LPI Linux Certification in a Nutshell (55 page)

Sendmail

Sendmail was one of the first MTAs used on Unix
systems. It was derived from the original program “delivermail,”
which shipped with an early version of BSD Unix in 1979. Sendmail
has grown over the years into quite a complicated program—as
evidenced by the O’Reilly book
sendmail
,
Fourth Edition
, which weighs in at a whopping 1,312
pages—and is often quite challenging to configure correctly. That
fact, combined with the history of security vulnerabilities that
have plagued sendmail over the years, has caused its popularity to
decrease over the last decade.
Although
most major Linux
distributions provide a package for sendmail, none of them currently
ship with sendmail as the default MTA.

Postfix

Postfix was originally designed in the late 1990s as a
more secure alternative to sendmail. It shares many of the same
configuration options as sendmail, but does not share any code. At
the time of this writing, postfix is currently very popular in the
Linux world, and is the default MTA shipped with the most popular
Linux distributions.

Qmail

In response to the increasing number of security
incidents involving MTAs, qmail was developed in the mid 1990s to be
as secure as a mail transfer agent can be. Qmail is small,
efficient, and secure, making it a popular choice for
resource-strapped systems. However, qmail has not been actively
developed since 1997, and its lack of support for modern options
such as IPv6 has limited its usefulness. Qmail still enjoys an
active following, but is not commonly seen on newer Linux
distributions.

Exim

Exim is another example of an MTA that was developed
in direct response to the security issues with sendmail. For this
reason, it is essentially a drop-in replacement for sendmail. It is
designed to be a general-purpose mailer for Unix-like systems, and
is widely used in relatively high-volume environments. It was
originally written in 1995 and still enjoys active development to
this day. Exim is currently the default MTA for the Debian GNU/Linux
distribution.

The overall configuration of sendmail is beyond the scope of this
book and the LPI 102 test. We will instead focus on email address
aliasing and mail forwarding, in addition to monitoring logfiles and
basic troubleshooting.

Sendmail is a monolithic tool, with a single binary handling the
sending and receiving of Internet email. For the purposes of this
chapter, we will assume Simple Mail Transport Protocol (SMTP) email, but
sendmail supports many other types of mail relaying.

By default, sendmail will listen for an incoming SMTP connection
(on TCP port 25). When a connection is received, sendmail starts the
SMTP conversation and accepts the email. It checks addresses and domains
for validity, honors aliasing and mail forwards, and then hands the mail
off to a local delivery agent for local processing. Sendmail logs all
activity through the
syslog
service, which is
normally configured to store mail-related logs in the file
/var/log/maillog
. Here is an example of
verifying a sendmail instance and sending a test mail.

#
netstat -anpl --tcp | grep sendmail
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN \
1847/sendmail: accepting connections
#
ls -l /var/spool/mail/adamh
-rw-rw---- 1 adamh mail 0 2009-04-24 01:23 /var/spool/mail/adamh
#
echo "This is a test email" | mail adamh
#
ls -l /var/spool/mail/adamh
-rw-rw---- 1 adamh mail 689 2010-02-07 13:21 /var/spool/mail/adamh
#
tail /var/log/maillog
Feb 7 13:22:42 server sendmail[5387]: o17JMgbM005387: from=root, \
size=32, class=0, nrcpts=1, msgid=<201002071922.o17JMgbM005387\
@server>, relay=root@localhost
Feb 7 13:22:42 server sendmail[5388]: o17JMghc005388: \
from=, size=353, class=0,nrcpts=1, \
msgid=<201002071922.o17JMgbM005387@server>, proto=ESMTP, \
daemon=MTA, relay=server [127.0.0.1]
Feb 7 13:22:42 server sendmail[5387]: o17JMgbM005387: to=adamh, \
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, \
pri=30032, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent \
(o17JMghc005388 Message accepted for delivery)
Feb 7 13:22:42 server sendmail[5389]: o17JMghc005388: \
to=, ctladdr= (0/0), \
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30607, \
dsn=2.0.0, stat=Sent
#
cat /var/spool/mail/adamh
From root@server  Sun Feb  7 13:22:42 2010
Return-Path: 
Received: from server (server [127.0.0.1])
by server (8.14.2/8.14.2) with ESMTP id o17JMghc005388
for ; Sun, 7 Feb 2010 13:22:42 -0600
Received: (from root@localhost)
by server (8.14.2/8.14.2/Submit) id o17JMgbM005387
for adamh; Sun, 7 Feb 2010 13:22:42 -0600
Date: Sun, 7 Feb 2010 13:22:42 -0600
From: root 
Message-Id: <201002071922.o17JMgbM005387@server>
To: adamh@server
This is a test email

In this example, we verified that sendmail was listening on TCP
port 25, and we used the standard Linux command
mail
to send an email address through sendmail.
Sendmail saves mail to
/var/spool/mail/
$username
by default, so we saw the size of
/var/spool/mail/adamh
increase from
0 bytes to 689 bytes. Viewing this file shows us the mail header
information that sendmail stores in this file, which is in “mbox”
format. Finally, we saw what mail logging looks like by examining the
file
/var/log/maillog
.

The
mail
command can be used to both
send mail and read mail that is stored in mbox format. The easiest way
to send mail is by piping it to the
mail
command,
as shown in the previous example. The
mail
command
has many other options, and is a useful command to have in your arsenal.
This command is not sendmail-specific, and is designed to work with any
standards-compliant MTA.

Postfix was created as a replacement for sendmail, and
therefore it maintains a mostly “sendmail-compatible” interface. In most
cases, postfix can act as a drop-in replacement for sendmail, and
scripts that had called sendmail directly with various command-line
options will continue to work. Postfix accomplishes this by including
with its distribution a program called
/usr/sbin/sendmail
, which exists to act as a
“bridge” between calls to sendmail and the postfix utility. Because of
this, many of the commands you are used to in sendmail will work with
postfix:

#
which sendmail
/usr/sbin/sendmail
#
for file in /usr/sbin/sendmail /usr/bin/mailq /usr/bin/newaliases; { echo -n
"$file: " && rpm -q --whatprovides ${file}; }
/usr/sbin/sendmail: postfix-2.3.2-32
/usr/bin/mailq: postfix-2.3.2-32
/usr/bin/newaliases: postfix-2.3.2-32

The postfix system is made up of a number of different
applications, as opposed to the monolithic nature of sendmail. The main
program is
/usr/lib/postfix/master
, which is the
daemon that listens on TCP port 25 for incoming SMTP connections and
accepts mail. Other applications are listed in
Table 17-1
. These applications live in
/usr/lib/postfix/
unless otherwise
indicated.

Qmail is similar to postfix in that it was designed as a
sendmail replacement and is a collection of smaller programs instead of
one large one. The design goal behind Qmail is security, so often the
smaller programs will run as lower-privileged users. Some of the more
common
Qmail programs are listed in
Table 17-2
.

Qmail also handles sendmail compatibility in ways similar to
postfix. Qmail comes with the program
/var/qmail/bin/sendmail
, which is designed to take
the same
command
-line options that
sendmail takes and pass them to qmail. The program
dot-forward
is used to read a user’s
.forward
file, and the program
fastforward
will read the sendmail
/etc/aliases
file. More information
on qmail can be found at the
author’s site
.