Table of contents
Applications used
Related links
- Orelly's Sendmail Handbook
- FreeBSD Handbook about Sendmail
- Spam SMTP Reply Code Proposal
- Wikepedia about greylisting
Related articles
Transfer e-mail
Howto transfer mail with sendmail, a mail transfer agant (MTA), and using milter software to reject mail identified as spam or containing a virus.
Intruduction
E-mail is one of the largest and popular applications of the internet. The primairy support channel of FreeBSD exists of a large nummer of mailling lists. I found the support I got from other users very helpfull when I was new to this OS. You need to be able to sendmail if you like to use this great service. On this page I'll talk about how to configure FreeBSD to send mail.
At this point I like to point you to two related articles incase you where looking for those. The first all about howto read e-mail using mutt and the second about howto retrieve e-mail using pop3.
Sendmail
Sendmail is a mail transfer agent (MTA) that comes installed with FreeBSD out of the box. Sendmail needs to be enabled in /etc/rc.conf if you want it to start during boot time.
echo 'sendmail_enable="YES"' >> /etc/rc.conf
The configuration filename depends on the name of the computer and ends with a .mc extention. Open the file /etc/mail/computer_domain_name.mc in you editor. Note: comments within this file start with dnl instead of the usual # mark!
During this tutorial your instructed to insert some lines in to the configuration. These should go before any MAILER(*) lines in order to work.
The first thing I like to do is check the settings executing the command 'sendmail -d0.1 -bt < /dev/null'. You'll see something like the following.
Version 8.13.6 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = this (canonical domain name) $j = this.example.net (subdomain name) $m = example.net (node name) $k = this.example.net ========================================================
This tells you what has bin compiled in to sendmail. MILTER is required since the configuration will depend on milters. NAMED_BIND is, on the other hand, optional.
You should then make sure that the canonical domain name is a existing fully qualified domain name (FQDN) with a reversie DNS (domain name serverces) entry. (i.e. ping 1.2.3.4 resolves to this.example.net.)
You can change the canonical domain name in /etc/rc.conf or you DNS server (provided you see the term NAMED_BIND). If you don't want this then you could also defining confDOMAIN_NAME in the sendmail configuration file.
define(`confDOMAIN_NAME', `this.example.com')
The following two lines enable you to send mail from the command line without the need to provide the from adress. The from adress will then contain user@example.net.
MASQUERADE_AS(`example.net') FEATURE(`masquerade_envelope')
You may like sendmail to work as a mail server for other computer in you network.
echo '192.168. RELAY' >> /etc/mail/accepts
Some provider block direct SMTP traffic to there clients computers to fight spam, but require you to forward mail to there mail server. Outbount traffic can be forwarded by setting up the smart host variable.
define(`SMART_HOST', `mail.isp.com')
For inbound traffic you need to set the SMTP server of you provider as the second backup in your DNS server.
example.com MX 10 mail.example.com example.com MX 20 mail.isp.com mail.example.com A 213.10.x.y
If you like to recieve mail you need to tell sendmail the host names it must handle (read store).
echo 'example.com' >> /etc/mail/local-host-names echo 'this.example.com' >> /etc/mail/local-host-names echo 'example.net' >> /etc/mail/local-host-names
I'll advise you to test the configuration at this point. Please go to the the Finshing Touches section for this.
Scan for spam
Spam is unsolicited mail send in mass quantities and is a common problem these days. SpamAssassin is a very accurate tool to identify mails that are spam. In all the years I've learned to trust this tool blind. The very few cases where it misidentified mail where caused because the mail server where used to send spam. The port spamass-milter build up on SpamASsassin. The following commands will install this tool.
cd /usr/ports/mail/spamass-milter/ make config && make install && make clean rehash
You need to make sure spamd and spamass-milter are started during boot. The following commands will do that and need to be run as root.
echo 'spamd_enable="YES"' >> /etc/rc.conf
echo 'spamass_milter_enable="YES"' >> /etc/rc.conf
echo 'spamass_milter_flags="-f -r 10 -p ${spamass_milter_socket}"' >> /etc/rc.conf
spamd -c -d -r /var/run/spamd/spamd.pid
spamass-milter -f -r 10 -p /var/run/spamass-milter.sock
The last line will tell spamass-milter when it should reject spam. In this example that happens when the score is equal or greater than 10. Spam with a lower score is still being deliverd. SpamAssassin tag mail as spam at a default of 5.
When SpamAssassin indentifies a mail as spam it, by default, creates a new mail containing a report and the orginal mail as an attachement. You can change this by setting report_safe to 0 or 2. The first will change the headers of orginal mail instead and the later will instruct SpamAssassin do this for all mails.
echo 'report_safe 0' >> /usr/local/etc/mail/spamassassin/local.cf
Next add the following two lines to your sendmail configuration file.
define(`confMILTER_MACROS_CONNECT',`b, j, _, {daemon_name}, {if_name}, {if_addr}')
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')
I'll end this section with the advise to test the configuration at this point. Please go to the the Finshing Touches section for this.
Scan for viruses
Another problem you may face is recieving virusses though you mail. This is mostly a problem for Windows computer. Still you might retrieve mails that are read by Windows users. I've installed a virus scanner just to be on the safe side. Just so I don't forward virussus to my Windows friends.
ClamAV
If you have installed clamav previously then you need to check if compiled it with the milter option. If this is not the case then you need to deinstall clamav before you can install it again. Ofcourse if you did compile it with the milter option then you are free to skip this part .
If you have not installed clamav previously then you need to make sure you check the milter option during the configuration.
cd /usr/ports/security/clamav make config make deinstall (you must ignore this if you have not installed previously) make install && make clean rehash
Again you need to make sure clamd is started during boot. The following commands will do that.
echo 'clamav_clamd_enable="YES"' >> /etc/rc.conf echo 'clamav_freshclam_enable="YES"' >> /etc/rc.conf clamd
ClamAV milter
You can continue from this point if you previously installed clamav with the milter option on. You've already made sure that clamd was started during boot, now we are doing that for the milter part to.
echo 'clamav_milter_enable="YES"' >> /etc/rc.conf clamav-milter -P -l -o -T 0 -m 50
Next add the following to the mail sendmail configuration file.
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')
I'll end this section with the advise to test the configuration at this point. Please go to the the Finshing Touches section for this.
Finishing Touches
At this point you should make sure that the sendmail configuration file ends with the MAILER(*) lines. Afther you have done this then you can build and install the configuration file and start/restart sendmail. Please change start to restart in the example if you like to restart.
cd /etc/mail/ make && make install && make start
You can test if you configuration works by executing the following commands.
echo 'test' -s test1 your@example.com -fyour@example.net echo 'test' -s test2 your@example.com
The configuration worked if you usaly recieve these mails within 5 minutes. The second test should also appear from your at example.net just like the first, if you set the masqurate and envolope. Warning: If you didn't recieve the two mails then its wise to reverse the changes you made to prevent any mail losses.
At this point you may like to continue to exand the configuration file at Scan for spam, Scan for viruses.
Final notes
I like to encourage you to contact me, if you have feedback about this howto. I can be contact my though the feedback link on top.
