-   Linux - Server (
-   -   Sendmail - where to start (

Deluka 08-02-2009 04:11 AM

Sendmail - where to start
Where do i begin with sendmail ?
From what I've been reading sendmail is one of the oldest and strongest mail servers around.
Just a tiny bit hard to setup.
I wanna set it up, but really have no idea where to begin.
Having a dynamic IP, I checked my port 25 and from what i can tell my ISP is blocking it.
Is there someone how had the same problems and has a mail server running.
Some help would be welcome

repo 08-02-2009 07:28 AM


I wanna set it up, but really have no idea where to begin.
A good start would be

Deluka 08-02-2009 08:20 AM

Been there.:)
And done viewed some others how2 to
For as far as i can tell it could work.


dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/, you will need to regenerate the
dnl # /etc/mail/ file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #    /etc/mail/make
dnl #
VERSIONID(`setup for linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `12')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl #
dnl define(`SMART_HOST', `')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #    cd /etc/pki/tls/certs; make sendmail.pem
dnl # Complete usage:
dnl #    make -C /etc/pki/tls/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 20.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl #DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from
dnl #
dnl MASQUERADE_AS(`')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just, but @* as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
dnl MAILER(cyrusv2)dnl

Its a really default setup so far
This is what i get back when i try to send something


Deferred: Connection reset by
Deferred: Connection timed out with

repo 08-02-2009 08:24 AM

If port 25 is blocked, you can only use smarthost.

dnl define(`SMART_HOST', `')dnl

Deluka 08-02-2009 08:36 AM

Nope noting so far still keep getting the same error.
I could be wrong but don't i need to define a User account and Pass before the relay server from skynet will accept my connection ?

repo 08-02-2009 08:48 AM

You need to use a connection from skynet.
What is the smtp server you where given by skynet?
Seems to me there is a problem with and


Connection timed out with
It tries to deliver to, but gets a timeout
I would suggest to start with a basic setup and go from there

Deluka 08-02-2009 08:52 AM

Yes thinking about that to.
To start over from 0.
How do i reset sendmail to its default settings?

repo 08-02-2009 09:02 AM

Depends on your distribution.
You did backup the original /etc/mail/ file?

You could completely remove sendmail, (purge all the conf files) and reinstall.

Just my 2 cents, I would use exim instead of sendmail.

Deluka 08-03-2009 01:02 AM

Hey Repo

I see you also reside in Belgium.
May i ask do you have a mail server running?
I'm trying to get one up under windows as it is more noob proof.
Learning to crawl before i start to walke
But no go there either.
Using this port scanner i checked to see whats open and whats not.
It seems if ports 25 and 110 are open but it seems there locked?
That they closed 25 i can understand that but why would they close 110 ?

For as far as i now
25 is the default port for SMTP - sending
110 for receiving.

I'm trying to send email put nothing is coming in.
The ports are forwarded to the server inside my router and firewall.

repo 08-03-2009 03:14 AM


I used to run a mail server, when I was working on the support department of a ISP, and had 2 fixed IP's.
Since I left, I have a dynamic IP, and don't run a mailserver anymore, since most SMTP servers don't accept
connections from a dynamic IP, and the cost to run a server 24/7 are to high :-)
Now I use the SMTP from gmail to send mails, so I can sent mail, whatever connection I use
(at home, with friends, on holiday)

For the record, I always used exim, never used sendmail.

I can see your webserver, ftpserver and ssh is working.
However, no connection on port 25 or 110

25 is the default port for SMTP - sending
110 for receiving.
25 is the defaul port for sending and recieving.
The external SMTP server will connect to your port 25 in order to deliver mail, you will connect via port 25 in order to send mail.
110 is the port to pop mail from your server

If you want to use as your domain, you need to make sure the MX records of that domain point to your server, you need to setup reverse DNS, meaning the domain needs to point to the IP, and the IP needs to point back to the domain.
Most SMPT server do a check for that.
Also you need to setup a backup MX, in case your server, or the connection goes down.
A portscan shows:

cannabis:/home/repo# nmap -P0
Starting Nmap 4.68 ( ) at 2009-08-03 09:12 CEST
Interesting ports on (
Not shown: 1711 filtered ports
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
1723/tcp closed pptp
Nmap done: 1 IP address (1 host up) scanned in 234.319 seconds
cannabis:/home/repo# has no MX records setup


cannabis:/home/repo# host has address mail is handled by 0

I don't know if you can change the DNS records for
And I don't know if you can use dyndns to send and recieve mail.

In short, most SMTP servers refuse connections from dynamic IP's, and they check for reverse DNS
Another problem, if your IP changes, and that IP is blacklisted somewhere for sending SPAM, due to an infection of that computer, your mailserver is blacklisted at that moment also, until you change IP.

You can see if your hosting provider has an option to forward all mail from your domain to an emailaddress.
I can forward all mail from my domain to my gmail account, or create aliasses so only certain users are forwarded,

FYI, take a look at edpnet, they offer a connection from 24 Mbps/1024 kbps, traffic 100 GB, and they block no ports for 29,95 euro/month

Good luck

Deluka 08-03-2009 03:39 AM

Thanks Repo
This is really some information that i can use.
I also found out that has no MX record.
This is really strange because this is the mail/web server i'm renting.
And my mail and everything else works fine there.
The tools they provide tells me that the "" mx record is pointing to my servers IP.
So i'm almost a 100% sure that part is working fine.
But since port 25 is blocked its seems a will need to activate a "mail hopper" service to redirect port 25 to a none default port.
This will cost me about €25 a year with DynDNS.
In the total cost of my studies now that is nothing.
Working to get my CompTIA A+ (finals in sep.), Server+, Network+ and CCNA.:)
Never the less thanks for your time and the all off the information you have been providing.

All times are GMT -5. The time now is 09:24 PM.