Sendmail setup using generic placeholders for easy adaptation across environments. All outbound mail relays through your SMTP server while masquerading as the corporate domain.
Prerequisites
- RHEL 8/9, CentOS 8/9
- Root or sudo access
- Network access to <smtp_server> on port 25
- Replace <smtp_server> and <smtp_client_server> with actual hostnames before deployment
1: Install and Enable Packages
dnf update -y || yum update -y
dnf install -y s-nail sendmail sendmail-cf m4 || yum install -y s-nail sendmail sendmail-cf m4
systemctl enable --now sendmail
systemctl status sendmail
dnf update -y || yum update -y
dnf install -y s-nail sendmail sendmail-cf m4 || yum install -y s-nail sendmail sendmail-cf m4
systemctl enable --now sendmail
systemctl status sendmail
2: Configure sendmail.mc
vi /etc/mail/sendmail.mc
Add these configuration lines (append to end, before final dnl):
define(`SMART_HOST', `<smtp_server>')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 25')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`example.com')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_DOMAIN(`<smtp_client_server>')dnl
FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
vi /etc/mail/sendmail.mc
Add these configuration lines (append to end, before final dnl):
define(`SMART_HOST', `<smtp_server>')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 25')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`example.com')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_DOMAIN(`<smtp_client_server>')dnl
FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
3: Generate Configuration Files
cd /etc/mail
cp sendmail.mc sendmail.mc.backup # Backup original
m4 sendmail.mc > sendmail.cf
newaliases # Rebuild aliases database
Before running m4, substitute placeholders if needed:
sed -i "s/<smtp_server>/your.actual.smtp.server/g" /etc/mail/sendmail.mc
sed -i "s/<smtp_client_server>/your.actual.client.server/g" /etc/mail/sendmail.mc
cd /etc/mail
cp sendmail.mc sendmail.mc.backup # Backup original
m4 sendmail.mc > sendmail.cf
newaliases # Rebuild aliases database
Before running m4, substitute placeholders if needed:
sed -i "s/<smtp_server>/your.actual.smtp.server/g" /etc/mail/sendmail.mc
sed -i "s/<smtp_client_server>/your.actual.client.server/g" /etc/mail/sendmail.mc
4: Security and Firewall Setup
# Firewall (firewalld)
firewall-cmd --permanent --add-service=smtp --add-port=25/tcp
firewall-cmd --reload
# SELinux adjustments (if enforcing)
setsebool -P httpd_can_sendmail 1
setsebool -P sendmail_can_write_config 1
# Restrict to local submissions only
echo "O DaemonOptions=Port=smtp,Addr=127.0.0.1, Name=MTA" >> /etc/mail/sendmail.cf
# Firewall (firewalld)
firewall-cmd --permanent --add-service=smtp --add-port=25/tcp
firewall-cmd --reload
# SELinux adjustments (if enforcing)
setsebool -P httpd_can_sendmail 1
setsebool -P sendmail_can_write_config 1
# Restrict to local submissions only
echo "O DaemonOptions=Port=smtp,Addr=127.0.0.1, Name=MTA" >> /etc/mail/sendmail.cf
5: Restart and Verify
systemctl restart sendmail
systemctl status sendmail
ss -tlnp | grep :25 # Verify listening on localhost:25
systemctl restart sendmail
systemctl status sendmail
ss -tlnp | grep :25 # Verify listening on localhost:25
6: Test Email Delivery
# Basic test
echo "Test message from $(hostname -f) at $(date)" | mail -s "Sendmail Configuration Test" sysadm@example.com
# Test with full headers
echo -e "Subject: Detailed Test\nFrom: $(hostname) <root@$(hostname -d)>\nTo: sysadm@example.com\n\nServer: $(uname -a)" | sendmail -v sysadm@example.com
# Monitor logs
tail -f /var/log/maillog
# Basic test
echo "Test message from $(hostname -f) at $(date)" | mail -s "Sendmail Configuration Test" sysadm@example.com
# Test with full headers
echo -e "Subject: Detailed Test\nFrom: $(hostname) <root@$(hostname -d)>\nTo: sysadm@example.com\n\nServer: $(uname -a)" | sendmail -v sysadm@example.com
# Monitor logs
tail -f /var/log/maillog
Troubleshooting Common Issues
| Issue | Symptoms in /var/log/maillog | Solution |
|---|---|---|
| Relay access denied | relay access denied | Verify <smtp_server> accepts your IP; test telnet <smtp_server> 25 |
| Hostname resolution | Name server timeout | Add <smtp_client_server> $(hostname) to /etc/mail/local-host-names |
| Masquerade failure | Emails show internal hostname | Check MASQUERADE_AS matches relay requirements |
| m4 syntax error | m4: cannot open file | Verify all dnl line endings; restore from backup |
| Queue buildup | mailq shows deferred | sendmail -q -v; check smart host connectivity |
Production Validation Commands
# Verify masquerading works
echo "test" | mail -s "Masquerade test" external@example.com
# Check queue
mailq | tail
# Test local delivery
echo "Local test" | mail -s "Local" root@localhost
# Comprehensive relay test
telnet <smtp_server> 25 << EOF
EHLO $(hostname)
MAIL FROM: <test@example.com>
RCPT TO: <sysadm@example.com>
DATA
Subject: Telnet Test
.
QUIT
EOF
# Verify masquerading works
echo "test" | mail -s "Masquerade test" external@example.com
# Check queue
mailq | tail
# Test local delivery
echo "Local test" | mail -s "Local" root@localhost
# Comprehensive relay test
telnet <smtp_server> 25 << EOF
EHLO $(hostname)
MAIL FROM: <test@example.com>
RCPT TO: <sysadm@example.com>
DATA
Subject: Telnet Test
.
QUIT
EOF
No comments:
Post a Comment