Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 22. Software -Server/Mail NetworkNext

22.5. Build and Tweak Sendmail

Now that our macro configuration file sendmail.mc is created, we can build the sendmail configuration file sendmail.cf from these statements with the following commands: 

           [root@deep] /# cd /var/tmp/sendmail-version/cf/cf/
           [root@deep ]/cf# m4 ../m4/cf.m4 sendmail.mc > /etc/mail/sendmail.cf

Note: Here, the ../m4/cf.m4 tells m4 program where to look for its default configuration file information.

22.5.1. The null.mc file

Since our local clients machines never receive mail directly from the outside world, and relay, send all their mail through the Mail Hub server, we will create a special file called null.mc which, when later processed, will create a customized sendmail.cf configuration file that responds to this special setup for our neighbour or local server client machines. This m4 macro file is simple to create and configure because it doesn't need a lot of features, as the configuration file -sendmail.mc, for the Central Mail Hub server did.

Caution

The null.mc file is for the local or neighbour client and server machines only

  1. Create the null.mc file, touch /var/tmp/sendmail-version/cf/cf/null.mc and add the following lines: 
    
             OSTYPE(`linux')dnl                        (1)
           DOMAIN(`generic')dnl                        (2)
           FEATURE(`nullclient',`mail.openna.com')dnl  (3)
           undefine(`ALIAS_FILE')dnl                   (4)

    (1)
    This configuration option specifies the default operating system Sendmail will be running on, in our case, the linux system. This item is one of the minimal pieces of information required by the mc file.
    (2)
    This configuration option will specify and describe a particular domain appropriated for your environment.
    (3)
    This m4 macro sets your clients machines to never receive mail directly, to send their mail to a Central Mail Hub, and relay all mail through that server rather than sending directly. This feature creates a stripped down configuration file containing nothing but support for forwarding all mail to a Mail Hub via a local SMTP-based network. The argument `mail.openna.com' included in this feature is the canonical name of that Mail Hub. You should, of course, change this canonical name to reflect your Mail Hub Server for example: FEATURE(`nullclient',` my.mailhub.com').
    (4)
    This configuration option prevents the nullclient version of Sendmail from trying to access /etc/mail/aliases and /etc/mail/aliases.db files. With the adding of this line in the .mc file, you don't need to have an aliases file on all your internal neighbor client Sendmail machines. Aliases files are required only on the Mail Hub Server for all server and client aliases on the network.

    Tip: We advice that with this kind of configuration, no mailers should be defined, and no aliasing or forwarding is done.

  2. Now that our macro configuration file null.mc is created, we can build the Sendmail configuration file sendmail.cf from these statements in all our neighbor servers, and client machines with the following commands: 
    
           [root@deep] /# cd /var/tmp/sendmail-version/cf/cf/
           [root@deep ]/cf# m4 ../m4/cf.m4 null.mc > /etc/mail/sendmail.cf

  3. No mail should ever again be delivered to your local machine. Since there will be no incoming mail connections, you no longer needed to run a Sendmail daemon on your neighbor or local server, client machines. To stop the Sendmail daemon from running on your neighbor or local server, or client machines, edit or create the /etc/sysconfig/sendmail file and change/add the lines that read: 
    
           DAEMON=yes
           To read:
           DAEMON=no
           And:
           QUEUE=1h

    Note: The QUEUE=1h under /etc/sysconfig/sendmail file causes Sendmail to process the queue once every 1 hour. We leave that line in place because Sendmail still needs to process the queue periodically in case the Mail Hub is down.

  4. Remove the following files from your system, use the following command: 
    
           [root@client /]# rm  -f  /usr/bin/newaliases
           [root@client /]# rm  -f  /usr/man/man1/newaliases.1
           [root@client /]# rm  -f  /usr/man/man5/aliases.5

    Note: Local machines never use aliases, access, or other maps database. Since all map file databases are located and used on the Central Mail Hub Server for all local machines we may have on the network, we can safety remove the following commands and man pages from all our local machines.

    • /usr/bin/newaliases

    • /usr/man/man1/newaliases.1

    • /usr/man/man5/aliases.5

  5. Remove the unnecessary Procmail program from your entire local Sendmail server or client. Since local machines send all internal and outgoing mail to the mail Hub Server for future delivery, we don't need to use a complex local delivery agent program like Procmail to do the job. Instead we can use the default /bin/mail program. To remove Procmail from your system, use the following command: 
    
           [root@client ]# rpm -e procmail

PrevHomeNext
The /etc/sendmail.mc file /Central Mail HubUpThe /etc/mail/access and access.db files