so -bd means the daemon listening on tcp/25 port for INCOMING emails
Incoming emails that can't be delivered immediately, sendmail puts in the queue (directory /var/spool/mqueue), so -q15m says : try to re-deliver these emails every 15 minutes.

The default configuration file for MTA is sendmail.cf (say the location may be in the directory /etc/mail/cf/cf/)

Other files MTA is using are:

/etc/mail/aliases (for distribution lists, emails to non-user accounts like root, etc)
/etc/mail/local-host-names (list of domains and hostnames that are LOCAL for this MTA)
/etc/mail/relay-domains (list of REMOTE domains that are okay to get relayed emails from this MTA)
/etc/mail/mailertable (list of REMOTE domains that are okay to get forwarded emails from this MTA)

So basically, when incoming email hits MTA, MTA think about it in 2 ways:

Is it for local domain? (/etc/mail/local-host-names)
Is it for remote domain?

Remote domain I am responsible for (/etc/mail/mailertable)
Remote domain I just need to relay (/etc/mail/relay-domains)

MSP (Mail Submission Process)

> ps -ef | grep sendmail
    root  4236 29935   0 08:54:37 pts/2       0:00 grep sendmail
   smmsp   367     1   0   Sep 30 ?           0:03 /usr/lib/sendmail -Ac -q15m
    root   362     1   0   Sep 30 ?           0:49 /usr/lib/sendmail -bd -q15m

I look at line with arguments "-Ac -q15m". Things that tell me this is MSP process:

User smmsp is the owner of the process
The switch -Ac tells sendmail to behave like MSP.
The MSP sends newly created emails to MTA (most likely on the same machine), but for some reason this is not possible, the message is stored in /var/spool/clientmqueue. So -q15m says : check MTA availability every 15 minutes in order to clear the queue. Note: don't mix this with outgoing emails from MTA to outside of machine.

The default configuration file for MSP is submit.cf (say the location may be in the directory /etc/mail/cf/cf/)

The MSP and MTA is most likely same machine, but MTA can be different one. Define MTA (for MSP) in the file submit.cf (see line like D{MTAHost}[127.0.0.1] )

A life of newly created email

A new email is created (by user or by cron job)
Sendmail runs process that is a MSP now
Sendmail (in this case MSP) tries never loosing emails, so first copy message to /var/spool/clientmqueue directory
After email is safely stored, MSP contact MTA (port tcp/25)
If MTA is not available, MSP has -q15m, so try again in 15 min
If MTA is okay, it gets email, stores it to /var/spool/mqueue directory and tries to send it further (to other MTA)
Knowing that MTA stored email in its queue, the MSP removed that email from own /var/spool/clientmqueue

How MTA handles email

First choice is simple for MTA: is email local or not local.
LOCAL : Email is local if right side of email address [ right of @ ] matches:

The FQDN of machine itself
Hostname and domain names in the file /etc/mail/local-host-names

The MTA sees a username (left part of email address) and asks /etc/aliases file if there is special action for this user
If not, MTA thinks this is user on the systems and email gets delivered to user's mailbox

REMOTE : All other emails are not local, and MTA uses SMTP to route emails further

The MTA does DNS lookup of email's host/domain [ right side of @ ] and request for MX record
The MTA uses SMTP to connect to that host (from MX record)
If MTA can't get MX record, the email is discarded
After MTA sends email to remote MTA, the email is deleted from mail queue
If remote MTA is not accessible, out MTA keeps email in mail queue (default is 5 days) and tries again and again (say every 1h if -q1h)

Configuration file

None nowadays is editing (sendmail|submit).cf file. Folks use macros to create .mc file and then run them through m4 program in order to create .cf file.

Maybe like:

m4 example.mc > example.cf
cp example.cf sendmail.cf

More about LOCAL emails

The file /etc/mail/local-host-names has list of hosts/domains that are local for MTA. This file used to be called sendmail.cw. It's good it has been renamed; I guess people confuse this one with sendmail.cf. So in order to use the file local-host-names, the feature use_cw_file is needed (now you know origin of this feature).

FEATURE(`use_cw_file')

More about REMOTE emails

There are two situations here:

Remote domain I am responsible for (/etc/mail/mailertable)
Remote domain I just need to relay (/etc/mail/relay-domains)

Mailertable

The mailertable file is database where you associate remote domain with physical (or virtual) machine, where email has to be forwarded. Hence the FEATURE(`mailertable') is needed.

So if MTA gets email for user1@etcfstab.com, it will forward it to machine matteo.lazyhunter.com (using SMTP). The mailertable file should has the line :

googlyx.com smtp:matteo.lazyhunter.com

Do not forget to create 'hash' type database from this text file.

makemap hash mailertable < mailertable

This is usually used when company acquires another company but still uses acquired domain to receive emails. In above example, Lazyhunter acquired Googlux and accepts emails to the Googlux domain but sends them to email server in Lazyhunter domain.

Relays

But what if acquired company is not integrated and still uses its own email server. In this case, we can relay emails to this server. The file relay-domains should have:

etcfstab.com

So now, email sent to user1@etcfstab.com will be relayed (by Lazyhunter email server) to email server responsible for etcfstab domain.

But relay-domains file is also used for outgoing relaying. If I add line ..

10.10.10

.. this means that machines from this internal network are allowed to use our Sendmail to relay messages that are going out (to the Internet).

Back to the main page